Problems with roles in IDM 8?

I'm running a brand new install of IDM 8 on JBoss 4.2.2 GA, all steps are performed as configurator.
I create a new user.
I create a Business Role with a Required IT Role.
I assign the business Role to the user, both the Business Role and the IT Role stands as Pending Save.
I click Save. Both roles are in the Changes list.
But when I select the user and select roles, Only the Business role is assigned - The IT Role is still Pending Save. And the business role is listed as an IT Role.
Clicking Save again shows that roleInfos only contains the Business role. Save again shows the same changes as when first assigning the role. But the user still doesn't have the IT Role.
Has anyone seen this behavior?
Or even better: Can anyone give me a hint how to fix this problem?
Best regards
Stefan

Version 8.0 Patch 1 -- http://sunsolve.sun.com/show.do?target=patches/zp-NetworkInternet#identitymanager
Fixed a problem that caused Identity Manager running on JDK 1.6 to fail to assign roles assigned to a Business Role. A symptom of the problem included Identity Manager identifying a Business Role as an IT Role after the Business Role was assigned. This problem was limited to JDK 1.6. (ID-19086)

Similar Messages

  • Problem with Roles and Triggers

    I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
    I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
    However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
    To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
    -- Clean up...
    DROP TABLE TestUser.TrigTable;
    DROP TABLE TestUser2.TestTable;
    DROP ROLE TestRole;
    DROP TRIGGER TestUser.TestTrigger;
    DROP USER TestUser CASCADE;
    DROP USER TestUser2 CASCADE;
    -- Create Users...
    CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
    CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
    CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
    CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
    -- Grant Insert rights on TestTable to TestRole...
    CREATE ROLE TestRole NOT IDENTIFIED;
    GRANT INSERT ON TestUser2.TestTable TO TestRole;
    -- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
    GRANT TestRole TO TestUser;
    ALTER USER TestUser DEFAULT ROLE ALL;
    -- Now, create the trigger. This compiles unsuccessfully...
    CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
    BEGIN
    INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
    END;
    When I do a "SHOW ERRORS;" after this, I get:
    SQL> show errors;
    Errors for TRIGGER TESTUSER.TESTTRIGGER:
    LINE/COL ERROR
    2/3 PL/SQL: SQL Statement ignored
    2/25 PL/SQL: ORA-00942: table or view does not exist
    SQL>
    As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
    Thanks!
    Adrian

    Hi Raghu,
    If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
    The question is, why does the same INSERT fail when it's inside the trigger?

  • Problem with roles in CRM 5.0 PC-UI

    Hi everybody!
    I have a problem with CRM 5.0 PC-UI.
    When I have user profile SAP_ALL, BSP's are showed correctly.
    When I'm using restricted profile (for example role 'Account manager'), for some BSP's I'm receiving this error:
    Exception Class CX_CRM_BSP_NOAUTH
    Error name
    Program name CL_CRM_BSP_FRAME_MAIN=========CP
    Include CL_CRM_BSP_FRAME_MAIN=========CM003
    ABAP Class CL_CRM_BSP_FRAME_MAIN
    Method DO_INIT
    Row 170
    Long Text --
    I've explored the role SAP_PCC_ACCOUNT_MANAGER in pfcg transaction, and realized:
    on tab 'Menu' in section 'Portal Roles'
    when I click on service: HS PC-UI PC-UI_CRMD_MKTSEG
    In section 'External Service'
    There are only '?????????' in the field 'Type of Ext. Service' instead of 'PC-UI'
    and strange chars in the field 'Service'.
    But for example service: HS PC-UI PC-UI_CRMM_CONTACT is OK, and I'm receiving BSP.
    I think, that something important is missing.
    Do you have any idea how to solve this problem?
    Thanks
    Radka

    I am not sure whether you resolveed this issue already..
    Under Portal Roles  you find PCUI external services which refers to auth objects in order to access PCUI application.
    Read thru the section "Tracing Authority Objects of Blueprint Applications" under PCUI cook book .
    Thanks,
    Thirumala.

  • Weird problem with role assignment in Portal

    Hi,
    In our newly installed Portal for eRecruitment Production System we encounter a weird problem with assigning roles to users.
    When I open User Administration and search for roles, it displays the Portal roles perfectly.
    However, when I search for a user in User Administration and click on it when found, I am unable to find any roles to assign! So I am unable to find any roles, when I want to modify the assigned roles for a particular user, while the roles do exist and can be found on its own. How is this possible? Am I missing something here?
    We have installed SPS 15 and use ABAP as user store. We have used reverse proxy and web dispatchers in this case.
    Thanks in advance and best regards,
    Jan Laros

    Found some entries in the default trace from this morning:
    #1.#005056A15F78006A000004F400006D310004520B11DB3CE8#1216107404407#com.sap.security.core.jmx.impl.CompanyPrincipalFactory#sap.com/tc~wd~dispwda#com.sap.security.core.jmx.impl.CompanyPrincipalFactory.static Set evaluateDatasourcesToSearchFor(String[] requestDatasourceIds,     String privateType, Locale locale)#JALAROS#58762##nun.efteling.nl_POP_9750151#JALAROS#581700b0524011ddc029005056a15f78#SAPEngine_Application_Thread[impl:3]_36##0#0#Error##Java###Error while connecting to remote producer {0}
    [EXCEPTION]
    {1}#2#PRODUCER_0KTHQ3YTJV#com.sap.security.core.persistence.remote.CommunicationException: Cannot display remote roles of selected producer. The producer has removed your consumer instance from their portal.
            at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.sendToRemote(RemoteProducerAccessImpl.java:497)
            at com.sap.portal.ivs.global.roles.RemoteProducerAccessImpl.checkConnectivity(RemoteProducerAccessImpl.java:220)
            at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.evaluateDatasourcesToSearchFor(CompanyPrincipalFactory.java:656)
            at com.sap.security.core.jmx.impl.CompanyPrincipalFactory.simplePrincipalSearchByDatasources(CompanyPrincipalFactory.java:3172)
            at com.sap.security.core.jmx.impl.JmxSearchHelper.getSimpleEntitySearchResult(JmxSearchHelper.java:74)
            at com.sap.security.core.jmx.impl.JmxSearchHelper.calculateSimpleEntityTable(JmxSearchHelper.java:1182)
            at com.sap.security.core.jmx.impl.JmxServer.calculateSimpleEntityTableByDatasources(JmxServer.java:1061)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
            at java.lang.reflect.Method.invoke(Method.java:391)
            at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
            at javax.management.StandardMBean.invoke(StandardMBean.java:286)
            at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
            at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
            at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
            at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
            at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
            at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
            at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
            at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
            at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776)
            at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
            at com.sap.security.core.jmx._gen.IJmxServer$Impl.calculateSimpleEntityTableByDatasources(IJmxServer.java:717)
            at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.calculateSimpleEntityTable(JmxModelCompInterface.java:396)
            at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:443)
            at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.calculateSimpleEntityTable(InternalJmxModelCompInterface.java:746)
            at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getSimpleEntityTable(UmeUiFactoryCompInterface.java:471)
            at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:517)
            at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getSimpleEntityTable(InternalUmeUiFactoryCompInterface.java:894)
            at com.sap.security.core.wd.relaterole.RelateRoleComp.searchNewRoles(RelateRoleComp.java:259)
            at com.sap.security.core.wd.relaterole.wdp.InternalRelateRoleComp.searchNewRoles(InternalRelateRoleComp.java:282)
            at com.sap.security.core.wd.relaterole.AssignParentRolesView.onActionSearchNewRoles(AssignParentRolesView.java:215)
            at com.sap.security.core.wd.relaterole.wdp.InternalAssignParentRolesView.wdInvokeEventHandler(InternalAssignParentRolesView.java:261)
            at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
            at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
            at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
            at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
            at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
            at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
            at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
            at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
            at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
            at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
            at com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:77)
            at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1257)
            at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325)
            at com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:826)
            at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755)
            at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717)
            at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136)
            at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
            at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
            at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:313)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
            at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
            at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
            at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
            at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
            at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
            at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
            at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
            at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
            at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
            at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
            at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
            at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
            at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
            at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
            at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
            at java.security.AccessController.doPrivileged(AccessController.java:180)
            at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
            at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
    #1.#005056A15F780060000004FD00006D310004520C6A35F87C#1216113181849#com.sap.engine.services.security.roles.SecurityRoleReference##com.sap.engine.services.security.roles.SecurityRoleReference#J2EE_GUEST#0####399cb180524e11dd9849005056a15f78#SAPEngine_Application_Thread[impl:3]_37##0#0#Error#1#/System/Security/Audit/J2EE#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}] referencing J2EE security role [{3} : {4}].#5#ACCESS.ERROR#service.naming#jndi_all_operations#SAP-J2EE-Engine#administrators#
    #1.#005056A15F78005C00000C0500006D310004520C6A394185#1216113181992#com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl##com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl#J2EE_GUEST#0####39aa6d20524e11ddaee2005056a15f78#SAPEngine_Application_Thread[impl:3]_29##0#0#Error#1#/System/Server#Java###Runtime exception occurred while processing external JMX request [ JMX request (java) v1.0 len: 150 |  src: 2 target-node: 9750150 req: getAttribute params-number: 2 params-bytes: 0 |  ]
    [EXCEPTION]
    {0}#1#com.sap.engine.services.jmx.exception.JmxSecurityException: Caller J2EE_GUEST not authorized, only role administrators is allowed to access JMX
            at com.sap.engine.services.jmx.EngineAuthorization.checkMBeanPermission(EngineAuthorization.java:88)
            at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:77)
            at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:98)
            at com.sap.engine.services.jmx.MessageClientSecurityWrapper.checkPermissions(MessageClientSecurityWrapper.java:76)
            at com.sap.engine.services.jmx.MessageClientSecurityWrapper.invokeMbs(MessageClientSecurityWrapper.java:38)
            at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:196)
            at com.sap.engine.services.jmx.ClusterInterceptor.getAttribute(ClusterInterceptor.java:512)
            at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:84)
            at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
            at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
            at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:313)
            at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:199)
            at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
            at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
            at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
            at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
            at java.security.AccessController.doPrivileged(AccessController.java:180)
            at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
            at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

  • Problem with role

    Hi all
    i m face a problem with pfcg i m ask u i have 100 role and i want to add one T-code all 100 role.can any idea to add T-code with out used manually one by one.
    Thanks&Regards
    Pankaj

    dear pankaj,
    you can use the CATT utility(tcode SCAT) for altering the 100 roles.
    i presume that you have not used the catt utility before
    thats why i have detailed the procedure below.
    all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
    i hope you will find the my suggetion helpful.
    regards,
    sri srirangam

  • Problems with roles and ldapgroups in IDM 8

    Hello Guys,
    I'm facing a problem. I have to put users in ldap groups and i using roles. I have create an IT role and a Business role.
    I use the IT Role to add users in ldap groups through a rule and the business role to assign groups to a user. The business contains the IT Role.
    Normally, when i put a list of two groups in the rule, i must have user put in the two groups and if i remove one of this group in the rule, user must be removed from the choosen group. Unfortunatly, the second scenario doesn't work. I always have the two. And i can't removed the users from all groups.
    Is there something that i'm missing?
    I'm using IDM 8.A patch 2 and Sun Directory Server 6.3.
    The definition of my IT Role is :
    <?xml version='1.0' encoding='UTF-8'?>
    <!DOCTYPE Role PUBLIC 'waveset.dtd' 'waveset.dtd'>
    <Role authType='ITRole' name='My Groups'>
      <ResetLimit count='0'>
          </ResetLimit>
      <Services>
        <ObjectRef type='Resource' name='RESSOURCE LDAP'/>
      </Services>
      <ContainedRoles>
      </ContainedRoles>
      <RoleAttributes>
        <RoleAttribute name='My Groups:#ID#RESSOURCE LDAP:groups'>
          <Comment>Auto generated by Role Mes Groupes</Comment>
          <AttributeName>groups</AttributeName>
          <AttributeValueRef>
            <ObjectRef type='Rule' id='#ID#RuleListeUserGroups' name='Rule Liste User Groups'/>
          </AttributeValueRef>
          <Requirement>Authoritative merge with value, clear existing</Requirement>
          <ResourceRef>
            <ObjectRef type='Resource' id='#ID#RESSOURCE LDAP' name='RESSOURCE LDAP'/>
          </ResourceRef>
        </RoleAttribute>
      </RoleAttributes>
      <MemberObjectGroups>
        <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
      </MemberObjectGroups>
    </Role>Thanks All!

    i have it role mapped to ldap groups implemented successfully with the following...
    1. Instead of a rule adding to groups, you should have a resource attribute mapping ... this is described in the ldap resource adapter references....
    <AccountAttributeType id='101' name='ldapGroups' syntax='string' mapName='ldapGroups' mapType='string' multi='true' />2. Now have your IT ROLE to have the group population like the following
    <RoleAttribute name='MYROLE:RESOURCE-NAME:ldapGroups'>
          <AttributeName>ldapGroups</AttributeName>
          <AttributeValueString>
            <List>
              <String>cn=Wirelessaccess,ou=Groups,dc=example,dc=com</String>
            </List>
          </AttributeValueString>
          <Requirement>Authoritative merge with value</Requirement>
          <ResourceRef>
            <ObjectRef type='Resource' name='RESOURCE-NAME'/>
          </ResourceRef>
        </RoleAttribute>

  • Problem with Role while Deprovisioning !

    I have assigned AD resource to a role and I have hard coded this role in waveset.roles field in my create form. I am able to create, update accounts in IDM and AD automatically from flatfileactivesync.
    Now I need to delete & deprovision an account in IDM and AD respectively. I have created a rule that catches the activesync.diffaction eq = delete. I have placed this rule in Delete Rule (optional) so that whenever an account is deleted from the flat file and diffaction=delete & feedop=delete, this rule should delete & deprovision this account.
    From the flatfile logs even i m seeing that both diffaction and feedop equals to delete and it seems the account is deprovisioned from the logs (without any errors in the logs). But in IDM the account still exists and also on AD.
    My problem is the account is not getting deprovisioned and deleted from IDM because it is attached with a role (AD resource assigned to that role) and i am having AD resource as "Excluded resource" column in the user account assignment tab [due to the role]
    What I am doing wrong ?? Can anybody through some light !!
    Thanks.

    dear pankaj,
    you can use the CATT utility(tcode SCAT) for altering the 100 roles.
    i presume that you have not used the catt utility before
    thats why i have detailed the procedure below.
    all you would need to do is execute the tcode scat record all the transaction steps of editing the role by adding the new t-code. now creat a microsoft excel file consisting the list of all the remaining 99 roles that have to be changed and give that excel file as input when prompted for input and all the roles will be updated with the new tcode.
    i hope you will find the my suggetion helpful.
    regards,
    sri srirangam

  • Problem with role mapping in custom login module

    Hi all,
    I have developed custom login modules. They don't use the default user store but own data tables holding the necessary user information.
    Login works fine. But there is one big problem: Only those users that exist with the same user-id in the default user store get roles assigned to it. Whicht leads to 403-errors in my web application.
    Now, this is weired because a user with id 'Susi' has completely different passwords in my custom tables and in the user store, therefore it shouldn't be possible to authenticate 'Susi' against the default user management.
    Next thing is, I don't use the default login modules at all. So why does the application validates against the user store?
    I thought a source of the  problem might be that I don't set the roles correctly. I set the roles as a principal to the subject. I have chosen the role based mapping  in the web-engine.xml and mapped all my custom roles to the server role 'guests'.
    Could anybody think of a solution to this problem ?
    Thanks,  Astrid

    Astrid,
    Sorry to go off-topic on your post...but I have a question in relation to how you deploy your login module. Do you deploy the login module with your application ? I've developed a login module that I would like to deploy by itself, I currently deploy it with the calculator example and it works fine like this, but I need to deploy it by itself. Any tips you can give would be greatly appreciated.
    I've tried to use the deploytool and deploy the module as a library...but I get a "cannot  load a login module" in the logs when authenticating a user.

  • Problem with Role and User Distribution to the SAP System

    Hi to all.
    I've a problem when i try to transfer roles from portal to SAP CRM. (System Administration --> Permissions --> SAP Authorizations).
    If I select from the drop down list the SAP Alias corresponding to the connector to the target system an error is displayed:
    class com.sapportals.connector.connection.ConnectionFailedExceptionConnection Failed: Nested Exception. Failed to get connection. Please contact your admin.
    I think the problem is in the connector configuration since the connector test fails too (due to User attribution problems I think)
    Thank you for any help!

    Hello Mario,
    I have the same problem.
    Did you find a solution for this?
    Please let me know.
    Thanks in advance, Michael

  • Problem with role and user; user can't see the table

    Hello forum,
    I've created a role:
    CREATE ROLE enr_service;
    GRANT CONNECT TO enr_service;
    GRANT ALL ON Locataires TO enr_service;
    GRANT ALL ON Batiments TO enr_service;
    GRANT ALL ON Sportifs TO enr_service;
    GRANT SELECT ON Epreuves TO enr_service;
    and also a user:
    CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED ON USERS;
    GRANT enr_service TO ENR1;
    ALTER USER ENR1 DEFAULT ROLE enr_service;
    ALTER USER ENR1 DEFAULT TABLESPACE USERS;
    I can connect to the database with this user but when I try to query a table he's been granted access to I get an error message:
    SELECT * FROM Sportifs;
    ORA-00942: table or view does not exists
    I can't see what I've done wrong. Any help is appreciated.
    Sebastian

    user2019788 wrote:
    Hello forum,
    I've created a role:
    CREATE ROLE enr_service;
    GRANT CONNECT TO enr_service;
    GRANT ALL ON Locataires TO enr_service;
    GRANT ALL ON Batiments TO enr_service;
    GRANT ALL ON Sportifs TO enr_service;
    GRANT SELECT ON Epreuves TO enr_service;
    and also a user:
    CREATE USER ENR1 IDENTIFIED BY password QUOTA UNLIMITED ON USERS;
    GRANT enr_service TO ENR1;
    ALTER USER ENR1 DEFAULT ROLE enr_service;
    ALTER USER ENR1 DEFAULT TABLESPACE USERS;
    I can connect to the database with this user but when I try to query a table he's been granted access to I get an error message:
    SELECT * FROM Sportifs;
    ORA-00942: table or view does not exists
    I can't see what I've done wrong. Any help is appreciated.
    SebastianThat's probably because ENR1 doesn't have any table named SPORTIFS and he didn't qualify the table name with the schema name ...

  • Problem with role assignment

    Hello,
    using the NetWeaver CE 7.1 EhP1 SP 2, I have modeled a Guided Procedure approval workflow. The processor of the approval step is determined at runtime and provided as an input parameter.
    If the approver rejects, the customer may then modify their requests. In particular, the customer can choose a different approver.
    Now, I have the following problem:
    If the customer chooses a different approver, the new approver is notified as well as the old approver. Now, both are entitled to process the approval step.
    This is not what I intended. If the customer chooses a diffrent approver, the new approver should be the only one who is notified and entitled to process the approval step.
    What am I doing wrong or is it bug?
    Thanks and best regards
    Alexander

    Hi!
    It is neither wrong nor bug it depends on your requirement.
    As I said: I want to replace the old processor with a new processor. Moreover, I have to solve it with Guided Procedures.
    Best regards
    Alexander

  • I have a problem with manually uninstalling IDM CC 6.9.8 extension for Mozilla. How can I "MANUALLY" delete this extension?

    I have installed Internet Download Manager on my laptop and it subsequently, was integrated with Mozilla Firefox, but now cannot transfer download files on the Net to Internet Download Manager main panel. What can I do to manually delete this extension to reinstall it again?

    Go to %appdata%\IDM\ and delete the "idmmzcc3" folder. You need to have firefox closed, or unlock the files with unlocker if firefox is running to delete it

  • Problem with Role import in GRC 10.0

    Dear GRC Gurus,
    I want to import roles from backend to GRC 10.0 system. for this I am using NWBC.
    In NWBC --> Access Management --> Mass Role Maintenance --> Role Import --> in this age below OPtions are selected:
    Role Selection --> Technical Role
    Import Source: Role Attribute Source: User Input, Role Authorization Source: Backend System
    Definition Criteria:Application Type: SAP, Landscape: nothing is shown in the dropdown, Source System: nothing is shown in the dropdown
    Without Defining Landscape and Source system I cannot proceed further
    Please advise why the system is not showing up the values in the dropdown.
    I have maintained role status as production in SPRO.
    I appreciate your help.
    Thanks,
    Swathi

    Hi,
    Sabita is correct.
    Here is the link to the documentation
    SAP Access Control 10.0
    Simon

  • Big problem with role

    Hi all,
    is it possible to determinate the role of user at runtime ? In fact, roles in my case are given by ABAP function. The user goes connected, i must determinate the role of user starting from the result of my ABAP function etc. Is it possible ?
    Thanks for help.
    Regards
    Message was edited by: tafkap

    Hi,
    you can get the roles for a user like below:
    //get the user object
    IUser user = UMFactory.getUserFactory().getUser(String uniqueId);
    //OR
    IUser user = UMFactory.getUserFactory().getUserByLogonID(String logonId);
    after this get the roles by
    user.getRoles(boolean recursive); This will return a collection of roles. If you pass true it will search the child roles under one role.
    Regards,
    Shubhadip

  • Problems with the installation of Oracle Role Manager

    Hello everyone;
    I have a problem with the deployment of Jboss 4.05GA; just can not load the Role Manager Administrative Console (http://localhost:8080/ormconsole)
    Probe load the Jboss and that if I load the console this APPSERVER (http://localhost:8080)
    Also probe load the Role Manager Web UI and I had no problems (http://localhost:8080/webui)
    Use the method of installation Install Software Only then can make the integration with the IOM.
    Any suggestions for solving this problem.
    Part of the Log:
    14:17:02,953 ERROR [URLDeploymentScanner] Incomplete Deployment listing:
    --- Incompletely deployed packages ---
    org.jboss.deployment.DeploymentInfo@40e1e159 { url=file:/C:/jboss-4.0.5.GA/serve
    r/default/deploy/server.ear }
    deployer: org.jboss.deployment.EARDeployer@873723
    status: Deployment FAILED reason: URL file:/C:/jboss-4.0.5.GA/server/default/t
    mp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deployment failed
    state: FAILED
    watch: file:/C:/jboss-4.0.5.GA/server/default/deploy/server.ear
    altDD: null
    lastDeployed: 1228418189671
    lastModified: 1228418186515
    mbeans:
    --- MBeans waiting for other MBeans ---
    ObjectName: jboss.web.deployment:war=ormconsole.war,id=-1206236729
    State: FAILED
    Reason: org.jboss.deployment.DeploymentException: URL file:/C:/jboss-4.0.5.GA/
    server/default/tmp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deploy
    ment failed
    --- MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM ---
    ObjectName: jboss.web.deployment:war=ormconsole.war,id=-1206236729
    State: FAILED
    Reason: org.jboss.deployment.DeploymentException: URL file:/C:/jboss-4.0.5.GA/
    server/default/tmp/deploy/tmp18940server.ear-contents/ormconsole-exp.war/ deploy
    ment failed
    14:17:03,281 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0
    -8080
    14:17:03,718 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
    14:17:03,781 INFO [JkMain] Jk running ID=0 time=0/94 config=null
    14:17:04,015 INFO [Server] JBoss (MX MicroKernel) [4.0.5.GA (build: CVSTag=Bran
    ch_4_0 date=200610162339)] Started in 1m:35s:859ms
    Thank you

    HI JLK,
    i think i have solved the problem. Try to install the Oracle Role Manager with the installer and select the "Install Software and Configure" and install the "Standard Model" to the Database. Don't deploy the standard.car file.
    I hope i could help you.
    Thomas

Maybe you are looking for

  • How do I install the operating system on a store bought hard drive?

    I purchased a hard drive from best buy to replace the one that died on my hp G60-501.  When I try to run the system install disk, it runs through the entire thing (around 1.5 hours).  When it finally finishes, it says that it needs to be reinstalled.

  • Transaction RSPLAN don't work because of J2EE engine not found

    Hi, I install successfully the new version. I have some problems when i launch RSPLAN. The message "The J2EE is not found" appears. The browser is not launched. When i go to the RSPLSA transaction, and i try to change the option from "Bex Portal Serv

  • Problem with complex dataBinding within concat

    Im trying to create a link with a databound onClick attribute like so: <link ....> <boundAttribute name="onClick"> <concat> <fixed text="submitForm('result',0,{'event':'action','action':'"/> <dataObject select="defaultAction" source="fti:search"/> <d

  • Insert Statement with Where Clause

    I m using this but giving error "Encounter the Symbol "Where" when expecting one of the following. Code is :- insert into dum (cost_no, c_size, cmt1, cmt2, cmt3) values (:sizecost.cost_no, :sizecost.c_size, :bottomcost.cmt1, :bottomcost.cmt2, :bottom

  • Query on Public IP Usage with URL

    Hi, I would like to know that if I host a site, like www.abc.com, should the 'abc.com' and 'www.abc.com' have the same public IP. 'abc.com' and 'www.abc.com' shows the same web page. Regards.