International User Groups - Workflow Survey

Similar Messages

• ACS 5.1 internal users

  Hi
  I have an customer with an ACS config that has an identity store sequence to authenticate agains for tacacs.  First the internal database is checked for the user.  If they do not exist there they are checked against AD.
  If the user is one of the 200+ they have migrated from an ACS 4 config into internal users they want to give them full enable access.  If the user is not in the internal database and needs verified via AD they only get priv 1 access.
  Is there an easy way to create an Authorization rule in the default device admin service selection rule to do this. ?
  I'm trying to test via a compound Condition.  The condition matches the Dictionary Internal Users group attribute with a value of All Groups.  I cannot connect to AD at the moment to test this as it's in a lab environment but I'm hoping that when this rule is checked then only users that are explicitly in the internal database via the All Groups condition will match.  If the user was matched via AD this rule won't match and the next one will come into effect which is a default rule to give priv 1 access.
  Anyone have any thoughts on this method ?
  Many thanks, Stephen.

  Excuse my stupidity.  There is an Identity group condition in the Authorization rules page for this.  I don't need and compound condition.
  My intention is to match on Any Group there and apply priv 15 access with a shell profile.
  I will then leave the default rule to catch all others which go to AD for authentication.  I assume they will not match the Any Groups Identity Group so will use the default rule.  I'll then apply the appropriate shell profile to the default rule.
  Thanks, Stephen.

• Granting item permissions to specific group or users via workflow- sharepoint online

  I want to create a Document Set and upon doing that i want to grants users/ groups item level permissions to the document set.
  Can this be done via workflow?
  What are my options?

  If workflow starts on document set, you will change permission on the document set: if the files inherit permission from document set, all children files will have the same document set permission.
  the document set is nothing more than a souped-up folder
  Regards,
  Bubu
  http://zsvipullo.blogspot.it
  Please mark my answer if it helped you, I would greatly appreciate it.

• How to send a Workitem to User Group through WorkFlow

  Hi,
  I am developing a WorkFlow, in this i have an issue that i have to send a WorkItem to User Group on Certain condition. On Agent Assignment I want to assign User Group not a single or multiple Users.
  Could anyone resolve this issue. How can i resolve in WorkFlow.
  Harkesh Dang

  hi Harkesh,
  During agent assignment use Organizational unit -> All users in that organizational unit will receive workitem.
  Use Role -> All users having that role will receive workitem.
  Use Job/Position -> All users assigned to job/position ca receive workitem.
  Or else use expression -> Pass the user name through some selection criteria using a background method. Loop it. Create a task and workflow container and make sure that in properties tab multiline is checked.
  Hope it works.
  Regards,
  Raj

• User Group is not receiving email Sharepoint 2013 & Nintex workflow

  Hi I created circular workflow using nintex and sharepoint 2013 , now problem occur that User group did not receive email notification through web portal , sending individual email address working fine but user group is not receiving
  any email, not a single group is working now , to clear we used same workflow since last two years and all group received email earlier but now we are facing this issue since last 3 weeks. to resolve this we create new test groups and test but enable
  to send.
  looking for support to resolve this issue
  Regards

  This actually sounds like a problem that should be discussed on the Nintex forums, can you try over there?
  Kind regards,
  Margriet Bruggeman
  Lois & Clark IT Services
  web site: http://www.loisandclark.eu
  blog: http://www.sharepointdragons.com

• Workflow Infrastructure Error: 88xr Unexpected WinWF Internal Error,terminating workflow Id#03888be1-28c8-409d-bc65-7115bc17edfa

  Hello Friends,
  I have developed a custom sequential workflow in SharePoint Server 2010 using VS 2010. My workflow gets activated and then creates a new task in the Tasks List.
  But "Error Occurred" gets displayed in the Workflow column in the default view of my document library instead of "In Progress".
  I debugged my code and there are no errors in it. But I found the below error in \14\LOGS\:
  "SharePoint Foundation Workflow Infrastructure Error: 88xr Unexpected WinWF Internal Error,terminating workflow Id#03888be1-28c8-409d-bc65-7115bc17edfa"
  I have set the properties correctly for the workflow activities in VS 2010.
  Can anybody help me solve this error?
  Thanks in advance...
  Regards,Gautam Kaikini.

  I am having the same issue, here is some of the logging errors I am seeing.  If anyone has any ideas I would be forever in your debt,
  02/24/2011 11:32:47.52 w3wp.exe (0x0A14)                      
  0x0F40
  SharePoint Foundation         Workflow Infrastructure      
  88xr Unexpected
  WinWF Internal Error, terminating workflow Id# 4128e252-208e-4d6c-8772-12c51959038e
  616e0e48-457e-4620-8191-dbe40c9af587
  02/24/2011 11:32:47.52 w3wp.exe (0x0A14)                      
  0x0F40
  SharePoint Foundation         Workflow Infrastructure      
  98d4 Unexpected
  Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.     at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection
  sourceAccounts, Type targetType, Boolean forceSuccess)     at System.Security.Principal.NTAccount.Translate(Type targetType)     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)
      --- End of inner exception stack trace ---     at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedSuffix)     at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String
  fullName)     at Microsoft.SharePoint...
  616e0e48-457e-4620-8191-dbe40c9af587
  02/24/2011 11:32:47.52* w3wp.exe (0x0A14)                      
  0x0F40
  SharePoint Foundation         Workflow Infrastructure      
  98d4 Unexpected
  ....SPGlobal.CreateSPRequestAndSetIdentity(SPSite site, String name, Boolean bNotGlobalAdminCode, String strUrl, Boolean bNotAddToContext, Byte[] UserToken, String userName, Boolean bIgnoreTokenTimeout, Boolean bAsAnonymous)     at Microsoft.SharePoint.SPSite.GetSPRequest()
      at Microsoft.SharePoint.SPSite.get_Request()     at Microsoft.SharePoint.SPSite.OpenWeb(Guid gWebId, Int32 mondoHint)     at Microsoft.SharePoint.Workflow.SPWinOEWSSService.GetWebForWorkflow(SPWorkflow wf, SPWorkflowUserContext
  runAsUser)     at Microsoft.SharePoint.Workflow.SPWinOEWSSService.get_Web()     at Microsoft.SharePoint.Workflow.SPWinOEWSSService.GetWebForListItemService()     at Microsoft.SharePoint.Workflow.SPWinOEWSSService.UpdateModerationStatus(Guid
  id, Guid listId, SPItemKey itemKey, SPModerationStatusT...
  616e0e48-457e-4620-8191-dbe40c9af587
  02/24/2011 11:32:47.52* w3wp.exe (0x0A14)                      
  0x0F40
  SharePoint Foundation         Workflow Infrastructure      
  98d4 Unexpected
  ...ype newModerationStatus, String comments)     at Microsoft.Office.Workflow.Actions.SetTaskProcessItemModerationStatus.DoUpdate(ActivityExecutionContext context)     at Microsoft.SharePoint.WorkflowActions.WaitForDocumentUnlockActivity.Execute(ActivityExecutionContext
  executionContext)     at Microsoft.Office.Workflow.Actions.SetTaskProcessItemModerationStatus.Execute(ActivityExecutionContext context)     at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext
  executionContext)     at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(Activity activity, ActivityExecutionContext executionContext)     at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
      at System.Workflow.Runtime.Schedule...
  616e0e48-457e-4620-8191-dbe40c9af587
  02/24/2011 11:32:47.52* w3wp.exe (0x0A14)                      
  0x0F40
  SharePoint Foundation         Workflow Infrastructure      
  98d4 Unexpected
  ...r.Run() 616e0e48-457e-4620-8191-dbe40c9af587
  Thanks in advance!

• Cannot upload music file in Response Group Workflow

  Hi Support,
  This is multi site deployment. 3 site Lync 2013 Enterprise Edition, site A, B and C.
  I'm creating Hunt Group via Response Groupconfiguration tool in Site A.
  when I try to upload the music file for 'after business hour message' and 'music on hold' it prompt with error 
  "the file was not uploaded. An error occurred while trying to upload the file.
  The file may be too big"
  but I can upload the music file in Site B and C Response Group Workflow using the same file, Verified by test the Hunt Group and its working.
  Detail music file:
  afterofficehour.wav 1.52MB
  musiconhold.wav 1.92MB
  Detail Lync Share folder:
  Right: everyone - Read/Write
  \\LyncShare-A\1-ApplicationServer-1\AppServerFiles\rgs\temp
  \\LyncShare-B\1-ApplicationServer-1\AppServerFiles\rgs\temp
  \\LyncShare-C\1-ApplicationServer-1\AppServerFiles\rgs\temp
  Any Idea on this issue?

  Hi,
  below is the recommendation for the MOH file for RGS,
  All wave files must meet the following requirements
  8-bit or 16-bit file
  Linear pulse code modulation (LPCM), A-Law, or mu-Law format
  Mono or stereo
  4MB or less
  For the best performance of wave files, a 16 kHz, mono, 16-bit Wave file is recommended.
  get a file converted to above specs and upload. it should work.
  Z-Hire -- Automate Lync User Account creation process ( AD / Exchange / Lync )

• TFS says {oldaccount} is not a member of the Team Foundation Valid Users group, but I am

  I'm trying to check in changes to TFS using VS2013. When I hit the submit button, TFS returns the following error, "TF14002: The identity {domain} \ {oldaccount} is not a member of the Team Foundation Valid Users group."
  Background: my account name has been changed to {newaccount} from {oldaccount}.  And when the sys-admins changed my account name they did not update my computer itself, so I'm still using C:\Users\{oldaccount}. I can't believe that would make a difference
  but you never know....
  When I first started working at this company I'm almost certain I set up my TFS Workspace with my old account. But I thought I deleted all that stuff related to my old account and reset everything to my new account (Workspaces and TFS server). My lead tech
  has even shown me the account mgmnt screen with my new account name. And I've been able to check out items with my new account name.
  I performed the following steps to try to "clean out" TFS:
  • I copied all of my changed files to a back-up location.
  • I undid all changes in TFS (note that TFS has been allowing me to check out files to edit).
  • I deleted the TFS entry in Credential Manager per a suggestion online.
  • I deleted my Workspace.
  • I even deleted my TFS server.
  • I Rebooted my computer.
  • I reconnected to the TFS server.
  • I rebuilt my Workspace.
  • I restored my changed files from my back-up location.
  At this point I tried checking-in my changes again but got the same error message as above.
  Next, I deleted everything in this folder:
  C:\Users\ ...\AppData\Local\Microsoft\Team Foundation\5.0\Cache
  ... but I'm still seeing the error.
  Also, we'd been informed that a number of us need to downgrade from "Ultimate" to "Professional".  I did my downgrade to VS2013 Pro (after the steps above) but I am still seeing the same error.
  A comment on another question
  here suggested that I shelve my changes without preserving changes locally, then un-shelve and attempt to check-in.  This also did not work, I could shelve my changes and un-shelve, but doing so did not fix the original problem.
  Note that I do NOT have access to the TFS server itself - much less permissions to perform any sort of admin on it (and I don't know the person who would) - but might there be a table in the TFS database that still has an entry for my old account that could
  be joining to my computer name &/or new account name when TFS goes to look up my account info when I check in my changes? I am getting desperate for an answer!
  Any suggestions?
  Thanks,
  D. Kelley

  Hi D. Kelley,
  Thanks for the details. Based on your description, you might need to change or update the SID for users. Try identity command to change the username if you never use the new username in TFS. Check this page for more information about
  identities command in this
  page.
  You can also check the table "tbl_Identity" in the tfs_configuration database to see if the new user exists, or it has the old user. Another option is have a check on other machines to see if it works fine. Refer to links below for more information:
  https://social.msdn.microsoft.com/Forums/en-US/93568425-a877-4d21-8497-1adc4561b6d3/unable-to-check-in-code-to-tfs-due-to-tf14002-the-identity-old-user-name-is-not-a-member-of-the?forum=tfsversioncontrol
  https://social.msdn.microsoft.com/Forums/en-US/acc56859-624f-41bc-b698-cbb5e0b8f525/cant-check-in-code-the-identity-devoldusername-is-not-a-member-of-the-team-foundation-valid?forum=tfsversioncontrol
  Best regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• ISE internal user authentication failure - user not found

  Hi Forumers'
  I trying to do wireless 802.1x, where identity store using intenral user.
  But i found this error message when i trying to connect
  Authentication failed                                                                                 :
  22056 Subject not found in the applicable identity store(s)
  My authrorization rules is built like this
  identity groups = user identities group / " mygroup"
  condition = no setting
  permissions = standard / PermitAccess
  Question 1
  Any troubleshooting step to do on this?
  Question 2
  For the Authorization rules, what's the condition should set for using Internal User as Identity store?
  Thanks
  Noel

  The error is caused to an authentication failure and is not an issue with authorization
  You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
  In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".

• ISE / Active Directory: issue to get users group

  Hello,
  We have a strange issue:
  - ISE 1.2 patch 8
  - no WLC, autonomous AP
  In authentication, we check Wireless IEEE 802.11 (radius) and cisco-av-pair (ssid), then we use AD.
  We have 3 SSIDs, so 3 rules, one DATA, one GUEST, one for TOIP.
  In one more rules to grant authentication from APs to register in WDS: user in local database.
  In authorization, we check cisco-av-pair (ssid) and AD user group, then we permit access.
  (so 3 rules), and one more to authorise the internal base for WDS.
  We have something strange:
  - sometimes users can connect but later they can't: in the logs, the authorization rejects the user because the AD Group is not seen.
  Exemple:
  1- OK:
  Authentication Details
  Source Timestamp
  2014-05-15 11:43:19.064
  Received Timestamp
  2014-05-15 11:43:19.065
  Policy Server
  radius
  Event
  5200 Authentication succeeded 
  All the GROUPS of user are seen:
  false
  AD ExternalGroups
  xx/users/admexch
  AD ExternalGroups
  xx/users/glkdp
  AD ExternalGroups
  x/users/gl revue écriture
  AD ExternalGroups
  xx/users/pcanywhere
  AD ExternalGroups
  xx/users/wifidata
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa informatique
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa entreprises et cités
  AD ExternalGroups
  xx/informatique/campus/destinataires/aa campus
  AD ExternalGroups
  xx/users/aiga_creches
  AD ExternalGroups
  xx/users/admins du domaine
  AD ExternalGroups
  xx/users/utilisa. du domaine
  AD ExternalGroups
  xx/users/groupe de réplication dont le mot de passe rodc est refusé
  AD ExternalGroups
  xx/microsoft exchange security groups/exchange view-only administrators
  AD ExternalGroups
  xx/microsoft exchange security groups/exchange public folder administrators
  AD ExternalGroups
  xx/users/certsvc_dcom_access
  AD ExternalGroups
  xx/builtin/administrateurs
  AD ExternalGroups
  xx/builtin/utilisateurs
  AD ExternalGroups
  xx/builtin/opérateurs de compte
  AD ExternalGroups
  xx/builtin/opérateurs de serveur
  AD ExternalGroups
  xx/builtin/utilisateurs du bureau à distance
  AD ExternalGroups
  xx/builtin/accès dcom service de certificats
  RADIUS Username
  xx\cennelin
  Device IP Address
  172.25.2.87
  Called-Station-ID
  00:3A:98:A5:3E:20
  CiscoAVPair
  ssid=CAMPUS
  ssid
  campus 
  2- NO OK later:
  Authentication Details
  Source Timestamp
  2014-05-15 16:17:35.69
  Received Timestamp
  2014-05-15 16:17:35.69
  Policy Server
  radius
  Event
  5434 Endpoint conducted several failed authentications of the same scenario
  Failure Reason
  15039 Rejected per authorization profile
  Resolution
  Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
  Root cause
  Selected Authorization Profile contains ACCESS_REJECT attribute 
  Only 3 Groups of the user are seen:
  Other Attributes
  ConfigVersionId
  5
  Device Port
  1645
  DestinationPort
  1812
  RadiusPacketType
  AccessRequest
  UserName
  host/xxxxxxxxxxxx
  Protocol
  Radius
  NAS-IP-Address
  172.25.2.80
  NAS-Port
  51517
  Framed-MTU
  1400
  State
  37CPMSessionID=b0140a6f0000C2E15374CC7F;32SessionID=radius/189518899/49890;
  cisco-nas-port
  51517
  IsEndpointInRejectMode
  false
  AcsSessionID
  radius/189518899/49890
  DetailedInfo
  Authentication succeed
  SelectedAuthenticationIdentityStores
  AD1
  ADDomain
  xxxxxxxxxxx
  AuthorizationPolicyMatchedRule
  Default
  CPMSessionID
  b0140a6f0000C2E15374CC7F
  EndPointMACAddress
  00-xxxxxxxxxxxx
  ISEPolicySetName
  Default
  AllowedProtocolMatchedRule
  MDP-PC-PEAP
  IdentitySelectionMatchedRule
  Default
  HostIdentityGroup
  Endpoint Identity Groups:Profiled:Workstation
  Model Name
  Cisco
  Location
  Location#All Locations#Site-MDP
  Device Type
  Device Type#All Device Types#Cisco-Bornes
  IdentityAccessRestricted
  false
  AD ExternalGroups
  xx/users/ordinateurs du domaine
  AD ExternalGroups
  xx/users/certsvc_dcom_access
  AD ExternalGroups
  xx/builtin/accès dcom service de certificats
  Called-Station-ID
  54:75:D0:DC:5B:7C
  CiscoAVPair
  ssid=CAMPUS 
  If you have an idea, thanks so much,
  Regards,

  To configure debug logs via the Cisco ISE user interface, complete the following steps
  :Step 1 Choose Administration > System > Logging > Debug Log Configuration. The Node List page appears, which contains a list of nodes and their personas.
  You can use the Filter button to search for a specific node, particularly if the node list is large.
  www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_logging.html#wp1059750

• OIM 10g Event Handler : Integrated with User Groups.User Members

  I have created custom event handler and integrated it with User Groups.User Members data object.
  here is my code od event handler class:
  public class GroupEventHandler extends tcBaseEvent {
       public GroupEventHandler() {
            this.setEventName("Event Handler Sample");
       protected void implementation() throws Exception {
            System.out.println("============@@@@@@@@ IN EVENT HANDLER ");
            try
            String groupKey = this.getDataObject().getString("Groups.Key");
            writeToFile(groupKey);
            catch (Exception e)
                 e.printStackTrace();
  But I am getting this exception :
  ERROR [ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)' XELLERATE.SERVER - Class/Method: tcTableDataObj/getString encounter some problems: Column 'GROUPS.KEY' not found
  com.thortech.xl.dataaccess.tcDataSetException: Column 'GROUPS.KEY' not found
       at com.thortech.xl.dataaccess.tcDataSet.getColumnIndex(Unknown Source)
       at com.thortech.xl.dataaccess.tcDataSet.getString(Unknown Source)
       at com.thortech.xl.dataobj.tcTableDataObj.getString(Unknown Source)
       at oim.GroupEventHandler.implementation(GroupEventHandler.java:19)
       at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.eventPostInsert(Unknown Source)
       at com.thortech.xl.dataobj.tcUSG.eventPostInsert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
       at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
       at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
       at com.thortech.xl.ejb.beansimpl.tcGroupOperationsBean.addMemberUsers(Unknown Source)
       at com.thortech.xl.ejb.beans.tcGroupOperationsSession.addMemberUsers(Unknown Source)
       at com.thortech.xl.ejb.beans.tcGroupOperations_ejm77u_EOImpl.addMemberUsers(tcGroupOperations_ejm77u_EOImpl.java:1671)
       at Thor.API.Operations.tcGroupOperationsClient.addMemberUsers(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.security.Security.runAs(Security.java:41)
       at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
       at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
       at $Proxy66.addMemberUsers(Unknown Source)
       at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignMemberUsers(Unknown Source)
       at com.thortech.xl.webclient.actions.UserGroupMembersAction.assignGroupMembers(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
       at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
       at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
       at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
       at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
       at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
       at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)

  Anyone have idea about why "Groups.Key" not found exception thrown here..
  I have assigned this event handler at postinsert event of User Groups.User Members Data Object.

• Restrict metadata field during an update to a specific user group

  Hello everyone,
  I am having some trouble figuring out the best way to restrict permissions to change some metadata fields for 2 different groups of users.
  I have two user groups, A and B. Group A will be checking in documents that the B group will then review for accuracy and quality. Group B will then update an optionlist field called "Status" with either "Recommended" or "Not Recommended".
  This is not a workflow situation as the scope requires that all documents are immediately available for searching. I currently have a CheckIn and Search profile for the content permitting read write access to groups A and B. The "Status" field is hidden on the CheckIn page. Can anyone please suggest a good way to restrict the field "Status" on an Update page to just "B" users? Groups A and B should be able to update all fields with the exception of the B restricted "Status" field.
  Thanks!
  Edited by: user6750815 on Jun 2, 2010 4:11 PM

  Hey rMac,
  I understand it this way you have one profile for A and B user groups. On this profile Status field is hidden.
  If this is your problem you can approach it from two places, while making the rule for hiding the Status field, use rule activation condition. Make it active only for users with Role A . This way even with single profile some of the user with Role B will be able to see the Status field.
  otherwise you can put similar code in Restrict Personalization Link where in you make this hidden field editable and compulsory for Users in B.
  cheers,
  sapan

• Unable to Create Users/Groups/Orgs in OAM

  I have created a admin user [oamadmin] in Sun One Directory Server and configured the admin user as a Administrator during the initial installation/configuration. When I go the Identity System Console, I can see the users from Sun One Directory Server. When I tried to create a User, Group or a Organization, I see the error message
  "You do not have sufficient access rights"
  Is there anything I'm missing? What should I tune if I have to create users, groups and organizations from Identity System Console? I have included the admin user [oamadmin] in Directory Administrators group in Directory Server.

  You have to create a workflow that creates user, group, ... and make the current logged in user (your admin in this case) the initiator of this workflow
  for more details check the identity and common administration guide section 5 - chaining identity actions into workflows

• Table name for Internal order group and Profit center group

  Hello Friends,
  Could any one provide me the table for Internal order group and Profit center group.
  We are developing new customized report and user requested internal order group and Profit center group in the selection criteria.
  I have checked for this tables but found only these fields in structures.
  Thanks in advance,
  Ravi Kiran.

  Or use FM [G_SET_TREE_IMPORT|http://www.sdn.sap.com/irj/scn/advancedsearch?query=g_set_tree_import] to read the hierarchy/Group. (Read FM and FG documentation, you can also add break-point and call some S_ALRxxx transaction which use this FM for the objects you need).
  Regards,
  Raymond

• Sponsor portal and internal users

  Hi
  I have configured on our ISE to use AD-users as sponsors. And this works perfect.
  but I'm also trying to configure an internal user, for the sponsor portal.
  I Have configured it almost the same way so i don't understand why the ISE is reporting :
  Sponsor authentication has failed : Sponsorgroup not found for user        
  My identity store is a sequence for AD and internal users, and i can see from the log that it looks in the right place :
  Identity Store:
  Internal Users
  My condition is that the internal user, should be a member of identity group : sponsorAllAccount
  my identity group : 
  Identity Group:
  SponsorAllAccount
  and then get a created sponsor group, this sponsor grop that is allocated to the condition, works fine for det AD-users.
  Evaluating Identity Policy
  5435 Sponsor authentication has failed
  any suggestions of why ?    I'm now running the lastes 1.1.1 version.
  Br
  Tuva

  Hi  Tarik
  thanks for the answer.
  I'm certain that the user does not exist in the AD domain,  anyhow, then my log would tell me that the authentication failed because of wrong password !? 
  I can se from the log that the ISE is doing lookup in the internal database.
  this is output from he logging : 
  Identity Store:
  Internal Users
  I have ,made a identity store sequence with both AD and internal users.
  Br
  Tuva