Missing security classes

Hi all,
I have updated Security Class dimension via EPMA (added but also removed some classes). Deploy was successful and the application is in sync with EPMA.
When I wanted to update security class access via HSS, I couldn't find new classes and old ones (which I removed via EPMA) were still there.
How is that possible? I don't see any problem in interconnection between HFM and HSS but this seems that security classes haven't been refreshed in HSS.
Could anyone help me with this please?
BR
Vladino
EDIT
I can see newly added classes but I can see also old ones. This is really weird... I have duplicated the application, cleared all data and metadata but old classes are still there. :-/
Edited by: Vladino on Jul 11, 2011 1:49 PM

Solved.
The issue was because of migrating the old application into new one with different security classes. After clean deploy everything was fine but the migration (using command-line utility) replaced security settings with that coming from the old application.
Vladino

Similar Messages

  • Destination Service API - missing indirect class reference

    I'm trying to use the destination service api as described in the <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/17/d609b48ea5f748b47c0f32be265935/content.htm">documentation</a>, but Eclipse can't compile the code due to an indirectly referenced class called com.sap.security.core.server.util0.IDEException.
    References to com.sap.exception, security.class and tc/sec/destination/interface have already been set. According to the documentation, there should also be a reference to tc/sec/destination/service, but I don't have such an option in the context menu "Add Additional Libraries".
    So, where do I find the missing IDEException?
    Best regards,
    Frank

    The class com.sap.security.core.server.util0.IDEException is in library com.sap.exception. That's correct. Don't worry about that.
    You have to add those 3 additional libraries to your EJB Project with the right-click over project option:
    security.class
    tc/sec/destination/interface
    com.sap.exception.
    You have to add 4 references in your application-j2ee-engine.xml: : 3 to those 3 libraries and another one to the service, which doesn't appear in the popup list. Type it manually. The correct name is "tcsecdestination~service" (not /), and reference target type is "service".
    If this doesn't work, you can add to the 'java build path' of your EJB Project the libraries:
    tc_sec_destinations_interface.jar
    tc_sec_destinations_service.jar
    ... you can find them into the path of your server:
    /usr/sap/<SID>/JC00/j2ee/cluster/server0/bin/interfaces
    /usr/sap/<SID>/JC00/j2ee/cluster/server0/bin/service
    (some people has had problem with correct versions)
    If you are using DCs, you have to add those 3 libraries as Used DCs in your EJB Project. And set the 4 references in application-j2ee-engine.xml
    Hope this helps you. Don't forget the reward points
    Best regards.

  • Facetime Missing Security Update

    So me and most of my friends have iPhone 4's. we have been placing facetime calls all the time. i got curious about facetime for mac and decided to try it out. Everytime I try to install it, it says missing Security Update 2010-005. I've downloaded this and tried to install it over and over. It goes thru installation and restarts like it should. Tried to install facetime again after and it still says that its missing the security patch. Idk what to do to fix it. i've even installed other updates, 2010-006 and 2010-007 but with no prevail. Any suggestions?!

    I have OSX version 10.5.8, which is below the minimum required for the facetime software.
    I did 'software update' yet it never shows any software update available.
    Do i have to manually do the software update for my mac? or should it be automatic. If it should be automatic what have i done wrong? All the settings i can see say that it is automatic. And besides - shouldnt the update for 10.6.5 be showing (or anything more advanced than 10.5.8) in the software update section?!

  • Trying to Print - Receiving "Missing USB Class Driver" Error

    Since I upgraded from Tiger to Leopard, I have not been able to print. I have a Lexmark X5470. At first, any application that attempted to print simply crashed. Then, I removed the Lexmark folder from /Library/Printers, and did a custom install of just the Lexmark printer software from my Leopard DVD. Now the applications no longer crash, but I am getting this error:
    /usr/libexec/cups/backend/usb failed
    Missing USB class driver.
    Does anyone know what this is? I have deleted the printer and re-added it, restarted the computer, disconnected the printer, etc...everything I could possibly think of.
    Thanks!
    (And Lexmark did tell me that they have no plans for making their software for this printer compatible with Leopard, so I need to get it working without their help.)

    There are several posts here on the Lexmark x5470. One that mentions your specific problem is here:
    http://discussions.apple.com/thread.jspa?messageID=5674001&#5674001
    Other have had success using the Lexmark drivers and then disabling or deleting a plugin. There are several threads on this.
    Hope this helps.
    Message was edited by: John Blanchard1

  • OWSM SAML Verify step problem: Missing Security Header in SOAP message

    I'm having a problem with SAML steps. From gateway log:
    2008-09-17 13:21:32,987 INFO [HTTPThreadGroup-58] saml.InsertSAMLSVStep - User attributes map set to generate the attribute assertions: null
    2008-09-17 13:21:33,034 INFO [HTTPThreadGroup-60] saml.SAMLProcessor - Assertion Major Version :1 , Minor Version :1
    2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.SAMLProcessor - SAML Assertion verification error: An invalid token was provided
    2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.VerifySAMLStep - SAML Token verification failed:
    2008-09-17 13:21:33,096 SEVERE [HTTPThreadGroup-58] wssecurity.OSDTWSSecurity - Missing Security Header in SOAP message
    2008-09-17 13:21:33,096 WARNING [HTTPThreadGroup-58] wssecurity.SecurityBaseStep - Failure while applying XML Security
    FAULT CODE: InvalidSecurity FAULT MESSAGE: Missing WS Security header in the SOAP message
    at com.cfluent.policysteps.security.wssecurity.OSDTWSSecurity.decryptVerify(OSDTWSSecurity.java:369)
    at com.cfluent.policysteps.security.wssecurity.DecryptStep.performXmlSecurity(DecryptStep.java:131)
    at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.execute(SecurityBaseStep.java:238)
    at com.cfluent.pipelineengine.container.DefaultPipeline.executeStep(DefaultPipeline.java:124)
    but the wsse:Security header with SAML assertion IS confirmed in the incoming message log. Anybody seen this issue?

    Below is the log of the incoming message just prior to the failing SAML Verify step:
    <?xml version="1.0" encoding="UTF-8" ?>
    - <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://exception.common.periop.gehc.com" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://www.patient.patientmanager.periop.gehc.com/service/" xmlns:ns3="http://entity.common.periop.gehc.com" xmlns:ns4="http://entity.patient.patientmanager.periop.gehc.com" xmlns:ns5="http://entity.allergy.patientmanager.periop.gehc.com" xmlns:ns6="http://pdo.domain.customizer.periop.gehc.com" xmlns:ns7="http://entity.cases.scheduler.periop.gehc.com" xmlns:ns8="http://entity.insurance.patientmanager.periop.gehc.com">
    - <env:Header>
    - <ns1:Security>
    - <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="158RBY2QvCFPiTqdXYWh9A22" IssueInstant="2008-09-17T19:58:43Z" Issuer="GE" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
    <saml:Conditions NotBefore="2008-09-17T19:58:13Z" NotOnOrAfter="2008-09-17T19:59:43Z" />
    - <saml:AuthenticationStatement AuthenticationInstant="2008-09-17T19:58:43Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
    - <saml:Subject>
    <saml:NameIdentifier NameQualifier="www.ge.com" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gowri</saml:NameIdentifier>
    - <saml:SubjectConfirmation>
    <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
    </saml:SubjectConfirmation>
    </saml:Subject>
    </saml:AuthenticationStatement>
    </saml:Assertion>
    </ns1:Security>
    </env:Header>
    - <env:Body>
    - <ns2:getPatient>
    <ns2:patientId>137115</ns2:patientId>
    </ns2:getPatient>
    </env:Body>
    </env:Envelope>

  • Shared Services Security Classes

    Hello,
    I wanted to know what the real value of having Security classes set up? I understand that having Security Classes on Shared Services is not mandatory. Under which circumstances should you use Security Classes and as I am involved in setting up Shared Services, I was wondering if I should use this option or not. We are currently in the development phase of HFM and Planning.
    If anyone can shed light on this issue, it would be greatly appreciated. Thank you.
    -- A

    Hey guys,
    I really appreciate the response.
    The fact that Security Class may be assigned at the Entity level does ring bells. We do want to ensure that certain entities can only see their own data and not others.
    I believe I will use Security class at the entity level for our company.
    Can you give me some examples of assigning Security classes for HFM?
    Wintee's suggestion of assign - ready only and stuff like that is okay but seems a bit generic. Thank you very much for your suggestion though Wintee.
    I also wanted to know the exact difference between an administrator, delegated administrator, application administrator. Who assigns who?
    If you had to make a hierarchy of users for Shared Services, what would it be: Admin, Delegated Admin, App. Admin, Provisioning Mgr, Directory Mgr? Who comes at the top? Thanks so much for your help so far guys...much appreciated.
    -- A

  • Securing class files

    Hello,
    I read all these topics about securing class-files,
    and about encryptors and stuff like that
    so I tought this could be possible :
    I've made an application and you can run it by using an exe-file.
    In the same directory you find the class-files.
    Now I archived the class files with winrar, and set a password on it.
    I tried to use the exe-file to run the application, but it can't.
    Obvisiously, it can't find the mainclass.
    So I was wondering if there is a way to make clear to the exe -file, that the main class is in that zip-file, and that you need <this password> to get in to the zip-file.
    I think it's possible, but I don' know how to do it.
    I thought Google would know it, but he don't.
    ...

    The collision wasn't "stumbled" across it was found
    because the researchers
    found a way (from your link) to "reduce the search
    space".I didn't say "the collision was "stumbled" across"...
    >
    This means that, under certain circumstances, inputs
    producing the same hash
    can be found for other inputs + hashes.That is what I said...
    >
    Did you have a look at the PDF ?
    http://eprint.iacr.org/2004/199.pdf
    This doesn't damage the use of MD% for verifyingthat
    file contents are unchanged, so to OP - go aheadand
    use it.Well, it does because it means that there is the
    potential for another
    file that is not the same to return the same
    sum - hence the program
    won't realise the difference.And the situation is no worse now that before the duplication was found. Any encryption/hashing routine can create duplicate hashes - because none of them have an infinitely large numberspace.

  • Can applet load own security class, class loader

    i tried this own security class extends SecurityManager class but exception thrown as applet cannot initate new security manager class.
    i have done throw policy file entry to allow applet to write file in client machine.
    i feel this extra burden novice user...
    what is alternative way....
    plz..

    An applet should never be allowed to install its own security manager. That is why it is burdensome.

  • To show missing Evaluation Classes under SPRO screen

    Hi,
    I'm trying to view wagetype charecteristics/values via SPRO --> ..... --> Wage Types -> Processing Classes, Evaluation Classes, Cumulations -> Check user wage types
    I noticed that few Evaluation Classes were not shown. I can see these Evaluation Classes via SM30, table
    V_512W_O or via SE38, report RPDLGA40.
    How can I display these missing Evaluation Classes via my SPRO screen?  Thanks.
    Regards

    Hello
    See if this is of some use - program RPDLGA20 run it as a tree structure, then you can expand the evaluation class node.
    Cheers
    Rona

  • Hierarchy in Security Class

    Hi experts,
    Can we create hierarchies in security class dimension? If yes, can you please let me know how to achieve this in CLASSIC? Any documentation on this would be extremely useful.
    Regards,
    Sounak

    Security classes are never hierarchical in HFM, not in Classic nor in EPMA mode. Each class is independent of the other, and they can only be displayed in a flat list.
    There are times we need to review the metadata in hierarchical format along with the assigned classes. For this you can use the HFMUtilities from Oracle. The following is from OTN:
    Up to v9.3.1 HFMUtilities Utility is placed under ~:\Hyperion\FinancialManagement\Consultant Utilities folder which was shipped along with the product.
    From v11.1.x HFMUtilities Utility is not shipped along with product bundle. The latest release of HFMUtilities Utility can be accessed via Oracle Technology Network at http://www.oracle.com/technology/products/bi/files/hfmutilities.zip. Latest utility can be used with all Hyperion Financial Management versions.
    Note: This is a third part utility developed and maintained by Accelatis. Suggestion and queries related to HFMUtilities utility should be send to Jonathan Berry at [email protected] or [email protected].
    --Chris                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • Provisioning, security classes etc.

    Hi there,
    I have several questions about setting up security in HFM application.
    1. Provisioning
    We have sevaral users that can be divided into two general groups - end users and consolidation users.
    General users should use only project view with task lists. They shouldn't create any new grids or forms, only existing. And they should use export/import feature from forms.
    Consolidation users should have access to almost all features.
    What privileges should be each group provisioned in HSS?
    2. Security classes
    We have prepared entity dimension splitted into several hierarchies. Basic one is geographical, another are functional and entities are shared in these hierarchies. Let's say that we have SK region with SK entities (SK01, SK02...). I know that we should create security class for each entity to grant users access only to their own entity. But I'm not sure how to do that...
    I have created two security classes - SK01 and SK02 - and associated them to appropriate entities. Then I have selected security for entities in app settings and selected "Entity" option in security node.
    In shared services I have selected "All" for security class SK01 and "metadata" for security class SK02 (for my account for testing purposes only). But nothing happened - I'm still able to write to both entities.
    The question is if there is any connection between security class settings and provisioned roles. I mean if this is because I'm provisioned with all rights in application (meaning "Application Administrator" in HSS).
    Can anydoby help me with this please?
    Thanks,
    Vlado

    In shared services, go to help and search for Financial Management Roles. This will bring you to a nice table of all available roles for HFM. Use this to determine who gets what. To limit users to Tasklists, be sure to not provision them to Advanced User.
    Make sure you are very specific with those consolidation users. Many roles should be Admin only. The way I figured them out was to create fake users in Native Directory (one for each type of user) and provision a role at a time and test the functionality.
    The above test will help with Security Classes as well. Your guess was correct, Administrator role overrides all security classes. You may not need a class per entity, just a class per group of entities that distinct set of people will need. You will also need classes applied to Parent entities that may or not be shared among your hierarchies. In your example this could be SK or it could be SK01 if that works. Try to keep the total number of classes down. You might end up assigning a unique combination of classes to each person in the system and that would be very difficult to maintain. Remember to assign the same access to the Default class as the highest access the user has. If in doubt, just grant All for the Default class. Default is assigned to all items in metadata unless you specify otherwise. For example, all accounts will have Default security and if a user only has Read, they will not be able to create a journal entry.
    Here is how the class access works:
    None - user cannot view or edit data
    Read - user can view data
    All - user can view and edit data
    Metadata - I have not used this one.

  • Security Classes in HSV_SECACCESS table showing wrong OU

    We moved some users from one OU to another in Active Directory. I then ran the updatenativedir utility.
    However, when I provision the user with security classes for HFM in shared services, the records in the hsv_appname_secaccess table are still showing under the old OU. This will cause problems when the user tries to login and work.
    Do I have to restart openLDAP and Shared Services to make these changes effective?
    Thanks
    Wags
    version 9.2.1

    long term you should speak to Oracle Consulting about migrating your Identity Attribute in your External Authentication provider from whatever it is currently to one that is location agnostic such as ObjectGUID. It is quite trivial to migrate from DN to ObjectGUID for the HFM product, but it may more complex for other products in the System 9 suite. From 9.2.0.3, 9.2.1, or all 9.3.1 versions Shared Services was enhanced to allow the use of ObjectGUID and then it does not matter when user or groups are moved around in the external provider (no more need for the UpdateNativeDir utility!)... this is the better solution.
    having said that, you should check in Shared Services if this user who is getting assigned the security class access doesn't exist more than once in the Security Class matrix... probably you are still assigning security to his "old" ID, and need to be applying the security onto his new ID. If he really does only exist once, still with the wrong OU, after you have run the UpdateNativeDir utility, I would recommend a Support request.

  • Is there a way to delete a security class?

    I have added an incorrect security class in shared services.
    Does anyone know how I can delete it?
    Thanks!

    In Shared Services when looking at or setting up security, there is a small trash can icon which can be used to delete a class. It's just to the right of "available classes" and just above the scrollbar.

  • Missing Security Patches

    1) Are there any useful facilities for admins or auditors to idenitfy misisng security patches associated with oracle EBS and supporting infrastructure? I know there are websoites saying which patches are out there but I could do with some sort of "this is what you are missing" type reports.
    2) Do Oracle have any useful whitepapers on best practice patch management for EBS, i.e. how to test, steps for restore if its affects anything etc.

    Hussein Sawwan wrote:
    release 12 EBS, 11g Oracle.The release does not matter here.
    Do any of the links you provide produce a missing patches report that would be easy to read for management/non EBS adminsYes.
    Patch Wizard FAQ [ID 976688.1]
    New Required Patches for Patch Wizard, Patch Manager, and Oracle Application Change Management Pack for Oracle E-Business Suite Releases 11i, 12.0, and 12.1 [ID 1267768.1]
    Patch Wizard Overview Videos [ID 1210479.1]
    Patch Wizard : Overview [ID 1077813.1]
    Diagnostics Toolbox: Recommended Patch List and Patch Wizard [ID 1196135.1]
    Oracle Applications Patching Procedures
    http://download.oracle.com/docs/cd/B53825_03/current/acrobat/121adpp.pdf
    http://forums.oracle.com/forums/search.jspa?threadID=&q=Patch+AND+Wizard&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
    http://search.oracle.com/search/search?search_p_main_operator=all&group=Blogs&oq=Patch+Wizard&x=0&y=0&q=Patch+Wizard+weblog%3A%3DstevenChan+site%3Ablogs.oracle.com
    Thanks,
    HusseinThanks Hussein,
    I am going to read through those links, but could you do me a bit of a cheat sheet on how to get a report on all missing security patches for our EBS and supporting infrastructure, and what it will look like. I.e. a basic 1-5 steps on where to get this report.

  • Missing Secure Flag & HttpOnly Flag From SSL Cookie - OWA

    Hello, I'm a bit stuck on this issue for a few days and hoping to get some help on this...
    We are running Exchange 2010 /w SP1 Rollup 6. Server is running great and OWA is on 443. We have two servers for Exchange. One if running the Transport and Mailbox, and the other is CAS. We use IBM for firewall / IDS and we run scheduled penatration tests.
    We came back with two vulnerabilities:
    1) Missing HttpOnly Flag From Cookie
    2) Missing Secure Flag From SSL Cookie
    Their solution is to:
    Add the HttpOnly to all cookies and Add the Secure flag to cookies sent over SSL
    I tried adding this line and playing with the boolean with no luck:
    <httpCookies httpOnlyCookies="false" requireSSL="true" domain="" />
    I set this in the web.config under Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa
    If I turn httpOnlyCookies="true" it will break OWA
    Any help would be appreicated ! Thanks :)
    Will

    Hi,
    We do not set the cookies to HttpOnly because we require access to certain of these cookies from scripts. 
    So we cannot change this, but we take care to use best practices and safe guards within our code to protect against cross site scripting attacks. 
    So it is by design.
    Xiu Zhang
    TechNet Community Support

Maybe you are looking for

  • OS 3.1 install nuked my iPhone data! How can I recover it? Help!

    I have an original 2G iPhone. This week, I updated my MacBook Pro (previous generation, OS 10.5.8) to iTunes 9, and installed the iPhone OS 3.1. Before doing so, I made sure to back up all the apps, music and media and all data on my iPhone. When I i

  • T420 Not recognizing keyboard before OS loads

    The T420 my company buys will not recognize an external keyboard while docked before the OS loads.  After the OS loads, there is no problem.  We us a disk encryption software that requires a username and password before it will load the OS and each t

  • Posting in PNPCE mode

    Hi all, We have 2 SAP R/3 systems. One system has Logical database PNPCE for the posting program RPCIPE00. The other system has PNP as its logical database. This is because HR patch levels are different. I observed the following behaviour in the deve

  • Static initializer error

    hi guys, can anyone explain what might cause the following error? i have the following classes class BonesPlayLevel { // execution reaches here ObjFigure.initJointedModel(); class ObjFigure { public static void initJointedModel() { // execution does

  • Slow broadband problem

    Hello, My broadband is running very slow it should be about 7+mb but appears to be running at 0.25 to 1mb. assuming wired connection. This has been happening since Tuesday and no mention of linework anywhere. Please advise thanks stats - download spe