Problem with revoke role

Similar Messages

• CUA problem with composite role

  Hello experts, I have a problem with a composite role in my CUA parent system. If you look at the roles tab you will see one of the child roles has a name of child CUA system in the 'target sys' column. the rest all have 'user system'. Can anyone explain how this 'target sys' column is defined?
  Thanks
  Dave Wood

  I do not know if you have solved this issue, but the target system is defined within your single role on you menu tab.
  No what happens is that in transaction SM30 table SSM_RFC you define system variable linked to your logical system.
  This variable determines that when you import roles from another system by means of transaction PFCG > Read from other system from RFC and you select your variable the system will automatically default in the target system field the system it is suppose to go back to.
  So this way when you distibute the roles it will only go back to that particular target system, and you do not need to specify and guess where the role came from.
  Try removing that table entry in SM30 SSM_RFC and see if that way you will be able to remove the target system from the role.
  However it is not a bad thing to have activated. If you are working with position base authorizations and you have more than 1 system, you define 1 composite role for all the roles, for all the systems and you will be able to see where the composite resides by means of the target value.
  Hope this makes sense.
  Regards
  Sonja

• Problem with Security Role mapping and LDAP

  Hi,
  In Oracle Internet Directory I've created a group called OIDGroup1.OIdGroup1 has 2 users : OIDuser1 and OIDuser2.
  OIDGroup1 is mapped to EjbRole1 (is a security role defined in ejb-jar.xml, EjbRole1 can do everything in the application).Now if I login as OIDuser1 or OIDuser2, application said that the user does not
  have authorization to execute some method. The mapping in my orion-application.xml is :
  <security-role-mapping name="EjbRole1">
  <group name="admin/OIDGroup1"/>
  </security-role-mapping>
  <jazn provider="LDAP" location="ldap://myhost:4032"><jazn-web-app auth-method="SSO"/></jazn>
  if I modified orion-application.xml like this :
  <security-role-mapping name="EjbRole1">
  <group name="admin/OIDGroup1"/>
  <user name="admin/OIDuser1"/>
  </security-role-mapping>
  then login as OIDuser1, it works. But it does not work with OIDuser2.
  That's is a problem for me because our customer can not manage the user/group
  easily : each time they have a a new user, instead of simply adding this user
  in the OIDGroup1 (with graphic interface of OIDAS), they have to modify
  orion-application.xml.
  Do you have any idea ?
  Thanks in advance
  regards

  I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

• Problem with revoking accounts on deprovisioned Date

  Hello,
  I am setting the De-provisioning date for a user manually from UI to the current date(tried with yesterday's date too). After I submit, I ran the "Set User Deprovisioned Date" Job. It has updated the user deprovisioned date field, but the user's accounts are still in "Provisioned" status.
  Is there any other job that needs to be executed after this to revoke the accounts? or "Set User Deprovisioned Date" Job will revokes the account also along with setting the deprovisioned date.(which somehow is no happening in my case.)
  Thanks
  sjit

  You haven't mentioned the version but for 11.1.1.5 you can get it here:
  http://docs.oracle.com/cd/E21764_01/doc.1111/e14308/scheduler.htm#BABECJFD
  Also the jar would be OIMServer.jar or xlScheduler.jar
  -Bikash

• ERM - Problem with Mass Role Import on GRC 5.3 SP9

  We have just upgraded to SP9 on GRC 5.3.  I am trying to reimport all my roles in ERM since the format has changed and we need most of this new information.
  When I run /VIRSA/RE_DNLDROLES this program now outputs 3 files.  Can someone tell me what format the 3 files shoudl be in?  Should it be EXCEL or TXT?  Should they have Header records or not?  Should they be ANSI or UNICODE?
  I am having no luck importing the files and I have tried just about every combination.  I get the following error every time:
  "Enter a valid Enterprise Role Management Information File format"
  Thanks so much for your input.
  Peggy

  The information is actually in the updated configuration guide:
  - mass download is a text file
  - role information is Excel
  - org level is Excel
  All files can stay as they are. The org level export makes uploading derived roles easier.
  However, as you discovered, there seems to be an issue with the import. Here's a workaround: at the right side of the sheet, add an extra column with 1 character in every line, and also add another row at the end. Save, and the roles will upload just fine.
  Frank.

• Problem with security role

  Hello,
  I have Enterpise Portal 7.0 SP13 instance (only Java stack installed). My enviroment is AIX 5.3 and Oracle 10.
  This instance has a lot of security alerts in the default trace log, like this:
  #1.5^H#C2B30000C03D006400000039000A9084000443246AFD6467#1199723599717#com.sap.engine.services.security.roles.SecurityRoleImpl##com.sap.engine.services.security.roles.SecurityRoleImpl#j2ee_admin#1208####41667d10bd3e11dccc51c2b30000c03d#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/System/Security/Audit/J2EE#Java###:Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#guests#
  Anyone knows what is it?
  Regards
  Rodrigo

  I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

• Weird problem with role assignment in Portal

  Hi,
  In our newly installed Portal for eRecruitment Production System we encounter a weird problem with assigning roles to users.
  When I open User Administration and search for roles, it displays the Portal roles perfectly.
  However, when I search for a user in User Administration and click on it when found, I am unable to find any roles to assign! So I am unable to find any roles, when I want to modify the assigned roles for a particular user, while the roles do exist and can be found on its own. How is this possible? Am I missing something here?
  We have installed SPS 15 and use ABAP as user store. We have used reverse proxy and web dispatchers in this case.
  Thanks in advance and best regards,
  Jan Laros

  Found some entries in the default trace from this morning:
  #1.#005056A15F78006A000004F400006D310004520B11DB3CE8#1216107404407#com.sap.security.core.jmx.impl.CompanyPrincipalFactory#sap.com/tc~wd~dispwda#com.sap.security.core.jmx.impl.CompanyPrincipalFactory.static Set evaluateDatasourcesToSearchFor(String[] requestDatasourceIds,     String privateType, Locale locale)#JALAROS#58762##nun.efteling.nl_POP_9750151#JALAROS#581700b0524011ddc029005056a15f78#SAPEngine_Application_Thread[impl:3]_36##0#0#Error##Java###Error while connecting to remote producer {0}
  [EXCEPTION]
  {1}#2#PRODUCER_0KTHQ3YTJV#com.sap.security.core.persistence.remote.CommunicationException: Cannot display remote roles of selected producer. The producer has removed your consumer instance from their portal.
          at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.sendToRemote(RemoteProducerAccessImpl.java:497)
          at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.checkConnectivity(RemoteProducerAccessImpl.java:220)
          at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.evaluateDatasourcesToSearchFor(CompanyPrincipalFactory.java:656)
          at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.simplePrincipalSearchByDatasources(CompanyPrincipalFactory.java:3172)
          at com.sap.security.core.jmx.impl.JmxSearchHelper.getSimpleEntitySearchResult(JmxSearchHelper.java:74)
          at com.sap.security.core.jmx.impl.JmxSearchHelper.calculateSimpleEntityTable(JmxSearchHelper.java:1182)
          at com.sap.security.core.jmx.impl.JmxServer.calculateSimpleEntityTableByDatasources(JmxServer.java:1061)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
          at javax.management.StandardMBean.invoke(StandardMBean.java:286)
          at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
          at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
          at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
          at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
          at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
          at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
          at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
          at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
          at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776)
          at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
          at com.sap.security.core.jmx._gen.IJmxServer$Impl.calculateSimpleEntityTableByDatasources(IJmxServer.java:717)
          at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.calculateSimpleEntityTable(JmxModelCompInterface.java:396)
          at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:443)
          at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:746)
          at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getSimpleEntityTable(UmeUiFactoryCompInterface.java:471)
          at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:517)
          at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:894)
          at com.sap.security.core.wd.relaterole.RelateRoleComp.searchNewRoles(RelateRoleComp.java:259)
          at com.sap.security.core.wd.relaterole.wdp.InternalRelateRoleComp.searchNewRoles(InternalRelateRoleComp.java:282)
          at com.sap.security.core.wd.relaterole.AssignParentRolesView.onActionSearchNewRoles(AssignParentRolesView.java:215)
          at com.sap.security.core.wd.relaterole.wdp.InternalAssignParentRolesView.wdInvokeEventHandler(InternalAssignParentRolesView.java:261)
          at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
          at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
          at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
          at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
          at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
          at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
          at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
          at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
          at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
          at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
          at com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:77)
          at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1257)
          at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325)
          at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:826)
          at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
          at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
          at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
          at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
          at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
          at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
          at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
          at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
          at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
          at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
          at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
          at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
          at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
          at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(AccessController.java:180)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  #1.#005056A15F780060000004FD00006D310004520C6A35F87C#1216113181849#com.sap.engine.services.security.roles.SecurityRoleReference##com.sap.engine.services.security.roles.SecurityRoleReference#J2EE_GUEST#0####399cb180524e11dd9849005056a15f78#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Security/Audit/J2EE#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}] referencing J2EE security role [{3} : {4}].#5#ACCESS.ERROR#service.naming#jndi_all_operations#SAP-J2EE-Engine#administrators#
  #1.#005056A15F78005C00000C0500006D310004520C6A394185#1216113181992#com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl##com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl#J2EE_GUEST#0####39aa6d20524e11ddaee2005056a15f78#SAPEngine_Application_Thread[impl:3]_29##0#0#Error#1#/System/Server#Java###Runtime exception occurred while processing external JMX request [ JMX request (java) v1.0 len: 150 |  src: 2 target-node: 9750150 req: getAttribute params-number: 2 params-bytes: 0 |  ]
  [EXCEPTION]
  {0}#1#com.sap.engine.services.jmx.exception.JmxSecurityException: Caller J2EE_GUEST not authorized, only role administrators is allowed to access JMX
          at com.sap.engine.services.jmx.EngineAuthorization.checkMBeanPermission(EngineAuthorization.java:88)
          at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:77)
          at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:98)
          at com.sap.engine.services.jmx.MessageClientSecurityWrapper.checkPermissions(MessageClientSecurityWrapper.java:76)
          at com.sap.engine.services.jmx.MessageClientSecurityWrapper.invokeMbs(MessageClientSecurityWrapper.java:38)
          at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:196)
          at com.sap.engine.services.jmx.ClusterInterceptor.getAttribute(ClusterInterceptor.java:512)
          at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:84)
          at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
          at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
          at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:313)
          at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:199)
          at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
          at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
          at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
          at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
          at java.security.AccessController.doPrivileged(AccessController.java:180)
          at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
          at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

• SYSDBA - problem with viewing other users package body texts on sys account

  Hi,
  SQL Dev 1.0.0.15.27 has problem with correct display of other users package body texts on sys account. All bodies have "create or replace" text instead of all pck. bodies text.
  I guest it's problem with SYSDBA role. On system account text is displayed correctly. Quest SQL Navigator 5.x has no problem with this. Any ideas ?
  Regards,
  MM

  Hi Everyone,
  Just so I can close the case on this issue, although I was successful in
  using CSS to resolve the issue, actually, the issue was not really
  resolved. There was (for me) still the problem of rollover images not
  working in IE, and if I were ever to get another good night's sleep, I
  would need to resolve it -- so I did. Recall me saying earlier about the
  sizes being brought in to the javascript code by Dreamweaver? The original
  issue with having the size of the small image in the code caused the code
  to see the larger image as small also! However, when I deleted those size
  attributes' numbers, I failed to delete the words "width" and "height"
  along with the double quotes following each. So, while the other browsers
  ignored these "blank" attributes within these double quotes, IE apparently
  didn't, reading these "blank" values as some very small value, thus
  displaying the image in the absolutely smallest size possible! Wow! When I
  removed these two blank attributes, my problem went away! Live and learn!
  So, to all who were desperately trying to assist me, please accept my
  deepest and most sincere apologies. All the while I was blaming IE, I was
  the guilty one!!! Shame on me, and thanks for the wonderful responses I
  received from the Dreamweaver forum team. I will go and stand in the corner
  for 8 hours with my dunce cap on...
  Joe Dardard

• Problem with Roles and Triggers

  I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
  I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
  However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
  To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
  -- Clean up...
  DROP TABLE TestUser.TrigTable;
  DROP TABLE TestUser2.TestTable;
  DROP ROLE TestRole;
  DROP TRIGGER TestUser.TestTrigger;
  DROP USER TestUser CASCADE;
  DROP USER TestUser2 CASCADE;
  -- Create Users...
  CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
  CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
  CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
  CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
  -- Grant Insert rights on TestTable to TestRole...
  CREATE ROLE TestRole NOT IDENTIFIED;
  GRANT INSERT ON TestUser2.TestTable TO TestRole;
  -- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
  GRANT TestRole TO TestUser;
  ALTER USER TestUser DEFAULT ROLE ALL;
  -- Now, create the trigger. This compiles unsuccessfully...
  CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
  BEGIN
  INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
  END;
  When I do a "SHOW ERRORS;" after this, I get:
  SQL> show errors;
  Errors for TRIGGER TESTUSER.TESTTRIGGER:
  LINE/COL ERROR
  2/3 PL/SQL: SQL Statement ignored
  2/25 PL/SQL: ORA-00942: table or view does not exist
  SQL>
  As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
  Thanks!
  Adrian

  Hi Raghu,
  If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
  The question is, why does the same INSERT fail when it's inside the trigger?

• Problem with roles in CRM 5.0 PC-UI

  Hi everybody!
  I have a problem with CRM 5.0 PC-UI.
  When I have user profile SAP_ALL, BSP's are showed correctly.
  When I'm using restricted profile (for example role 'Account manager'), for some BSP's I'm receiving this error:
  Exception Class CX_CRM_BSP_NOAUTH
  Error name
  Program name CL_CRM_BSP_FRAME_MAIN=========CP
  Include CL_CRM_BSP_FRAME_MAIN=========CM003
  ABAP Class CL_CRM_BSP_FRAME_MAIN
  Method DO_INIT
  Row 170
  Long Text --
  I've explored the role SAP_PCC_ACCOUNT_MANAGER in pfcg transaction, and realized:
  on tab 'Menu' in section 'Portal Roles'
  when I click on service: HS PC-UI PC-UI_CRMD_MKTSEG
  In section 'External Service'
  There are only '?????????' in the field 'Type of Ext. Service' instead of 'PC-UI'
  and strange chars in the field 'Service'.
  But for example service: HS PC-UI PC-UI_CRMM_CONTACT is OK, and I'm receiving BSP.
  I think, that something important is missing.
  Do you have any idea how to solve this problem?
  Thanks
  Radka

  I am not sure whether you resolveed this issue already..
  Under Portal Roles  you find PCUI external services which refers to auth objects in order to access PCUI application.
  Read thru the section "Tracing Authority Objects of Blueprint Applications" under PCUI cook book .
  Thanks,
  Thirumala.

• Problems with the installation of Oracle Role Manager

  Hello everyone;
  I have a problem with the deployment of Jboss 4.05GA; just can not load the Role Manager Administrative Console (http://localhost:8080/ormconsole)
  Probe load the Jboss and that if I load the console this APPSERVER (http://localhost:8080)
  Also probe load the Role Manager Web UI and I had no problems (http://localhost:8080/webui)
  Use the method of installation Install Software Only then can make the integration with the IOM.
  Any suggestions for solving this problem.
  Part of the Log:
  14:17:02,953 ERROR [URLDeploymentScanner] Incomplete Deployment listing:
  --- Incompletely deployed packages ---
  org.jboss.deployment.DeploymentInfo@40e1e159 { url=file:/C:/jboss-4.0.5.GA/serve
  r/default/deploy/server.ear }
  deployer: org.jboss.deployment.EARDeployer@873723
  status: Deployment FAILED reason: URL file:/C:/jboss-4.0.5.GA/server/default/t
  mp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deployment failed
  state: FAILED
  watch: file:/C:/jboss-4.0.5.GA/server/default/deploy/server.ear
  altDD: null
  lastDeployed: 1228418189671
  lastModified: 1228418186515
  mbeans:
  --- MBeans waiting for other MBeans ---
  ObjectName: jboss.web.deployment:war=ormconsole.war,id=-1206236729
  State: FAILED
  Reason: org.jboss.deployment.DeploymentException: URL file:/C:/jboss-4.0.5.GA/
  server/default/tmp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deploy
  ment failed
  --- MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM ---
  ObjectName: jboss.web.deployment:war=ormconsole.war,id=-1206236729
  State: FAILED
  Reason: org.jboss.deployment.DeploymentException: URL file:/C:/jboss-4.0.5.GA/
  server/default/tmp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deploy
  ment failed
  14:17:03,281 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0
  -8080
  14:17:03,718 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
  14:17:03,781 INFO [JkMain] Jk running ID=0 time=0/94 config=null
  14:17:04,015 INFO [Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Bran
  ch_4_0 date=200610162339)] Started in 1m:35s:859ms
  Thank you

  HI JLK,
  i think i have solved the problem. Try to install the Oracle Role Manager with the installer and select the "Install Software and Configure" and install the "Standard Model" to the Database. Don't deploy the standard.car file.
  I hope i could help you.
  Thomas

• Problem with switching tabs in top level navigation for Roles

  Hi,
  I've created two tabs (based on two roles) in the portal top level navigation menu. When clicking the first one it opens as it should. Then when clicking on the second tab it will not open, instead the first tab open up again, it sort of switches back automatically.These  two roles  are  basically consists of worksets and iviews(accessing to r/3).
  Does anyone have any expericene with this type of problem?
  please  suggest me
  Thanks
  Aravinda

  Hi Aravinda
  Please check this link
  Re: Problem with switching tabs in top level navigation
  Regards
  Geogi

• Problem with Role while Deprovisioning !

  I have assigned AD resource to a role and I have hard coded this role in waveset.roles field in my create form. I am able to create, update accounts in IDM and AD automatically from flatfileactivesync.
  Now I need to delete & deprovision an account in IDM and AD respectively. I have created a rule that catches the activesync.diffaction eq = delete. I have placed this rule in Delete Rule (optional) so that whenever an account is deleted from the flat file and diffaction=delete & feedop=delete, this rule should delete & deprovision this account.
  From the flatfile logs even i m seeing that both diffaction and feedop equals to delete and it seems the account is deprovisioned from the logs (without any errors in the logs). But in IDM the account still exists and also on AD.
  My problem is the account is not getting deprovisioned and deleted from IDM because it is attached with a role (AD resource assigned to that role) and i am having AD resource as "Excluded resource" column in the user account assignment tab [due to the role]
  What I am doing wrong ?? Can anybody through some light !!
  Thanks.

  dear pankaj,
  you can use the CATT utility(tcode SCAT) for altering the 100 roles.
  i presume that you have not used the catt utility before
  thats why i have detailed the procedure below.
  all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
  i hope you will find the my suggetion helpful.
  regards,
  sri srirangam

• Problem with role

  Hi all
  i m face a problem with pfcg i m ask u i have 100 role and i want to add one T-code all 100 role.can any idea to add T-code with out used manually one by one.
  Thanks&Regards
  Pankaj

  dear pankaj,
  you can use the CATT utility(tcode SCAT) for altering the 100 roles.
  i presume that you have not used the catt utility before
  thats why i have detailed the procedure below.
  all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
  i hope you will find the my suggetion helpful.
  regards,
  sri srirangam

• Problem with a calculated member browsing cube with a specific user role

  Good evening to all of you .
  I am not a newbie about SSAS nor an expert developer.
  I use SSAS 2008 R2 Standard Edition.
  I try to simplify my problem with a calculated measure.
  I have a CUBE with :
  [Measures].[Sales Amount]
  Dimension STORES - Dimension CUSTOMERS - Dimension DATE
  I have also 2 user roles :
  Direction Role can see all members of all dimensions.
  Customize Role  has a restriction about Dimension STORES ..it can see only a STORE of all (Suppose to have 100 stores).
  User that has a Customize Role, when browse cube in Excel , want to see for a specific CUSTOMER , Sales Amount of his own STORE but also the total Sales Amount of ALL STORES for that Customer...
  Is it possibile to do that ???
  Can you give any suggestion also using Adventure Works Cube ???
  I was able to create a calculated measure like that below.
  It does not work...It give the same result of Sales Amount
  It seems that Customize Role win Always about every kind of calculate measure i need to create..
  i.e  SUM([STORES].[STORES].[ALL STORES],[Measures].[Sales Amount])
  Thanks in advance.

  Hi maretix,
  According to your description, you have a customize role which limit the user can only see data about his own STORE. Now this user wants to see the total Sales Amount for his own STORES only. Right?
  In Analysis Services, when granting custom access to dimension data, it has a option "Enable Visual Total" in Advanced dimension security. By default, the
  VisualTotals property is disabled (set to False). This default setting maximizes performance because Analysis Services can quickly calculate the total of all cell values, instead of having to spend time selecting which
  cells values to calculate. So you always get same result which is the total for all STORES.
  In this scenario, please select this option. When you enable the VisualTotals property, your custom role can only view aggregated totals for dimension members to which the role has permission.
  Reference:
  Grant custom access to dimension data (Analysis Services)
  If you have any question, please feel free to ask.
  Best Regards,
  Simon Hou
  TechNet Community Support