Process Management and Security Roles

Hi guys,
I haven't worked too much with security, and now I have to define the users that will be related to the Process Management cycle. Is there any specific role for each phase? Are all the phases necessary?
Thanks!
Anna

Hi Anna,
I think that the first and most important step of your task is to understand who the information flows in your organisation. Ask your customer/users how the flow of the information would have been if they did not have HFM. Designing a couple of charts and having your customers to sign-off this process is quite important in my experience.
As soon as you understand which business roles should deliver/review information to the next business role, then start designing the HFM process management.
The first level of Process management is the Not Started. At this level no user can import data except the administrator
The second level of Process management is the First Pass. At this level all users can input data without restrictions.
The third level of Process management is the Review Levels. You have 10 Review Levels per submission. However, one to five review levels is quite enough for most organisations. Consider that the more review levels the more complex your process is. My personal opinion is that 4 review levels are quite good for the majority of the organisations. At RL1, the inputer will input the data, at RL2 the finance director will review the data, at RL3 the hub/region director will review the data and finally at RL4 the group users will review the data.
The review level 4 that I mentioned, can be substitute by the next set of levels which is submit, approve and publish. The status "publish" will allow the entity to be locked which means that not even the administrator will not be able to change the data or calculate the entity.
There are many combinations of how you can setup the process management, so if you have specific questions please let us know.
Regards,
Thanos

Similar Messages

  • Security-role and security-role-assignment not working in WL7.0

    Hello all..
    Some EJB components that worked fine in WebLogic 6.1 no longer work in
    WL7.0. It has to do with the security-role and security-role-assignment
    descriptor elements no longer allowing anonymous users to be included in the
    authorization for a bean.
    For example, in WL6.1 placing these items in ejb-jar.xml:
    <assembly-descriptor>
    <security-role>
    <role-name>Employees</role-name>
    </security-role>
    <method-permission>
    <role-name>Employees</role-name>
    <method>
    <ejb-name>CustomerEJB</ejb-name>
    <method-name>*</method-name>
    </method>
    </method-permission>
    and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
    <security-role-assignment>
    <role-name>Employees</role-name>
    <principal-name>guest</principal-name>
    <principal-name>system</principal-name>
    </security-role-assignment>
    worked fine for clients creating their context using a simple
    InitialContext() constructor without specifying SECURITY_PRINCIPAL or
    SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
    the security-role-assignment element above told WebLogic that "guest" was in
    the Employees role for purposes of this EJB archive.
    Worked in WL6.1, no longer works in WL7.0. Client receives typical
    permission exception:
    java.rmi.AccessException: Security violation: insufficient permission to
    access method 'create'
    If I explicity connect as "system" things are fine, or I can create a new
    user in the default realm in WebLogic, put a matching <principal-name>
    element in the section above, and connect as that user. Note that if I leave
    off the <security-role> section completely, or set the required role name to
    "everyone", the anonymous access works fine. Apparently the anonymous user
    is a member of "everyone" behind the scenes even though "everyone" does not
    appear in the realm list of groups or roles.
    So, my question boils down to this: Is there a "magic" username in WL7 like
    "guest" was in WL6.1 that can be mapped to the required role name, or must
    every client connection use a true weblogic-created user with appropriate
    role assignments used to map it to the required role name.
    -Greg
    P.S. Note that none of the EJB examples provided with WL used
    <security-role>..
    Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
    www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

    Below are the screen shots for PFCG:

  • Intel Management and Security Status Icon started appearing 3 days ago

    We didn't install anything new, and this "Intel Management and Security" icon (which you can't close) started appearing in the start menu on the bottom of the screen.  What made this start appearing, and how can we get rid of it?

    Hello aoppen,
    please also refer to this guide how to use AMT.
    Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
    Please insert your type, model (not S/N) number and used OS in your posts.
    I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
    TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
     English Community       Deutsche Community       Comunidad en Español

  • EPM Process Manager and Workspace Error

    OS: Window Server 2003 usiing SQL 2005
    The error below is what I received when trying to start the Hyperion EMP Process Manager and I cannot access the Workspace but I am able to create application on the Client.
    I would appreciate your help to resolve this error. The installation and configuration came out fine without errors.
    Service cannot be started. Hyperion.DimensionServer.ProcessManager.Interface.ProcessManagerException: Cannot initialize the Session Manager. ---> Hyperion.DataAccessLayerCore.DataAccessLayerException: To run the Dimension Server, both ALLOW_SNAPSHOT_ISOLATION and READ_COMMITTED_SNAPSHOT database settings must be set to 'ON'. Their values are currently 'ON' and 'OFF' respectively. Please consult the product documentation for details.
    at Hyperion.DataAccessLayerCore.DataAccessLayer..ctor(NameValueCollection settings, String tablePrefix, String baseNamespace, String schemaVersion, Boolean onlyLoadKnownTables)
    at Hyperion.DataAccessLayerCore.DataAccessLayer..ctor(NameValueCollection settings, String tablePrefix, String baseNamespace, String schemaVersion)
    at Hyperion.SessionManager.DAO.SessionManagerDataAccessLayer..ctor(NameValueCollection settings)
    at Hyperion.DimensionServer.SessionManager.SessionStoreRdbms.Initialize(String rdbmsVendor, String rdbmsConnParams, Int32 rdbmsCommandTimeout)

    ALTER DATABASE OMAR
    SET READ_COMMITTED_SNAPSHOT ON
    ALTER DATABASE OMAR
    SET ALLOW_SNAPSHOT_ISOLATION ON
    The command above worked, but the command below works better. Thanks for the SQL server link you provided.
    /*ALTER DATABASE OMAR
    SET READ_COMMITTED_SNAPSHOT ON;
    GO
    ALTER DATABASE OMAR
    SET ALLOW_SNAPSHOT_ISOLATION ON;
    GO*/
    However, I am now faced with another problem as indicated below. I have refreshed the DNS but no luck. Please I still need your assistance about this error.
    Service cannot be started. Hyperion.DimensionServer.ProcessManager.Interface.ProcessManagerException: Cannot initialize the Session Manager. ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 169.254.220.55:5255
    Server stack trace:
    at System.Net.Sockets.Socket.Connect(IPAddress[] addresses, Int32 port)
    at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(AddressFamily family)
    at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()
    at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket()
    at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew)
    at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream)
    at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders...
    Here is other related error received from diagnostic report:
    PASSED DB: Database Connection to database jdbc:weblogic:sqlserver://omar-serverltp.OMSGROUP.OMSTAX.COM:1433;databaseName=omar 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmapplicationservice/Application.asmx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmlcmservice/LCMWS.asmx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfmofficeprovider/HFMOfficeProvider.aspx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hfm
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/oracle-epm-fm-webservices
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/raframework/index.jsp
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/WebAnalysis
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hr/status.jsp
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HyperionPlanning
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/easconsole/easconsole.jnlp
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/mappingtool/faces/info.jspx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/calcmgr/index.htm
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/awb
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/aps/APS
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HSFWebServices/HSFWebService.asmx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/HyperionFDM
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/hyperion-bpma-server/Applications.asmx
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 1 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/interop
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application 0 s
    FAILED HTTP: Http Availability of http context http://omar-serverltp.omsgroup.omstax.com:19000/workspace/index.jsp
    Error: java.net.ConnectException: Connection refused: connect
    Recommended Action: Start application
    For more information, see Help and Support Center at
    Edited by: user10392064 on Dec 8, 2010 7:00 AM

  • Intel Management and Security Software -- How to remove completely?

    I recently rebuilt my x201 Laptop, installed Windows 7 Ultimate x64 and ran the Lenovo automatic update tool.  I now have something called Intel Management and Security software which I neither want nor need.
    I do not understand why it was installed as the Laptop does not have a G3 Broadband card and the Intel software appears to be dependent on it for most of is functionality.  The Lenovo automatic update tool should have been smart enough to realize that the Intel software was worthless on a machine without a G3 Broadband card and not have installed it.
    How do I unistall it and make sure that Lenovo's automatic update does not reinstall it?

    Do you mean Intel AMT? i frequently have that popping out too. Not sure if you can permantly prevent it from showing up, but the bios has an option that disables this functionality. It doesn't matter if you have mobile broadband or not, it is just a hardware for coporate IT administrators to easily handle the thousand of company laptops around the world.

  • [ANN] Online seminar - Web services management and security seminar

    Join us now (Thu 09:00am) for a live seminar about Web services management and security here:
    http://www.oracle.com/technology/tech/java/newsletter/seminars.html

    I have got the following error when i run the WebServicesAssembler.jar
    D:\Oracle\Oc4j\j2ee\home>java -jar d:/oracle/oc4j/webservices/lib/WebServicesAss
    embler.jar -config etc/config.xml
    Exception in thread "main" java.util.zip.ZipException: The system cannot find th
    e path specified
    at java.util.zip.ZipFile.open(Native Method)
    at java.util.zip.ZipFile.<init>(ZipFile.java:105)
    at java.util.jar.JarFile.<init>(JarFile.java:110)
    at java.util.jar.JarFile.<init>(JarFile.java:52)
    D:\Oracle\Oc4j\j2ee\home>java -jar WebServicesAssembler.jar -config etc/config.x
    ml
    Exception in thread "main" java.lang.InstantiationException: Unknown deployment
    tag in JMS Web Service Example: <option>
    at com.evermind.xml.XMLConfig.parseDeploymentMainNode(XMLConfig.java:293
    at oracle.j2ee.ws.tools.WsAssemblerConfig.parseDeploymentMainNode(WsAsse
    mblerConfig.java:68)
    at com.evermind.xml.XMLConfig.parseRootNode(XMLConfig.java:268)
    at com.evermind.xml.XMLConfig.init(XMLConfig.java:147)
    at com.evermind.xml.XMLConfig.init(XMLConfig.java:88)
    at oracle.j2ee.ws.tools.WsAssemblerConfig.init(WsAssemblerConfig.java:30
    at oracle.j2ee.ws.tools.WsAssembler.main(WsAssembler.java:17)

  • Process Manager and Integration on AIX

    Hello,
    We have installed an Application Server 10.1.2.0.2 on AIX, but without Process Manager and Integration. On Metalink it is specified that these products are not Certified but still present on any platform on the Application Server 10.1.2.0.2. On OTN it is said it is 'Projected' and available for windows, linux and Sun.
    Could anyone tell me if this will be soon available for AIX? Or is there another way to get these installation files? Is it also possible to use an early version of Process Manager and Integration on the Application Server 10.1.2.0.2?
    Gr.
    Patrick

    BPEL PM 10.1.2.0.2 is available on AIX.

  • Regarding Oracle Business Process Manager and WS-Security

    Hi All,
    Actually I like to invoke couple of secure services running on seperate
    server runnnig JWSDP.These services are using WS-security,so I am just
    wondering if it possible to call these webservices through Oracle
    Business Process Manager.
    As our secure services are using JWSDP so thats the reason we prefer to
    use the BPEL engine which deployed on top of JWSDP so that We dont
    have to confront with compatable issues among different toolkits.
    So I am just wondering do you think that Oracle business process manager
    ws-secuirity implementation can use the JWSDP implementation i.e
    xws-security implementation,in otherwords is it possible to use JWSDP
    with Oracle business process manager for using the ws-security?Thanks.
    I would appreciate your help.
    Kashif

    yes we do native in Oracle BPEL PM (username token) - as explained here
    http://www.oracle.com/technology/products/ias/bpel/documents/bpel_admin_10.1.3.1.0.pdf page 30
    for more sophisticated ws sec stuff, pls use Oracle Webservice Manager

  • Error in User Management and Assigning Role

    Hi,
    I have configured LDAP authentication on LiveCycle Server. I get the userlist with LDAP in my admin console under User Management - User & Groups. But as soon I click on any of the LDAP username I am getting error to contact administrator. Same also happens when I check the checbox infront of the username and tries to assing role.
    My Livecycle server is on WAS6.1, I also have server setup on my local where the same LDAP i have configured and I am able to access users and assign role. Is there any problem with WAS6.1 ?
    I checked the logs and i got following exception in server logs.
    [10/24/08 10:57:58:467 EDT] 00000039 IDPLoggedExce W com.adobe.idp.common.errors.Logger$LogConsumer run UserM:GENERIC_WARNING: [Thread Hashcode: 1028668752] | [com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean] errorCode:8193 errorCodeHEX:0x2001 message:getPrincipal public chainedException:java.lang.NullPointerExceptionchainedExceptionMessage:null chainedException trace:java.lang.NullPointerException
    at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.getCacheKey s(DirectoryServicesManagerBean.java:1583)
    at com.adobe.idp.um.businesslogic.directoryservices.DirectoryServicesManagerBean.findPrincip al(DirectoryServicesManagerBean.java:1608)
    at com.adobe.idp.um.businesslogic.directoryservices.EJSLocalStatelessDirectoryServicesManage rBean_0dbf3d20.findPrincipal(Unknown Source)
    at com.adobe.idp.um.api.impl.DirectoryManagerImpl.findPrincipal(DirectoryManagerImpl.java:13 8)
    at com.adobe.idp.um.ui.user.CreateNewUserAction.doExecute(CreateNewUserAction.java:139)
    at com.cc.framework.adapter.struts.ActionUtil.execute(Unknown Source)
    at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
    at com.cc.framework.adapter.struts.FWAction.execute(Unknown Source)
    at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
    at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
    at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
    at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1075)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1016)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
    at com.adobe.framework.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:1 73)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
    at com.adobe.idp.um.auth.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:154)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
    at com.adobe.idp.um.auth.filter.PortalSSOFilter.doFilter(PortalSSOFilter.java:113)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java: 190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:771)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:679)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:546)
    at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.jav a:90)
    at com.ibm.ws.web

    Hello Do anyone get anything about above exception, or is there any other information needed, please let me know ?
    I still cannot found the solution for above problem, and it stops me to configuring users on Adobe LiveCycle ES, we have purchased Livecycle ES version 8.0

  • BPEL Process Manager and Collab Suite

    I'm trying to get BPEL Process Manager installed with Collaboration Suite.
    I installed it into the OID database, now I'm following a document entitled "Content Services 10g r1 Custom Workflows" to try and set it up.
    I'm currently trying to get it configured with OID. I've modified jazn.xml in <ORACLE_HOME>/j2ee/OC4J_BPEL/config and <ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config, also the orion-application.xml file and the is_config.xml file.
    When I try to login to the work list app, the URL changes to /worklistapp/TaskList (so I presume I'm being authenticated), but I get a "500 Internal Server Error". The following error message appears in the server.log file:
    06/07/14 15:54:29 Internal error in HttpServer
    java.lang.NullPointerException
    at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealmByDN(Unknown Source)
    at oracle.security.jazn.oc4j.RealmUserManager.getUser(Unknown Source)
    at oracle.security.jazn.oc4j.FilterUserManager.getUser(Unknown Source)
    at com.evermind.server.http.AJPRequestHandler.loadRemoteUser(AJPRequestHandler.java:425)
    at com.evermind.server.http.AJPRequestHandler.initRequest(AJPRequestHandler.java:479)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:194)
    at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:133)
    at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
    at java.lang.Thread.run(Thread.java:534)
    I've changed the default-realm in the jazn.xml and orion-application.xml files (i.e. the realm is dc=domain,dc=company-name,dc=com and I've tried domain, com and the FQDN), but it doesn't seem to be making any difference.
    Any suggestions?
    Thanks,
    Phill

    Ok, don't ask me why, but I tried restarting infrastructure, and it seems to be working now?!!!
    I don't know whether it would make a difference as well but for the moment I'm using the IP address of the server to access it because our internal DNS seems to be playing up.
    Strange!

  • Does Azure SQL support AD and Security Roles

    I would like to create Reporting Service reports using Azure SQL Database.
    It is possible to attach Azure SQL to Active Directly and use its Security Roles so that I can filter reports based on AD groups of report user?
    Kenny_I

    Hi Kenny,
    Thanks for posting here.
    I suggest you to check this link for details.
    http://www.infoq.com/news/2015/02/azure-sql-ad-media
    http://www.developerfusion.com/article/121561/integrating-active-directory-into-azure/
    http://www.codeproject.com/Articles/749588/Role-Based-Access-Control-with-Azure-Active-Direct
    http://azure.microsoft.com/en-us/documentation/articles/best-practices-security/
    Hope this helps you.
    Girish Prajwal

  • Process manager and directory 4.13

    Good day,
    we are into a project to deploy process manager onto our iplanet infrastructure, we already have a corporate directory, v 4.13, I do not want to deploy a second directory for the apps server or the process manager, once the iDS 5.0 SP1 Patch is installed could we use the actual directory for authentication of user and for any other configuration purpose for the apps/process manager, or do I have to install one one the same server then the apps/process manager for configuration purpose only.
    thank you in advance

    I have the same question, too.
    And is there a way to customize the installation of BPEL PM? I would like to install the JBoss AS to another place.

  • Problem with processes repository and BPMN role

    Hi,
    I have created process and now I would like to create new user with BPMN End User role but my CE 7.1 doesn't have such role. I also don't have "Processes and Tasks" tab under Configuration Management >Processes and Tasks. Do You know what is the reason of this situation? What do I need?

    I have the same problem.  menu-caches doesn't die after user logs out of the session (don't have the gamin issue though).  I too am running LXDE.  When a different user logs in via gdm you'll still see the menu-cached processes for other users and I end up having to kill them as root.  I do believe this is a bug with either menu-caches and/or LXDE (or perhaps, more specifically, its session manager).  I've looked high and low through the system to figure out where menu-cached is invoked from and for any sort of associated configuration file to no avail.  I'm left with the conclusion that the invocation of menu-cached is hard-coded into start-lxde. 
    As a ugly-hack workaround you might try making a shell script like the following in /etc/gdm/PostSession/ directory:
    #!/bin/sh
    killall menu-cached
    This of course is only applicable for those running gdm as their display manager.  Also don't forget to make it executable.
    I would imagine that menu-cached not closing on user logout is very much a bug.  Or perhaps, more precisely, something that hadn't gotten put in yet.  Afterall, LXDE is still a relatively new desktop.  A good one at that so far, if you don't mind some of the missing polish that its dev haven't had a chance to add yet.
    If someone else knows a more elegant solution than that please let me, and the other LXDE users, know.
    Last edited by PingFloyd (2009-04-04 02:08:29)

  • Process Management and Subhierarchy Dimension

    Hi All,
    I'm a little in trouble with this new feature in Hyperion Planning. WE are on 11.1.2.1 version.
    So, i defined my Planning Unit (Scenario-Version-Entity) but when i try to add the fourth dimension (Subhierarchy) it doesn't work as i would.
    The requirement is to block the access to a subset of accounts after the user has stopped to input the data. However, when he  "Promotes" the Planning Unit the result is that all the accounts (not only those selected in the subhierarchy) result in a non-writable status.
    the user has write-access on all the Account Hierarchy. I think that this feature allow to block write-access only when the hierarchy is already filtered by security, in particular on those accounts that do not have to enter in the workflow.
    If someone has some ideas please tell me... i would like to block only those accounts and not others.
    Thak you all in advance
    Maurizio

    The OPMN process want to start, and it controls all other processes. Periodically it checks if all other process are still running. This is done via an heart beat mechanism. In the opmn.xml file you can see all the components managed by OPMN and their time-out. If the OPMN does not get a response within that time-out it will restart or stop the process. You can set the number of retries before stop/restart the process.
    I suggest to increase the tim-out and number of retries.

  • IPv6 Address Management and Security Questions

    I'm trying to draft an IPv6-based version of our location's current routing configuration in anticipation of when our ISP will finally roll it out, and address management has been giving me the biggest headache - ironic, considering IPv6 was supposed to simplify address allocation.
    My first config draft was made assuming that I would be getting a static /56 or /60 prefix from the ISP, and I was just going to insert the prefix into my DHCP pools and there would be no issues. That was before reading around and discovering that some ISPs are considering prefix delegation (PD) for both residential and business accounts instead of static blocks. Now I have questions about how to stick as close to the current IPv4 configuration as possible.
    For the PD scenario, what I am looking at now are two addresses ranges for each network - a ULA /120 space that I want to control using stateful DHCPv6, and the global space which can be /64 and auto-configured. That way there will be a "private" address space for internal routing in the event of a prefix change or an extended outage. But I'm not sure how the config should look for such a scenario. What I have drafted so far is this:
    ipv6 dhcp pool DHCP6_INTERNAL
     address prefix FDAB::1:0/120
     domain-name whatever.net
     dns-server FDAB::1:1
    ipv6 dhcp pool DHCP6_DMZ-WIFI
     address prefix FDAB::2:0/120
     domain-name guest.whatever.net
     dns-server FDAB::2:1
    interface GigabitEthernet0
     description WAN-LINK
     ipv6 enable
     ipv6 address dhcp
     no ipv6 unreachables
     no ipv6 redirects
     ipv6 flow ingress
     ipv6 flow egress
     ipv6 virtual-reassembly in
     ipv6 nd autoconfig default-route
     ipv6 dhcp client pd hint ::/56
     ipv6 dhcp client pd ISP-PREFIX
     zone-member security OUTSIDE
     speed auto
     duplex auto
     no cdp enable
    interface FastEthernet8.1
     description VLAN_1-INTERNAL
     encapsulation dot1Q 1 native
     ipv6 enable
     ipv6 address FDAB::1:1/120
     ipv6 address ISP-PREFIX ::1:0:0:0:1/64
     ipv6 flow ingress
     ipv6 flow egress
     ipv6 virtual-reassembly in
     zone-member security INSIDE
     ip tcp adjust-mss 1300
     ipv6 dhcp server DHCP6_INTERNAL
     ipv6 nd managed-config-flag
     ipv6 nd other-config-flag
    interface FastEthernet8.2
     description VLAN_2-DMZ-WIFI
     encapsulation dot1Q 2
     ipv6 enable
     ipv6 address FDAB::2:1/120
     ipv6 address ISP-PREFIX ::2:0:0:0:1/64
     ipv6 flow ingress
     ipv6 flow egress
     ipv6 virtual-reassembly in
     zone-member security DMZ
     ip tcp adjust-mss 1300
     ipv6 dhcp server DHCP6_DMZ-WIFI
     ipv6 nd managed-config-flag
     ipv6 nd other-config-flag
    Will this config work? By which I mean: will the DHCPv6 servers provide ULA addresses, and will SLAAC work for global address allocation? If not, what needs to be changed?
    Also, another question. I found a few references to a prefix name (the "ISP-PREFIX") which can be used as part of a static IPv6 address on an interface, which is a good idea in case the prefix changes. But that brings up another concern - if the prefix changes, that will invalidate ACLs referencing the global addresses using the previous prefix. Is there anything similar to the prefix name string that can be used in ACLs to keep this from occurring?

    DHCPv6-PD is not necessarily dynamic the same way as DHCP was with the public IPv4 addresses in the IPv4 world.
    While the outside network (PPPoE, DHCPv6, anything) might be truly dynamic and changing with possibly every login session, the DHCPv6 delegated prefix might be tied to your login credentials or DHCPv6 client's DUID after the first connection. A bit like a DHCP lease reservation.
    If that is the case, there is some possibility that your ISP will run reverse route injection, and will always route your "fixed" prefix  to the currently active dynamic "outside" address.
    Talk to your ISP and have them confirm that, once the PD'd /48 or /56 is initially assigned, it won't change, and that the same prefix will be delegated every time. Then you can treat it as if it were fully static, and you won't have to go down the ULA path.
    I contacted one of our local ISPs, and they're doing it exactly that way: PPPoE for IPv4 and IPv6 (fully dynamic), and DHCPv6-PD with the /48 tied to the PPPoE login credentials. I might change to that ISP sooner or later.
    With my current ISP, my IPv6 access is 6RD based. I get a /60, with my current public ipv4 address (by DHCP) embedded into those 60 bits. Readressing is bound to happen sooner or later, and it happens every so often, and it breaks my IPv6 ACLs.
    I'm also looking for a way to write IPv6 ACLs with wildcard bits, not prefix/mask, so I can use them with ZBFW. So far, no sign of it.
    A few more comments:
    ULA addressing: 
    It may look tempting, plausible and intuitive to use dual global and ULA addressing. 
    I started this way as well. However, it turns out that Windows 7 has (had?) some issues with proper source address selection. The "longest common prefix" rule never seemed to work properly. In some cases, it would pick the global address to talk to ULA hosts, or stubbornly insist to use the ULA address to talk to an IPv6 internet host. It was a frustrating experience. Be sure to test this to the full extent (and back, and again and then some more) with every operating system you intend to use.
    Using /120:
    Be sure to test this as well, and very thoroughly. Subnet masks longer than /64 are sometimes called "uncharted territory" in IPv6. Longer subnet masks will break SLAAC, and there may be (embedded) devices that will not react benevolently to a subnet mask other than /64, or simply lack support for DHCPv6.
    adjust-mss
    I see you have "ip tcp adjust-mss 1300". While PMTUd may be mandatory with IPv6, I found it being broken already :-( . "ipv6 tcp adjust-mss .... " is now a separate command since IOS 15.4(1). I would suggest considering it, depending with your experience with PMTUd on IPv6.

Maybe you are looking for