ICP Reports Security Role

All-
Do a non-admin user have any security role in Shared Services to run ICP Reports in HFM?
Thanks
Chandu

Hi. There is no specific role for running ICP reports.
Eric

Similar Messages

SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.

Have an issue.
I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
But when user runs reports, he gets nothing:

Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.

Modified Security roles summary report

Just curious if anyone has modified the Security roles summary report to include the individual permissions object class. So for some permissioned userid or group that has the canned role Remote Tools Operator, the report would also show that Collection
has Control AMT = Yes, Read = Yes, Read Resource = Yes, and Remote Control = Yes.
Report Builder and I are not friends yet.

I'm cleaning up old post, did you figure this out, If so how?
http://www.enhansoft.com/

REPORTS SECURITY WITHIN WEBDB (setup errors)

As per WebDB and Reports 6i requirement, i
ran the two script files
D:\orant\report60\server\security
rwwwvins.sql webdb
and
D:\ORANT\REPORT60\SERVER\SECURITY\RWENABLE.SQL
Got errors while creating some package definitions..
those package include
package specs:
rw_comp_cal
rw_cpc_pm
package body:
wwv_rw_utl
wwv_rw_usr
wwv_rw_adm
rwutlsave
rwutlbuild
wwv_rwrepgen
rw_comp_cal
rw_cpc_pm
wwv_rwmanrwo
Warning: Package created with compilation errors.
No errors.
attached :spool file which had errors listed
SQL> @d:\orant\report60\server\security\rwwwvins.sql webdb
B E G I N O R A C L E R E P O R T S I N S T A L L
...start: Monday 27 December , 1999 14:53:43
Role dropped.
Role created.
old 1: grant RW_ADMINISTRATOR to &&1
new 1: grant RW_ADMINISTRATOR to webdb
Grant succeeded.
Role dropped.
Role created.
Role dropped.
Role created.
Role dropped.
Role created.
I. Extent utlobj.sql
Table dropped.
Table created.
Table dropped.
Sequence dropped.
Sequence created.
Table created.
Table dropped.
Table created.
Table dropped.
Table dropped.
Table dropped.
Table created.
Table created.
Table created.
Trigger created.
II. Extent moduleda.sql
0 rows deleted.
delete from WWV_SYS_MODULE_TYPES$ where ID >= 50 and id<60
ERROR at line 1:
ORA-02292: integrity constraint (WEBDB.WWV_MODULES$_FK) violated - child record found
delete from WWV_SYS_MODULE_GROUPS$ where ID >= 50 and id<60
ERROR at line 1:
ORA-02292: integrity constraint (WEBDB.WWV_SYS_MODULE_TYPES$_FK) violated - child record found
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
Commit complete.
Finished groups
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
Commit complete.
III. Install Oracle Reports packages
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Table dropped.
Table created.
Grant succeeded.
Package created.
No errors.
Table dropped.
Table created.
Table dropped.
Table created.
Table dropped.
Table created.
Table dropped.
Table created.
Commit complete.
Package created.
No errors.
0 rows deleted.
delete from WWV_SYS_MODULE_TYPES$ where ID >= 50 and id<60
ERROR at line 1:
ORA-02292: integrity constraint (WEBDB.WWV_MODULES$_FK) violated - child record found
delete from WWV_SYS_MODULE_GROUPS$ where ID >= 50 and id<60
ERROR at line 1:
ORA-02292: integrity constraint (WEBDB.WWV_SYS_MODULE_TYPES$_FK) violated - child record found
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_s ys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
INSERT INTO wwv_sys_module_groups$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_GROUPS$_PK) violated
Commit complete.
Finished groups
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
INSERT INTO wwv_sys_module_types$ VALUES (
ERROR at line 1:
ORA-00001: unique constraint (WEBDB.WWV_SYS_MODULE_TYPES$_PK) violated
Commit complete.
Warning: Package created with compilation errors.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Warning: Package created with compilation errors.
Errors for PACKAGE RW_COMP_CAL:
7/5 PL/SQL: Declaration ignored
8/55 PLS-00382: expression is of wrong type
Warning: Package created with compilation errors.
Errors for PACKAGE RW_CPC_PM:
7/5 PL/SQL: Declaration ignored
8/55 PLS-00382: expression is of wrong type
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Package created.
No errors.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_adm_tst FOR &&1..wwv_rw_adm_tst
new 1: CREATE PUBLIC SYNONYM wwv_rw_adm_tst FOR webdb.wwv_rw_adm_tst
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwcaljmp FOR &&1..rwcaljmp
new 1: CREATE PUBLIC SYNONYM rwcaljmp FOR webdb.rwcaljmp
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwcalsum FOR &&1..rwcalsum
new 1: CREATE PUBLIC SYNONYM rwcalsum FOR webdb.rwcalsum
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rw_comp_cal FOR &&1..rw_comp_cal
new 1: CREATE PUBLIC SYNONYM rw_comp_cal FOR webdb.rw_comp_cal
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rw_cpc_pm FOR &&1..rw_cpc_pm
new 1: CREATE PUBLIC SYNONYM rw_cpc_pm FOR webdb.rw_cpc_pm
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwfindbx FOR &&1..rwfindbx
new 1: CREATE PUBLIC SYNONYM rwfindbx FOR webdb.rwfindbx
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwpform FOR &&1..rwpform
new 1: CREATE PUBLIC SYNONYM rwpform FOR webdb.rwpform
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rwrepgen FOR &&1..wwv_rwrepgen
new 1: CREATE PUBLIC SYNONYM wwv_rwrepgen FOR webdb.wwv_rwrepgen
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwrunrpterr FOR &&1..rwrunrpterr
new 1: CREATE PUBLIC SYNONYM rwrunrpterr FOR webdb.rwrunrpterr
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwrunrpt FOR &&1..rwrunrpt
new 1: CREATE PUBLIC SYNONYM rwrunrpt FOR webdb.rwrunrpt
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwsbuser FOR &&1..rwsbuser
new 1: CREATE PUBLIC SYNONYM rwsbuser FOR webdb.rwsbuser
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_usr_tst FOR &&1..wwv_rw_usr_tst
new 1: CREATE PUBLIC SYNONYM wwv_rw_usr_tst FOR webdb.wwv_rw_usr_tst
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwutlbuild FOR &&1..rwutlbuild
new 1: CREATE PUBLIC SYNONYM rwutlbuild FOR webdb.rwutlbuild
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM rwutlsave FOR &&1..rwutlsave
new 1: CREATE PUBLIC SYNONYM rwutlsave FOR webdb.rwutlsave
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_adm FOR &&1..wwv_rw_adm
new 1: CREATE PUBLIC SYNONYM wwv_rw_adm FOR webdb.wwv_rw_adm
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_err FOR &&1..wwv_rw_err
new 1: CREATE PUBLIC SYNONYM wwv_rw_err FOR webdb.wwv_rw_err
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_usr FOR &&1..wwv_rw_usr
new 1: CREATE PUBLIC SYNONYM wwv_rw_usr FOR webdb.wwv_rw_usr
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_int FOR &&1..wwv_rw_int
new 1: CREATE PUBLIC SYNONYM wwv_rw_int FOR webdb.wwv_rw_int
Synonym created.
Grant succeeded.
Synonym dropped.
old 1: CREATE PUBLIC SYNONYM wwv_rw_utl FOR &&1..wwv_rw_utl
new 1: CREATE PUBLIC SYNONYM wwv_rw_utl FOR webdb.wwv_rw_utl
Synonym created.
Package body created.
No errors.
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY WWV_RW_UTL:
194/5 PL/SQL: Statement ignored
194/16 PLS-00382: expression is of wrong type
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY WWV_RW_USR:
436/5 PL/SQL: Statement ignored
436/16 PLS-00382: expression is of wrong type
508/5 PL/SQL: Statement ignored
508/12 PLS-00382: expression is of wrong type
547/5 PL/SQL: Statement ignored
547/12 PLS-00382: expression is of wrong type
595/5 PL/SQL: Statement ignored
595/16 PLS-00382: expression is of wrong type
659/5 PL/SQL: Statement ignored
659/16 PLS-00382: expression is of wrong type
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY WWV_RW_ADM:
157/5 PL/SQL: Statement ignored
157/16 PLS-00382: expression is of wrong type
217/5 PL/SQL: Statement ignored
217/16 PLS-00382: expression is of wrong type
272/5 PL/SQL: Statement ignored
272/16 PLS-00382: expression is of wrong type
Package body created.
No errors.
Package body created.
No errors.
0 rows deleted.
0 rows deleted.
0 rows deleted.
... HELP.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... HEADING.sql ...
... LARGEBOX.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... SECTION_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... BOX_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
...hint.sql...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
...mode.sql...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
...welcome.sql...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S0.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... S1.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S2.sql ... users and roles
1 row created.
... S3.sql ... availability
1 row created.
1 row created.
... S4.sql ... required parameters
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
...S5.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S6.sql ...
1 row created.
... S7.sql ...
1 row created.
1 row created.
Commit complete.
0 rows deleted.
0 rows deleted.
... HELP.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... HEADING.sql ...
... LARGEBOX.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... SECTION_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... BOX_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S0.sql ...
1 row created.
1 row created.
1 row created.
... S1.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S2.sql ...
1 row created.
... S3.sql ...
1 row created.
1 row created.
... S4.sql ...
1 row created.
1 row created.
... S5.sql ...
Commit complete.
0 rows deleted.
0 rows deleted.
... HELP.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... HEADING.sql ...
... LARGEBOX.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... SECTION_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... BOX_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S0.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... S1.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S2.sql ...
1 row created.
... S3.sql ...
1 row created.
1 row created.
... S4.sql ...
1 row created.
1 row created.
Commit complete.
0 rows deleted.
0 rows deleted.
... HELP.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... HEADING.sql ...
... LARGEBOX.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... SECTION_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... BOX_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S0.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... S1.sql ...
1 row created.
1 row created.
1 row created.
... S2.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S3.sql ...
1 row created.
... S4.sql ...
1 row created.
1 row created.
Commit complete.
0 rows deleted.
0 rows deleted.
... HELP.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... HEADING.sql ...
... LARGEBOX.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... SECTION_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... BOX_IMAGE.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
1 row created.
... S0.sql ...
1 row created.
1 row created.
1 row created.
1 row created.
... S1.sql ...
1 row created.
1 row created.
1 row created.
... S2.sql ...
1 row created.
... S3.sql ...
1 row created.
1 row created.
... S4.sql ...
1 row created.
... S5.sql ...
1 row created.
Commit complete.
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY RWUTLSAVE:
180/5 PL/SQL: Statement ignored
180/15 PLS-00382: expression is of wrong type
181/5 PL/SQL: Statement ignored
181/15 PLS-00382: expression is of wrong type
182/5 PL/SQL: Statement ignored
182/15 PLS-00382: expression is of wrong type
183/5 PL/SQL: Statement ignored
183/15 PLS-00382: expression is of wrong type
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY RWUTLBUILD:
0/0 PL/SQL: Compilation unit analysis terminated
1/14 PLS-00905: object WEBDB.RWUTLBUILD is invalid
1/14 PLS-00304: cannot compile body of 'RWUTLBUILD' without its
specification
Package body created.
No errors.
Package body created.
No errors.
Package body created.
No errors.
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY WWV_RWREPGEN:
1122/5 PL/SQL: Statement ignored
1122/23 PLS-00382: expression is of wrong type
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY RW_COMP_CAL:
0/0 PL/SQL: Compilation unit analysis terminated
1/14 PLS-00905: object WEBDB.RW_COMP_CAL is invalid
1/14 PLS-00304: cannot compile body of 'RW_COMP_CAL' without its
specification
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY RW_CPC_PM:
0/0 PL/SQL: Compilation unit analysis terminated
1/14 PLS-00905: object WEBDB.RW_CPC_PM is invalid
1/14 PLS-00304: cannot compile body of 'RW_CPC_PM' without its
specification
Package body created.
No errors.
Package body created.
No errors.
Package body created.
No errors.
Package body created.
No errors.
Package body created.
No errors.
Warning: Package Body created with compilation errors.
Errors for PACKAGE BODY WWV_RWMANRWO:
249/9 PL/SQL: Statement ignored
249/23 PLS-00382: expression is of wrong type
385/9 PL/SQL: Statement ignored
385/23 PLS-00382: expression is of wrong type
... grant Oracle Reports Menu privileges
PL/SQL procedure successfully completed.
... done
...end: Monday 27 December , 1999 14:57:25
D O N E I N S T A L L
SQL> SPOOL OFF
null

The above error is occuring only if the script is ran over a pre-existing reports security on webdb.
The drop table commands in the scripts may be having some untested errors due to which the above errors resulted.
I had re-installed webdb and when
the above scripts were run for first time i didn't encounter those errors.
FYI.
Thanks.

Map security roles to group within LDAP using external 3rd Party LDAP

I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
Any help would be greatly appreciated.
Log.xml log entry that confirms webtA is communicating successfully with AD.
SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
<MESSAGE>
<HEADER>
</CORRELATION_DATA>
<PAYLOAD>
<MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
<MESSAGE>
<HEADER>
Error reported in the log
<MESSAGE>
<HEADER>
<TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
<COMPONENT_ID>j2ee</COMPONENT_ID>
<MSG_TYPE TYPE="TRACE"></MSG_TYPE>
<MSG_LEVEL>16</MSG_LEVEL>
<HOST_ID>F2287032-W</HOST_ID>
<HOST_NWADDR>30.30.16.14</HOST_NWADDR>
<MODULE_ID>security</MODULE_ID>
<THREAD_ID>14</THREAD_ID>
<USER_ID>wmgraham</USER_ID>
</HEADER>
<CORRELATION_DATA>
<EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
</CORRELATION_DATA>
<PAYLOAD>
<MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
</PAYLOAD>
</MESSAGE>
Web.xml Logical Role definition
<security-constraint>
<web-resource-collection>
<web-resource-name>allpages</web-resource-name>
<url-pattern>/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>WEBTA_J2EE_USER</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>WEBTA_J2EE_USER</role-name>
</security-role>
Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
<security-role-mapping name="WEBTA_J2EE_USER">
<group name="webta"/> <-- Group defined in AD -->
</security-role-mapping>

What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

Redirecting user to acustom page depending on security role after glassfish

Hi,
I have a JSF application using glassfish authentication mechanism. I'm planning to use a jdbc realm and form based authentication (I'm using a jsp page to get username and password) . I have 3 different user roles (student, admin and staff)
However I cannot find how to redirect a user to a different page (Ex: staff report page if the logged in user is in the security role staff). I have configured sun-web.xml and web.xml to map the roles and groups. The problem is after authentication the user is always redirected back to the home page, which is the login page. I understand this is how the glassfish authentication works by default. But is there a way to navigate the user to a different page depending on his role.
I'm new to EJB security. Please help me on this subject. Thanks a lot in advance.

Check this blog post, which provides an alternate solution (You can choose the best possible solution based on your use-case).
http://andrejusb.blogspot.com/2007/10/security-in-oracle-adf-and-automatic.html
Thanks,
Navaneeth

Non-admin users do not generate ICP Reports

Hi all,
I'm having an issue with HFM 11.1.3.5. Users that are not provisioned as administrator cannot see data in any ICP Report. The report runs fine, but the report shows no data. Only the POV is displayed. If an admin user runs the same report (with the same POV), All data is displayed correctly.
I've tried to provide "all" acess to metadata in shared services (Assign acess control option), and still no data.
PS: The error occurs only for some members of Value Dimension, such as Elimination. The report runs fine for Ent. Curr Total, for example.

No, consolidation rules don't block data, and the ICP report has nothing to do with consoidation rules unless you have flagged parent entities "IsICP" which you should not do.
Since administrators can see the data and others cannot, this seems clearly related to security. What is the security class assigned to the report in question, and what access do users have to that class? Also, check each entity in the report and reply what the security class listed on "security as partner". This is the security access applied to the ICP dimension. If the fields are both blank then HFM uses the access rights to the [Default] class. You should grant all users at least Read access to the [Default] class, though I recommend All access to this class for all users.
--Chris

Security roles and profiles

Hello,
Could you please provide information on "security roles and profiles "
I would appreciate.
Regards,
Alex

Roles give you authorization to specific area of the system. Use TC pfcg and you will see different setting for a role.
In specific Role -> Authorization -> click on Display Authorization Data.
Here all specific InfoArea, Cube, ODS, Reporting componets: display, execute and other security rules are defined.
User Section: defines who has access to this role.
Multiple authorization are combined to create an Authorization Profile. You defined a profile at TC su01 and under profile section.
Hope that helps.
thanks.
Wond

Receiving an error when trying to remove P00 Security role from the user

Hi All,
I am receiving an error when trying to remove P00 Security role from the user.
After logging on to GRC CUP, clicking on u201CCreate requestu201D, and filling out required information,
I click on Select Roles/Groups
On the next screen,
I click on Existing Roles/Groups
ERROR MESSAGE appears X Action failed and no roles appear in the box to select for removal.
Regards,
Vineet

Hi Vineet,
My be your selection is incorrect
Try this
in Applicaiton Area -- Select ALL
Functional Area -
Select ALL
Company -
Select ALL
Role/Profile/Group Names --- Give p00* and execute the report
if you give only p00 it wont give any result
Hope this helps
Thank you,
Kishore

Issue with generating a security role in program CRMD_UI_ROLE_PREPARE

Hello -
We have recently upgrade from CRM 2007 from CRM 4.0. We are working with the Business Roles and generating the security role from the business role using CRMD_UI_ROLE_PREPARE. We first create a simple test Business Role, a Z* copying from TPM_ROLE. Then we generated the security using CRMD_UI_ROLE_PREPARE. This was fine. Now was have copied a Business Role from TPM_ROLE that is one we want to use. We have created our own Z* Nav Bar and Role Config Key. This is working fine, but now when we try to generate using CRMD_UI_ROLE_PREPARE, the txt file is not generated, though there are no errors in the log. We can still generate the security role from our simple test. We have looked on line, and read the article in CRM Expert in June on Business Roles, but have not found the solution yet. Has anyone run into this?
thanks
   George

This is how I used this program:
A. Generate required authorization objects
1.     T-Code: SA38
2.     Enter report CRMD_UI_ROLE_PREPARE and choose Execute.
3.     Select your Business Role.
4.     Choose language EN.
5.     Choose Execute.
Result: A file is created for each Business Role and saved on your computer in the SAP working directory. If you are working with Microsoft Windows XP, this file is saved in C:\Documents and Settings\<User ID>\SapWorkDir\.
B. Assign authorization objects
1.     T-Code: PFCG
2.     Enter your Role and choose Change.
3.     On the Menu tab choose Import from file and upload the file previously created.
4.     Choose Save.
Then adapt the authorizations if needed and choose Generate.
Stephanie.

How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

Hi,
I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
security-role>
        <description>Authenticated</description>
        <role-name>Authenticated</role-name>
    </security-role>
This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
In weblogic, I have the following setting in weblogic.xml
<wls:security-role-assignment>
        <wls:role-name>Authenticated</wls:role-name>
        <wls:externally-defined />
    </wls:security-role-assignment>
And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
I am wondering if this setting can be specified in for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
Thanks

Hi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam

JDev EA1 Error with JAZN/Security Roles/Authentication

I have a current JSF application created under JDev 10.1.3 Preview which runs fine, but under JDev EA1 it crashes.
The application has a JAZN definition with a realm and user defined. The user is also tied to a security role.
In the web.xml I have a security role defined and security constraints. I also have the security-role-mappings in the orion-application.xml for deployment which uses OID to authenticate.
This all works fine in JDev 10.1.3 preview.
When I run the application in JDev EA1, the login dialog does not appear and the application crashes because it can't authenticate who is using the application. I have deleted and recreated the Jazn user and security roles under EA1.
I have noticed that JDev is now reporting the "<security-constraint>" tag in web.xml is an error now.
Any ideas on what's wrong?
Thanks

We're using SSO, so we haven't written our own login handler. The orion-application.xml has the "<jazn-web-app auth-method="SSO"/>" tag in it. We let SSO handle the login. You can write your own login handler if you wanted to. I think there's several threads about doing it. We wanted to try and use SSO and not have to write the piece to do the login.
orion-application.xml:
<jazn provider="LDAP"
location="ldap://my.company.com:<port number>"
default-realm="my_realm_here">
<jazn-web-app auth-method="SSO"/>
</jazn>
The way we approached it, we have a User and Visit object. The User object just holds some data:
public class User implements Serializable
private String userid;
private String name;
private String email;
private Date loginTime;
The faces-config.xml is like this:

<managed-bean>
<managed-bean-name>user</managed-bean-name>
<managed-bean-class>com.mycompany.User</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>queryService</property-name>
<value>#{queryservicebean}</value>
</managed-property>
</managed-bean>
We're using Spring to inject the "queryservicebean". You may not need this section. We're having to grab data from a database table. So you can probably skip that "<managed-property>" section.
The section I think you are really asking about is the ViewHandler. You probably need to look at extending the ViewHandler to populate your user object.
public class AuthenticatingViewHandler extends ViewHandler{...}
You will probably need to look at adding code in the createView and restoreView methods.
Something like:
public class AuthenticatingViewHandler extends ViewHandler
private final ViewHandler _base;
public AuthenticatingAurepViewHandler(ViewHandler base)
_base = base;
public UIViewRoot createView(FacesContext facesContext, String viewId)
viewId = loadUser(facesContext,viewId);
return _base.createView(facesContext, viewId);
} //END createView(FacesContext facesContext, String viewId)
public UIViewRoot restoreView(FacesContext facesContext, String viewId)
viewId = loadUser(facesContext,viewId);
return _base.restoreView(facesContext,viewId);
} //END restoreView(FacesContext facesContext, String viewId)
--Then "loadUser" would populate your User object:
public String loadUser(FacesContext facesContext, String viewId)
String userId = facesContext.getExternalContext().getRemoteUser();
User user = (User) JSFUtils.getManagedBean(ViewConstants.USER);
-- Set the userid from OID in your User object
user.setUserid(userId);
-- Note: You may need to do some parsing on your user id string from OID.
-- Do more stuff here, may switch to a differnt viewId if needed, like an error page.
return viewId;
} // END loadUser(FacesContext facesContext, String viewId)
} //END AuthenticatingViewHandler
The "JSFUtils.getManagedBean" uses the valuebinding to get the User bean from the FacesContext. We also carry a boolean isUserLoaded in the User object so we're not executing the loadUser code each time a view is rendered. The Visit object just has a navigation trace and other things of interest to us, so you may not care about it.
A lot of this is from Adam Wiener's post on Sun's JSF forum. I think there's a couple of ways to approach this, with our requirements this works out better. If anybody else has any suggestions, it would be great to hear about them.
As always, hope it helps out with what you are doing and thanks for the chocolate.

Getting the error from icp report

i am looking to take the icp report but getting below error
An error has occurred. Please contact your administrator.
Show Details:
Error Number:70
Error Description:Permission denied
Error Source:Microsoft VBScript runtime error
Page On which Error Occurred:/hfm/Administration/ShowRunningTaskLog.asp
Edited by: Kimi on Feb 20, 2012 4:13 PM

Hi
Follow the below steps..
This issue is caused by NTFS permissions on the FileTransfer folder on the HFM Web Server and can be verified by giving the Everyone group Full Access Control to the FileTransfer folder
1. Check the data value of FileTransferFolderPath value in the Windows Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Hyperion Solutions\Hyperion Financial Management\Web
2. In Windows Explorer navigate to the folder specified in above registry, right-click on folder name and select Properties then the Security tab.
3.Make sure that the below accounts should be available. if not Add IUSR, IWAM, IIS_WPG, Interactive, System, Service, Local Service, Network, Network Services, DCOM account, Anonymous and Everyone to the Web folder and
Give Full Control permissions
4. Click apply and Restart IIS
now it should work.. still if you face the issue follow the below Oracle knowledge base article
Financial Management Error "Error Number:70 Error Description: Permission denied" When Loading or Saving Objects (Doc ID 596447.1)
thank you
Regards,
Mahe

Does Azure SQL support AD and Security Roles

I would like to create Reporting Service reports using Azure SQL Database.
It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
Kenny_I

Hi Kenny,
Thanks for posting here.
I suggest you to check this link for details.
http://www.infoq.com/news/2015/02/azure-sql-ad-media
http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
Hope this helps you.
Girish Prajwal

Security Role for RZ70

Hi Guys,
Which security role provides access to RZ70. Also when I added all the SLD roles I am told I do not have authority to change SLD administration, instead of not being authorized for the transaction.
Regards,
Chris

Hi,
It seems your SLD hasnt been registered onto the SAP gateway.
Have you setup your Data Supplier Bridge properly Access information in T-code SLDAPICUST
check this post
Re: No Message Server defined
tcode rz70 ( program RSLDADM ) is part of SAPKB62019. In this report you could check if any special Security roles have added
Refer,
Re: RZ70
Re: Accesing multiple R/3 systems from WD application
Thanks
swarup
Edited by: Swarup Sawant on Feb 23, 2008 4:43 AM

ICP Reports Security Role

Similar Messages

Maybe you are looking for