Process Management and Security Roles
Hi guys,
I haven't worked too much with security, and now I have to define the users that will be related to the Process Management cycle. Is there any specific role for each phase? Are all the phases necessary?
Thanks!
Anna
Hi Anna,
I think that the first and most important step of your task is to understand who the information flows in your organisation. Ask your customer/users how the flow of the information would have been if they did not have HFM. Designing a couple of charts and having your customers to sign-off this process is quite important in my experience.
As soon as you understand which business roles should deliver/review information to the next business role, then start designing the HFM process management.
The first level of Process management is the Not Started. At this level no user can import data except the administrator
The second level of Process management is the First Pass. At this level all users can input data without restrictions.
The third level of Process management is the Review Levels. You have 10 Review Levels per submission. However, one to five review levels is quite enough for most organisations. Consider that the more review levels the more complex your process is. My personal opinion is that 4 review levels are quite good for the majority of the organisations. At RL1, the inputer will input the data, at RL2 the finance director will review the data, at RL3 the hub/region director will review the data and finally at RL4 the group users will review the data.
The review level 4 that I mentioned, can be substitute by the next set of levels which is submit, approve and publish. The status "publish" will allow the entity to be locked which means that not even the administrator will not be able to change the data or calculate the entity.
There are many combinations of how you can setup the process management, so if you have specific questions please let us know.
Regards,
Thanos
Similar Messages
-
Security-role and security-role-assignment not working in WL7.0
Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.comBelow are the screen shots for PFCG:
-
Intel Management and Security Status Icon started appearing 3 days ago
We didn't install anything new, and this "Intel Management and Security" icon (which you can't close) started appearing in the start menu on the bottom of the screen. What made this start appearing, and how can we get rid of it?
Hello aoppen,
please also refer to this guide how to use AMT.
Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
Please insert your type, model (not S/N) number and used OS in your posts.
I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
English Community Deutsche Community Comunidad en Español -
EPM Process Manager and Workspace Error
OS: Window Server 2003 usiing SQL 2005
The error below is what I received when trying to start the Hyperion EMP Process Manager and I cannot access the Workspace but I am able to create application on the Client.
I would appreciate your help to resolve this error. The installation and configuration came out fine without errors.
Service cannot be started. Hyperion.DimensionServer.ProcessManager.Interface.ProcessManagerException: Cannot initialize the Session Manager. ---> Hyperion.DataAccessLayerCore.DataAccessLayerException: To run the Dimension Server, both ALLOW_SNAPSHOT_ISOLATION and READ_COMMITTED_SNAPSHOT database settings must be set to 'ON'. Their values are currently 'ON' and 'OFF' respectively. Please consult the product documentation for details.
at Hyperion.DataAccessLayerCore.DataAccessLayer..ctor(NameValueCollection settings, String tablePrefix, String baseNamespace, String schemaVersion, Boolean onlyLoadKnownTables)
at Hyperion.DataAccessLayerCore.DataAccessLayer..ctor(NameValueCollection settings, String tablePrefix, String baseNamespace, String schemaVersion)
at Hyperion.SessionManager.DAO.SessionManagerDataAccessLayer..ctor(NameValueCollection settings)
at Hyperion.DimensionServer.SessionManager.SessionStoreRdbms.Initialize(String rdbmsVendor, String rdbmsConnParams, Int32 rdbmsCommandTimeout)ALTER DATABASE OMAR
SET READ_COMMITTED_SNAPSHOT ON
ALTER DATABASE OMAR
SET ALLOW_SNAPSHOT_ISOLATION ON
The command above worked, but the command below works better. Thanks for the SQL server link you provided.
/*ALTER DATABASE OMAR
SET READ_COMMITTED_SNAPSHOT ON;
GO
ALTER DATABASE OMAR
SET ALLOW_SNAPSHOT_ISOLATION ON;
GO*/
However, I am now faced with another problem as indicated below. I have refreshed the DNS but no luck. Please I still need your assistance about this error.
Service cannot be started. Hyperion.DimensionServer.ProcessManager.Interface.ProcessManagerException: Cannot initialize the Session Manager. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 169.254.220.55:5255
Server stack trace:
at System.Net.Sockets.Socket.Connect(IPAddress[] addresses, Int32 port)
at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(AddressFamily family)
at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()
at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket()
at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew)
at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream)
at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders...
Here is other related error received from diagnostic report:
PASSED DB: Database Connection to database jdbc:weblogic:sqlserver://omar-serverltp.OMSGROUP.OMSTAX.COM:1433;databaseName=omar 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmapplicationservice/Application.asmx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmlcmservice/LCMWS.asmx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmofficeprovider/HFMOfficeProvider.aspx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfm
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/oracle-epm-fm-webservices
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/raframework/index.jsp
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/WebAnalysis
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hr/status.jsp
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HyperionPlanning
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/easconsole/easconsole.jnlp
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/mappingtool/faces/info.jspx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/calcmgr/index.htm
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/awb
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/aps/APS
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HSFWebServices/HSFWebService.asmx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HyperionFDM
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hyperion-bpma-server/Applications.asmx
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 1 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/interop
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application 0 s
FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/workspace/index.jsp
Error: java.net.ConnectException: Connection refused: connect
Recommended Action: Start application
For more information, see Help and Support Center at
Edited by: user10392064 on Dec 8, 2010 7:00 AM -
Intel Management and Security Software -- How to remove completely?
I recently rebuilt my x201 Laptop, installed Windows 7 Ultimate x64 and ran the Lenovo automatic update tool. I now have something called Intel Management and Security software which I neither want nor need.
I do not understand why it was installed as the Laptop does not have a G3 Broadband card and the Intel software appears to be dependent on it for most of is functionality. The Lenovo automatic update tool should have been smart enough to realize that the Intel software was worthless on a machine without a G3 Broadband card and not have installed it.
How do I unistall it and make sure that Lenovo's automatic update does not reinstall it?Do you mean Intel AMT? i frequently have that popping out too. Not sure if you can permantly prevent it from showing up, but the bios has an option that disables this functionality. It doesn't matter if you have mobile broadband or not, it is just a hardware for coporate IT administrators to easily handle the thousand of company laptops around the world.
-
[ANN] Online seminar - Web services management and security seminar
Join us now (Thu 09:00am) for a live seminar about Web services management and security here:
http://www.oracle.com/technology/tech/java/newsletter/seminars.htmlI have got the following error when i run the WebServicesAssembler.jar
D:\Oracle\Oc4j\j2ee\home>java -jar d:/oracle/oc4j/webservices/lib/WebServicesAss
embler.jar -config etc/config.xml
Exception in thread "main" java.util.zip.ZipException: The system cannot find th
e path specified
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:105)
at java.util.jar.JarFile.<init>(JarFile.java:110)
at java.util.jar.JarFile.<init>(JarFile.java:52)
D:\Oracle\Oc4j\j2ee\home>java -jar WebServicesAssembler.jar -config etc/config.x
ml
Exception in thread "main" java.lang.InstantiationException: Unknown deployment
tag in JMS Web Service Example: <option>
at com.evermind.xml.XMLConfig.parseDeploymentMainNode(XMLConfig.java:293
at oracle.j2ee.ws.tools.WsAssemblerConfig.parseDeploymentMainNode(WsAsse
mblerConfig.java:68)
at com.evermind.xml.XMLConfig.parseRootNode(XMLConfig.java:268)
at com.evermind.xml.XMLConfig.init(XMLConfig.java:147)
at com.evermind.xml.XMLConfig.init(XMLConfig.java:88)
at oracle.j2ee.ws.tools.WsAssemblerConfig.init(WsAssemblerConfig.java:30
at oracle.j2ee.ws.tools.WsAssembler.main(WsAssembler.java:17) -
Process Manager and Integration on AIX
Hello,
We have installed an Application Server 10.1.2.0.2 on AIX, but without Process Manager and Integration. On Metalink it is specified that these products are not Certified but still present on any platform on the Application Server 10.1.2.0.2. On OTN it is said it is 'Projected' and available for windows, linux and Sun.
Could anyone tell me if this will be soon available for AIX? Or is there another way to get these installation files? Is it also possible to use an early version of Process Manager and Integration on the Application Server 10.1.2.0.2?
Gr.
PatrickBPEL PM 10.1.2.0.2 is available on AIX.
-
Regarding Oracle Business Process Manager and WS-Security
Hi All,
Actually I like to invoke couple of secure services running on seperate
server runnnig JWSDP.These services are using WS-security,so I am just
wondering if it possible to call these webservices through Oracle
Business Process Manager.
As our secure services are using JWSDP so thats the reason we prefer to
use the BPEL engine which deployed on top of JWSDP so that We dont
have to confront with compatable issues among different toolkits.
So I am just wondering do you think that Oracle business process manager
ws-secuirity implementation can use the JWSDP implementation i.e
xws-security implementation,in otherwords is it possible to use JWSDP
with Oracle business process manager for using the ws-security?Thanks.
I would appreciate your help.
Kashifyes we do native in Oracle BPEL PM (username token) - as explained here
http://www.oracle.com/technology/products/ias/bpel/documents/bpel_admin_10.1.3.1.0.pdf page 30
for more sophisticated ws sec stuff, pls use Oracle Webservice Manager -
Error in User Management and Assigning Role
Hi,
I have configured LDAP authentication on LiveCycle Server. I get the userlist with LDAP in my admin console under User Management - User & Groups. But as soon I click on any of the LDAP username I am getting error to contact administrator. Same also happens when I check the checbox infront of the username and tries to assing role.
My Livecycle server is on WAS6.1, I also have server setup on my local where the same LDAP i have configured and I am able to access users and assign role. Is there any problem with WAS6.1 ?
I checked the logs and i got following exception in server logs.
[10/24/08 10:57:58:467 EDT] 00000039 IDPLoggedExce W com.adobe.idp.common.errors.Logger$LogConsumer run UserM:GENERIC_WARNING: [Thread Hashcode: 1028668752] | [com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:8193 errorCodeHEX:0x2001 message:getPrincipal public chainedException:java.lang.NullPointerExceptionchainedExceptionMessage:null chainedException trace:java.lang.NullPointerException
at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.getCacheKey s(DirectoryServicesManagerBean.java:1583)
at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.findPrincip al(DirectoryServicesManagerBean.java:1608)
at com.adobe.idp.um.businesslogic.directoryservices.EJSLocalStatelessDirectoryServicesManage rBean_0dbf3d20.findPrincipal(Unknown Source)
at com.adobe.idp.um.api.impl.DirectoryManagerImpl.findPrincipal(DirectoryManagerImpl.java:13 8)
at com.adobe.idp.um.ui.user.CreateNewUserAction.doExecute(CreateNewUserAction.java:139)
at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1075)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1016)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:1 73)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:113)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:546)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.jav a:90)
at com.ibm.ws.webHello Do anyone get anything about above exception, or is there any other information needed, please let me know ?
I still cannot found the solution for above problem, and it stops me to configuring users on Adobe LiveCycle ES, we have purchased Livecycle ES version 8.0 -
BPEL Process Manager and Collab Suite
I'm trying to get BPEL Process Manager installed with Collaboration Suite.
I installed it into the OID database, now I'm following a document entitled "Content Services 10g r1 Custom Workflows" to try and set it up.
I'm currently trying to get it configured with OID. I've modified jazn.xml in <ORACLE_HOME>/j2ee/OC4J_BPEL/config and <ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config, also the orion-application.xml file and the is_config.xml file.
When I try to login to the work list app, the URL changes to /worklistapp/TaskList (so I presume I'm being authenticated), but I get a "500 Internal Server Error". The following error message appears in the server.log file:
06/07/14 15:54:29 Internal error in HttpServer
java.lang.NullPointerException
at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealmByDN(Unknown Source)
at oracle.security.jazn.oc4j.RealmUserManager.getUser(Unknown Source)
at oracle.security.jazn.oc4j.FilterUserManager.getUser(Unknown Source)
at com.evermind.server.http.AJPRequestHandler.loadRemoteUser(AJPRequestHandler.java:425)
at com.evermind.server.http.AJPRequestHandler.initRequest(AJPRequestHandler.java:479)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:194)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
at java.lang.Thread.run(Thread.java:534)
I've changed the default-realm in the jazn.xml and orion-application.xml files (i.e. the realm is dc=domain,dc=company-name,dc=com and I've tried domain, com and the FQDN), but it doesn't seem to be making any difference.
Any suggestions?
Thanks,
PhillOk, don't ask me why, but I tried restarting infrastructure, and it seems to be working now?!!!
I don't know whether it would make a difference as well but for the moment I'm using the IP address of the server to access it because our internal DNS seems to be playing up.
Strange! -
Does Azure SQL support AD and Security Roles
I would like to create Reporting Service reports using Azure SQL Database.
It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
Kenny_IHi Kenny,
Thanks for posting here.
I suggest you to check this link for details.
http://www.infoq.com/news/2015/02/azure-sql-ad-media
http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
Hope this helps you.
Girish Prajwal -
Process manager and directory 4.13
Good day,
we are into a project to deploy process manager onto our iplanet infrastructure, we already have a corporate directory, v 4.13, I do not want to deploy a second directory for the apps server or the process manager, once the iDS 5.0 SP1 Patch is installed could we use the actual directory for authentication of user and for any other configuration purpose for the apps/process manager, or do I have to install one one the same server then the apps/process manager for configuration purpose only.
thank you in advanceI have the same question, too.
And is there a way to customize the installation of BPEL PM? I would like to install the JBoss AS to another place. -
Problem with processes repository and BPMN role
Hi,
I have created process and now I would like to create new user with BPMN End User role but my CE 7.1 doesn't have such role. I also don't have "Processes and Tasks" tab under Configuration Management >Processes and Tasks. Do You know what is the reason of this situation? What do I need?I have the same problem. menu-caches doesn't die after user logs out of the session (don't have the gamin issue though). I too am running LXDE. When a different user logs in via gdm you'll still see the menu-cached processes for other users and I end up having to kill them as root. I do believe this is a bug with either menu-caches and/or LXDE (or perhaps, more specifically, its session manager). I've looked high and low through the system to figure out where menu-cached is invoked from and for any sort of associated configuration file to no avail. I'm left with the conclusion that the invocation of menu-cached is hard-coded into start-lxde.
As a ugly-hack workaround you might try making a shell script like the following in /etc/gdm/PostSession/ directory:
#!/bin/sh
killall menu-cached
This of course is only applicable for those running gdm as their display manager. Also don't forget to make it executable.
I would imagine that menu-cached not closing on user logout is very much a bug. Or perhaps, more precisely, something that hadn't gotten put in yet. Afterall, LXDE is still a relatively new desktop. A good one at that so far, if you don't mind some of the missing polish that its dev haven't had a chance to add yet.
If someone else knows a more elegant solution than that please let me, and the other LXDE users, know.
Last edited by PingFloyd (2009-04-04 02:08:29) -
Process Management and Subhierarchy Dimension
Hi All,
I'm a little in trouble with this new feature in Hyperion Planning. WE are on 11.1.2.1 version.
So, i defined my Planning Unit (Scenario-Version-Entity) but when i try to add the fourth dimension (Subhierarchy) it doesn't work as i would.
The requirement is to block the access to a subset of accounts after the user has stopped to input the data. However, when he "Promotes" the Planning Unit the result is that all the accounts (not only those selected in the subhierarchy) result in a non-writable status.
the user has write-access on all the Account Hierarchy. I think that this feature allow to block write-access only when the hierarchy is already filtered by security, in particular on those accounts that do not have to enter in the workflow.
If someone has some ideas please tell me... i would like to block only those accounts and not others.
Thak you all in advance
MaurizioThe OPMN process want to start, and it controls all other processes. Periodically it checks if all other process are still running. This is done via an heart beat mechanism. In the opmn.xml file you can see all the components managed by OPMN and their time-out. If the OPMN does not get a response within that time-out it will restart or stop the process. You can set the number of retries before stop/restart the process.
I suggest to increase the tim-out and number of retries. -
IPv6 Address Management and Security Questions
I'm trying to draft an IPv6-based version of our location's current routing configuration in anticipation of when our ISP will finally roll it out, and address management has been giving me the biggest headache - ironic, considering IPv6 was supposed to simplify address allocation.
My first config draft was made assuming that I would be getting a static /56 or /60 prefix from the ISP, and I was just going to insert the prefix into my DHCP pools and there would be no issues. That was before reading around and discovering that some ISPs are considering prefix delegation (PD) for both residential and business accounts instead of static blocks. Now I have questions about how to stick as close to the current IPv4 configuration as possible.
For the PD scenario, what I am looking at now are two addresses ranges for each network - a ULA /120 space that I want to control using stateful DHCPv6, and the global space which can be /64 and auto-configured. That way there will be a "private" address space for internal routing in the event of a prefix change or an extended outage. But I'm not sure how the config should look for such a scenario. What I have drafted so far is this:
ipv6 dhcp pool DHCP6_INTERNAL
address prefix FDAB::1:0/120
domain-name whatever.net
dns-server FDAB::1:1
ipv6 dhcp pool DHCP6_DMZ-WIFI
address prefix FDAB::2:0/120
domain-name guest.whatever.net
dns-server FDAB::2:1
interface GigabitEthernet0
description WAN-LINK
ipv6 enable
ipv6 address dhcp
no ipv6 unreachables
no ipv6 redirects
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
ipv6 nd autoconfig default-route
ipv6 dhcp client pd hint ::/56
ipv6 dhcp client pd ISP-PREFIX
zone-member security OUTSIDE
speed auto
duplex auto
no cdp enable
interface FastEthernet8.1
description VLAN_1-INTERNAL
encapsulation dot1Q 1 native
ipv6 enable
ipv6 address FDAB::1:1/120
ipv6 address ISP-PREFIX ::1:0:0:0:1/64
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
zone-member security INSIDE
ip tcp adjust-mss 1300
ipv6 dhcp server DHCP6_INTERNAL
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
interface FastEthernet8.2
description VLAN_2-DMZ-WIFI
encapsulation dot1Q 2
ipv6 enable
ipv6 address FDAB::2:1/120
ipv6 address ISP-PREFIX ::2:0:0:0:1/64
ipv6 flow ingress
ipv6 flow egress
ipv6 virtual-reassembly in
zone-member security DMZ
ip tcp adjust-mss 1300
ipv6 dhcp server DHCP6_DMZ-WIFI
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
Will this config work? By which I mean: will the DHCPv6 servers provide ULA addresses, and will SLAAC work for global address allocation? If not, what needs to be changed?
Also, another question. I found a few references to a prefix name (the "ISP-PREFIX") which can be used as part of a static IPv6 address on an interface, which is a good idea in case the prefix changes. But that brings up another concern - if the prefix changes, that will invalidate ACLs referencing the global addresses using the previous prefix. Is there anything similar to the prefix name string that can be used in ACLs to keep this from occurring?DHCPv6-PD is not necessarily dynamic the same way as DHCP was with the public IPv4 addresses in the IPv4 world.
While the outside network (PPPoE, DHCPv6, anything) might be truly dynamic and changing with possibly every login session, the DHCPv6 delegated prefix might be tied to your login credentials or DHCPv6 client's DUID after the first connection. A bit like a DHCP lease reservation.
If that is the case, there is some possibility that your ISP will run reverse route injection, and will always route your "fixed" prefix to the currently active dynamic "outside" address.
Talk to your ISP and have them confirm that, once the PD'd /48 or /56 is initially assigned, it won't change, and that the same prefix will be delegated every time. Then you can treat it as if it were fully static, and you won't have to go down the ULA path.
I contacted one of our local ISPs, and they're doing it exactly that way: PPPoE for IPv4 and IPv6 (fully dynamic), and DHCPv6-PD with the /48 tied to the PPPoE login credentials. I might change to that ISP sooner or later.
With my current ISP, my IPv6 access is 6RD based. I get a /60, with my current public ipv4 address (by DHCP) embedded into those 60 bits. Readressing is bound to happen sooner or later, and it happens every so often, and it breaks my IPv6 ACLs.
I'm also looking for a way to write IPv6 ACLs with wildcard bits, not prefix/mask, so I can use them with ZBFW. So far, no sign of it.
A few more comments:
ULA addressing:
It may look tempting, plausible and intuitive to use dual global and ULA addressing.
I started this way as well. However, it turns out that Windows 7 has (had?) some issues with proper source address selection. The "longest common prefix" rule never seemed to work properly. In some cases, it would pick the global address to talk to ULA hosts, or stubbornly insist to use the ULA address to talk to an IPv6 internet host. It was a frustrating experience. Be sure to test this to the full extent (and back, and again and then some more) with every operating system you intend to use.
Using /120:
Be sure to test this as well, and very thoroughly. Subnet masks longer than /64 are sometimes called "uncharted territory" in IPv6. Longer subnet masks will break SLAAC, and there may be (embedded) devices that will not react benevolently to a subnet mask other than /64, or simply lack support for DHCPv6.
adjust-mss
I see you have "ip tcp adjust-mss 1300". While PMTUd may be mandatory with IPv6, I found it being broken already :-( . "ipv6 tcp adjust-mss .... " is now a separate command since IOS 15.4(1). I would suggest considering it, depending with your experience with PMTUd on IPv6.
Maybe you are looking for
-
Radio button and associated functionality is not working!
Hi Pros, I am facing the following problem: 1.I have an interactive PDF created in Acrobat 9 Pro. 2.PDF have few radio buttons, each radio buttons ahave assigned valus(eg: 1,2,3 etc) 3.I have a text box in which the value of selected radio button is
-
Time machine starts but then freezes during backup
Time machine has been working well using a LaCie external hard drive. However when I start Time Machine, it freezes at 12kB backup. Any ideas?
-
Informational TX messages in a cluster
I have a 2 server cluster running, servers 140 and 142. On server 140, I see these types of informational messages that seem to be reported by 142. Mon Jan 22 08:25:17 EST 2001:<I> <TX> Transaction (TxC (22523839, xid =
-
Exams 1Z0-141 and 1Z0-147 Not Retiring
Retirement for exams 1Z0-141 and 1Z0-147 has been postponed. Upon further assessment, there appears to still be a significant enough group of individuals taking these two exams that we have chosen to postpone their retirement at this time. There is n
-
I checked to see if the download can be completed, but my computer says there's nothing there. Itunes isn't letting me play past about the halfway point in the episode, however. Any idea on what to do?