Message Monitor - Access rights

Hello,
we want to give some user access rights to look into Message Monitor to track the transfer of IDOCs.
Basically we have the role Role_SAPMEINT which lets us take look into the queue monitor but not the message monitor.
By which UME roles or UME actions is this part is accssible for the user.
I don't want to give the user SAP_XMII_Admin role.
Regards,
Kai

It looks like there are some Actions for the Message Listener Monitor listed in the MII help.
Actions for Permissions - SAP Manufacturing Integration and Intelligence - SAP Library

Similar Messages

Identity Server - orcladmin access rights

Hi,
I have created the identity server which points to the directory server and have marked orcladmin as the master administrator. When I login into the Identity Server using the orcladmin user and try to create users, the message Insufficient Access Rights is displayed in red. Any idea why this might be happening.
TIA
Rgds..VJ

Thanks..Working now
Just one basic question - Are these workflows configured as per the role given e.g. create user basic profile is tagged to the identity administrator role ? So can we configure only a predefined set of workflows which automatically get mapped to the roles available ?
Tks...VJ

Browser: Shortcut to Message-Monitoring URL in RWB?

Hi everybody,
does anybody know a shortcut to Message-Monitoring URL in the RWB?
I hate clicking
Regards Mario

Hi,
Do this to get the Short cut to RWB--Message Monitoring
1) Right click on the Desktop-say New-Shortcut
2)provide the location as http://hostname:Port/rwb/index.jsp
3)Say Next
4)Provide what evr the name you want and say Finish
Come to Desktop and double click on the Icon
Regards
Seshagiri

Want to access Status in Message Monitoring

Dear All,
I want to get access to the Status Parameter in Message Monitoring so that depending on the Status(Waiting or Syste Error),I can set my logic and send a mail to the developer.
I need help.
1. Where can I find out the Parameter for status in RWB Message Monitoring?
2.Is there any method so that I can set some parameters and it will directly send mail to the developer or I have to use Mail Adapter and write my own scenario?
3.If I am to develop my own scenario,then how to automate the whole process for each of the New messages?
Thank you in Advance.
Sugata

Hi Suresh,
Thank you for your reply.But this is not what I wanted.In my RWB,there are different Message monitoring Status parameters and I want to get hold of that,to be more open,I want that status to come as Subject of my mail.For that reason I need the Status Parameter,and I need to put that in my mail.How to do that?
Cheers..
Sugata

OAM- "You do not have sufficient access rights" message with Master Admin

Customer has configured the OAM system to have both the primary and the secondary side for failover purposes. The back end directory server on both systems are in sync. The primary side of the systems works well as far as this issue is concerned.
On the secondary side, if you login with the MASTER administrator of the system and click 'Identity System Console' or click any of the configurations under the Configurations in the User Manager, you get the error message saying "You do not have sufficient access rights". However, if they navigate to the Access system on the same browser and access the "Access System Console", and then navigate back to the Identity system, the Master Administrative rights are granted and now have a full access to the system.
We tried following things to resolve the issue, but could not resolve it:
1) Tried deleting 'cookieencryptionkey' which is found under "obcontainerid=encryptionkey,o=oblix" and restarted both the Identity Servers.
2) Confirmed that the OAM administrator is present in cn=Web Masters,o=Oblix,<> and cn=Directory Administrators,o=Oblix,<> from the LDAP.
3) Under the apps=PSC node, checked the Advance Properties for the 'obuniquememberStr' attribute:
- Master Web Resource Admins (cn=master web resource admins, obapp=PSC, o=oblix, ...)
Made sure that the values for the 'obuniquememberStr' attribute has the correct value there.
4) Reconfigured the Secondary Identity Server.
None of the above really helped to resolve the issue.
Could anybody please help here to get rid of this issue.
-Amol

Hi Vinod,
Here is the customer's response to your above 2 questions:
1. We have 4 Directory server profiles for Identity servers; one for user data and one for configuration data for each server.
I have at least reduced them to two and used only the ones initially used by the primary identity server as our user and configuration data do not reside together. User data is consumed via OVD.
However, this does not seem to have any effect on the current behavior.
2. All components except for the access server are on 10.1.4.2 and the access server is on 10.1.4.1
Also below are the errors from the oblogs:
dentity Server log
=============
2008/03/19@10:04:16.508530 4332 262160 PPP INFO 0x000008C7 obeventcatalog.cpp:183 "Cannot find the action" function^ObEventCatalog::GetActionEntry2Modify() actionName^ENCRYPTION_cookieEncryptionKey
Access Server Log
=============
2008/03/19@10:03:56.329959 13608 1687633 CONNECTIVITY DEBUG3 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/netlib/src/obmessagechannel.cpp:601 "Received " ipaddr^10.217.209.81 ipport^1853 seqno^12 opcode^1 opcodeStr^IsResrcOpProtected Message^ro=t%253d0%2520o%253d%2520no%253d%2520r%253d%2520nr%253d%2520wu%253d/identity/oblix/apps/admin/bin/frontpage_admin.cgi%2520wh%253d10.217.209.81%2520wo%253d1%2520wa%253d0%2520ws%253d st=ma%253d2%2520mi%253d2%2520sg%253d0%2520sm%253d version=3 pd=
2008/03/19@10:03:56.340433 3099 802864 AUTHENTICATION DEBUG2 0x00000201 /usr/abuild/Oblix/1014lwhf/palantir/aaa_server/src/aaa_service_server.cpp:2779 "Authorization successful"
Webgate Log
==========
2008/03/19@10:04:05.661000 5796 4516 HTTP_REQ DEBUG3 0x00000201 \Oblix\coreid1014\palantir\webgate2\src\isprotected.cpp:185 "Resource is protected" ResourceOperation^GET ResourceType^http Resource^//10.217.209.81/identity/oblix/apps/admin/bin/front_page_admin.cgi authnSchemeName^Oracle Access and Identity Basic Over LDAP
2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
2008/03/19@10:04:14.661000 5796 4516 LDAP DEBUG3 0x00000201 \Oblix\coreid1014\np_common\db\ldap\util\ldap_util2.cpp:537 "MLK-Memory leak for LDAP error information. This will show up as memory leak in LDAP SDK calls." key^25
2008/03/19@10:05:54.552000 5796 5256 CONFIG DEBUG2 0x00000201 \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:865 "Client configuration not updated"
2008/03/19@10:05:54.552000 5796 5256 CONFIG INFO 0x0000182D \Oblix\coreid1014\palantir\access_api\src\obconfig.cpp:866 "The Access Server has returned a fatal error with no detailed information." raw_code^302
I checked the OVD logs but did not find any error in it. Customer also tried to unprotect the /identity and /access URLs but the issue persist.
Also I do not feel this as a bug, because this environment was working quite for few months without any such issues, also there were no changes made on the OVD/AD configurations. However, the server that hosts the OVD/AD was shut down and when it was restarted, we started experiencing this issue.

Random songs in my music library will not play with an error message "computer does not have access rights" but this is not true. I do, and when I re-type the password, it tells me I already have access rights. How do I fix this?

When I try to play songs from itunes, I get an error message that my computer is not authorized. My songs have all played in the past. This is something new. I verified my computer is authorized, and when I try to re-enter the password, it tells me that I am already authorized. Makes no sense at all. It's an endless circle. Also, my shuffle will not sync due to access rights denied. I did nothing new, I always take the updates. My shuffle and compter are the same, no changes. Everything is verified in my itunes account. For some reason, it is blocking me from half of my music. Help!

It's an endless circle.
See if these instructions help: iTunes repeatedly prompts to authorize computer to play iTunes Store purchases

Control Access in Message Monitoring

Can I control access to payload within PI-Message-Monitoring? The topic has been discussed already: How to Control Access To Payload
By using the "S_XMB_MONI-authorization-object" I can protect access to payload for certain messages, regardless of viewing it with Transcation "SXMB_MONI" or with "RuntimeWorkbench";
For me it is not clear, whether the "S_XMB_MONI-authorization-object" does only affect messages within the Integration-Server, or does it also work for messages in adapter-engine-message-monitoring? I mean, when using "Runtime-Workbench --> Message-Monitoring --> AdapterEngine..."?
Regards, Josef

Hi,
It works only for SXMB_MONI (ABAP stack), user on adapter engine can still see payload.
One hint I can give you to explore further, authorization on RWB are controlled by Visual Admin, you can explore something there to block user to view payload on RWB.
I am exploring it and will update you.
Regards,
Gourav
reward points if it helps you

Seeburger Workbench access - restrict users to Message Monitor only

Hi All
Does anyone know if it's possible to restrict users to Message Monitor only access in the Seeburger Workbench?

Hi Andy,
if by "restrict" you mean if you can change the links available in the workbench, then sadly no - this is currently not possible. If you're ok with getting a HTTP Forbidden when clicking on other links than the Message Monitor, then yes - this can be configured within the SAP NetWeaver Administrator -> Identity Management. Check for example to documentation of the Message Monitor
Extracted from there:
    Log on to the NetWeaver Administrator (NWA).
    Open Operation Management | Users and Access | Identity Managemet (UME).
    Create a role and assign the manage action for com.seeburger.xi.frontend.messageidmonitor to that role.
    Now you can assign the newly created role to any user you want to grant access to the SEEBURGER Message ID Monitor.
This is for explicitly granting some user the access to the Message Monitor. The manage action is per default set to "Everyone". You need to remove Everyone on the corresponding frontends (search for actions with name com.seeburger.xi.frontend*)
Hope that helps
Greetings
-Sascha-

Setting Access Limits in RWB Message Monitoring

Hi All,
In RWB Monitoring -> Message Monitoring -
normally we can monitor all the messages and systems.
Here is it possible to restict a particular 'user' in such a way
that he can monitor only a few messages which is only relevant to him.
Any help will be appreciated.
Thanks in Advance
Regards,
Chemmanz

Hi All,
Thanks for the quick reply.
This feature is available for SXMB_MONI.
So RuntimeWorkbenchMonitoring ->Message Monitoring is also likely to have this feature.
Does anybody have any idea / any docs available ??
Thx n Rgds,
Chemmanz

An Attachement for the payload of the message monitoring.

Hello ,
From the forum links, I found that to access a message payload for the message monitoring, we need to call cl_xms_persist->read_msg_all.
and the export parameter would give the payload message as an attachment.

But when I tried to find if there is any attachment with the messages I dont see them (size comes with the value 0).
 CALL METHOD ex_message->numberofattachments
 RECEIVING
 size = size.

Is there any other option available to get a payload for the message?
Thanks a lot.

Hi Arjun,
 You can see your payload in Tcode SXMB_MONI
 SXMB_MONI-->
 MONITOR FOR PROCESSED XML MESSAGES-->
 click F8 (if required change the date of execution from to select specific message on date range)-->
 Double click on the right most 3D button type of box before the flag icon,
Now you will be able to see the Different pipeline Execution steps(7 Steps) that Your message has under gone .Click on any one of them and see your payload in payload folder at each and every step.This helps us in understanding the way your message is undergoing transformations through out its journey from sender to receiver.
VIRTUAL RECIVER..Is actually a part of an annonymous and adressable unit like service to simulate the receiver that is participating in B2B communication.Its jus a mandatory parameter that has to be mntione din Receiver deternination when We test our B2B scenarios using this option in ID part of PI/XI.
Thanks,
Ram.

How do I fix an access rights error when launching Image Processor in Adobe Bridge CC?

Often when I am working on files and want to batch process Jpegs for clients I get an error message from Image Processor. It will state "I am unable to create a file in this folder. Please check your access rights to this location ...."
I have cleared cache and up'd my history levels. I checked to make sure the files were not locked and read/write was enabled. I am not sure why this error keeps occurring. I am using Adobe Photoshop CC 2014 (2014.2.2 release) with Adobe Bridge CC (6.1.0.115)

It's an endless circle.
See if these instructions help: iTunes repeatedly prompts to authorize computer to play iTunes Store purchases

Messages on Holding at Message Monitoring under Runtime Workbench

Hello Colleagues,
we have currently the problem that a lot of messages for some interfaces are in status Holding under Message Monitoring at Runtime Workbench for PI 7.1.
I'm not able to resend the messages with status Holding as well as change status to cancel.
Quality of Service for the Interfaces are Exactly Once in Order.
I assume an error message blocks the queue and due to the fact we have Exactly Once in Order configured all following messages be in status Holding.
Is my assumption right?
But, I am not abel to find any messages in status error with blocks the queue!
How can I solve that issue?
Many thanks in advance!
Jochen

I assume an error message blocks the queue and due to the fact we have Exactly Once in Order
configured all following messages be in status Holding.
AE should have least number of EOIO messages at a given instance...otherwise Holding is what you get.....and holding is common with EOIO....so see if you can chagne the QoS of some messages to EO
But, I am not abel to find any messages in status error with blocks the queue!
Never you will get an error in SXMB_MONI....or the queue blocked....
When your message goes out of IE...the corresposding message entry is marked with chequered flag...observe in MONI you will see this....however in AE the message can fail if not able to send to the target system....
For some more understanding refer my answer in this thread:
Re: Restarting Error's in SXMB_MONI
Regards,
Abhishek.

SP 2010 - Getting "An unexpected error has occurred. " message when accessing Sharepoint site after windows update - Windows 7 Home Premium

Hi,
I am new to SP 2010. I have installed Share point 2010 server (trial version) on my Windows 7 Home Premium Laptop by following the below link.
http://msdn.microsoft.com/en-us/library/ee554869%28office.14%29.aspx
Everything went fine and was able to see the new sharepoint site after completing configuration wizard. SP2010 Central Admin also worked fine.
However, after windows update, sharepoint site is not working. I was able to see the site working for more than a day before windows update. SP2010 Central Admin is still working. Executed "PSCONFIG" after
update but still no good.
I saw a warning "The Security Token Service is not available" in Central Admin and did some research to fix the issue but nothing worked.
Hotfix
I believe I have all hotfixes mentioned in the forums. Here is the list.
Windows6.1-KB976462-v2-x64
Windows6.1-KB982307-x64
Synchronization
Windows6.1-KB974405-x64
MSChart
SQLSERVER2008_ASADOMD10
381569_intl_x64_zip
Windows6.1-KB976462-v2-x64
Event Viewer
I can see following log in Event Viewer when accessing site home page.
Event ID: 8306
Task Category: Claims Authentication
Level: Error
Website response
http://localhost:32843/ - "HTTP Error 503. The service is unavailable."
http://localhost:32843/Topology/Topology.svc - Works fine
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc - Returns following error. I am unable to see windows authentication in both Windows Features (under IIS -> WWW services -> Security) and IIS website (SharePoint Web Services
-> IIS -> Authentication).
HTTP Error 500.0 - Internal Server Error
Module "WindowsAuthenticationModule" could not be found
I even tried to uninstall Sharepoint and re-install the same. It worked even second time until it went thro' windows update. App pools are running and Websites are up and running in IIS.
Can anyone please help me to fix this issue?
Thanks

Hi Henrik,
Here is the log info.
<EventID>8306</EventID>
<Version>14</Version>
<Level>2</Level>
<Task>47</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<Execution ProcessID="8436" ThreadID="8812" />
<Channel>Application</Channel>
<Security UserID="S-1-5-20" />
The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (application/soap+msbin1). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024
bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 7.5 Detailed Error - 500.0 - Internal
Server Error</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;background:#CBE1EF;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;}
pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 40px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px
4px 10px;margin:0 0 0 -12px;} legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-top:0px; border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px solid #969696; border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;f'.
I would like to let you know that I am getting following message when accessing the below link. I am unable to see windows authentication in both Windows Features (under IIS -> WWW services -> Security)
and IIS website (SharePoint Web Services -> IIS -> Authentication).
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc
HTTP Error 500.0 - Internal Server Error
Module "WindowsAuthenticationModule" could not be found
Regards

Oracle access manager: "You do not have sufficient access rights."

Hi gurus,
I'm doing self training on OAM, following an exercise I installed OAM and
created a couple of Master Admins.
Everything seams to work except the fact that this admins are not allowed
to create users/orgs/groups and get the message "You do not have sufficient access rights".
I may have missed something during the setup, however the question is: how can I recover this situation? How I can give more privileges to those admins?
I tried to create a policy in directory server, without success.
Please, help.
Thank you very much.

You will need to create a create user Workflow.
Out of the box OAM does not know which attibutes to create for your user.
Use the quickstart tool as follows
http://download-west.oracle.com/docs/cd/B28196_01/idmanage.1014/b25343/workflow.htm#sthref961

Setting Item level access rights on sharepoint list item in ItemAdding event handler

Hi ,
I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
public override void ItemAdding(SPItemEventProperties properties)
base.ItemAdding(properties);
ConfigureItemSecurity(properties);
private void ConfigureItemSecurity(SPItemEventProperties properties)
var item=properties.ListItem;
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite site = new SPSite(properties.SiteId))
using (SPWeb oWeb = site.OpenWeb())
item.ParentList.BreakRoleInheritance(true);
oWeb.AllowUnsafeUpdates = true;
var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
SPUserCollection users = oWeb.Users;
SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
item.BreakRoleInheritance(true);
item.RoleAssignments.Add(groupRoleAssignment);
foreach (SPFieldUserValue staffMember in hm)
SetRightsOnItem(item, staffMember, editRole);
foreach (SPFieldUserValue staffMember in pm)
SetRightsOnItem(item, staffMember, guestRole);
foreach (SPFieldUserValue staffMember in pmChiefs)
SetRightsOnItem(item, staffMember, guestRole);
item.Update();
private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
SPUser employeeUser = staffMember.User;
var userRoleAssignment = new SPRoleAssignment(employeeUser);
userRoleAssignment.RoleDefinitionBindings.Add(role);
item.RoleAssignments.Add(userRoleAssignment);
Nothing is happening though... Is the event handler the right place to do this?
thank you

Hi ,
You can refer to the code working in my environment:
using System;
using System.Security.Permissions;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Utilities;
using Microsoft.SharePoint.Workflow;
namespace ItemLevelSecurity.ItemSecurity
/// <summary>
/// List Item Events
/// </summary>
public class ItemSecurity : SPItemEventReceiver
/// <summary>
/// An item was added.
/// </summary>
public override void ItemAdded(SPItemEventProperties properties)
SPSecurity.RunWithElevatedPrivileges(delegate()
try
using (SPSite oSPSite = new SPSite(properties.SiteId))
using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
//get the list item that was created
SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
//get the author user who created the item
SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
SPUser oAuthor = valAuthor.User;
//assign read permission to item author
AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
//update the item
item.Update();
base.ItemAdded(properties);
catch (Exception ex)
properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
properties.Cancel = true;
public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
if (!item.HasUniqueRoleAssignments)
item.BreakRoleInheritance(false, true);
SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
item.RoleAssignments.Add(roleAssignment);
Thanks,
Eric
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected].
Eric Tao
TechNet Community Support

Message Monitor - Access rights

Similar Messages

Maybe you are looking for