Resource permission

Hi,
I have just set-up a resource (a meeting room) with automatic acceptance/decline.
However, I would like to add one delegate to be able to go into the calendar and make amendments e.g. move around or cancel meetings.
I have watch a video online and their example shows a mailbox delegation option within the resource settings, however, i cannot see this option.
How do I go about adding a user to administrate the resource.
Many thanks in advance.

Hi,
From your description, you want to set a delegate on a resource mailbox. If I have misunderstood your concern, please let me know.
You can use the following cmdlet to set a delegate on a resource mailbox:
Set-CalendarProcessing -Identity "xxx" -ResourceDelegates "the primary SMTP address of the user you want to set as the delegate"
For more information, here is an article for your reference.
Set a Delegate on a Resource Mailbox
http://technet.microsoft.com/en-us/library/bb124973(v=exchg.141).aspx
Hope it helps.
Best regards,
Amy
Amy Wang
TechNet Community Support

Similar Messages

Resource Permission stored in DB

Hi Everyone
My customer is using a forms application that he needs to migrate to ADF.
The new application should reuse the existing tables, PL/SQL APIs to such an extent that the old forms application should be available at the same time with the new ADF application as the existing forms will be gradually migrated to ADF over a longer period of time.
In this application there is one menu which is unique. Customer has a table AUTHORISATION to store the permissions on some menu entries (submenu or executable) . Each executable menu entry has a form (fmb) and some columns (with possible values 0 or 1) for the actions allowed on that form:
VIEW - 1 if view action is allowed, 0 if not
CREATE - the same
UPDATE - the same
DELETE - the same
Although he is aware that this is not a very strong security model as users can connect to sqlplus and update the table manually, customer would like to keep this table and to continue using that even in ADF, and not to use Weblogic security provider to manage roles (using SQLAuthenticator for example) in the application as this would be too tedious for him. To make the problem more complicated users can login to the application and then choose the DB they wish to connect to, so this AUTHORISATION table is specific to each DB instance. So there are multiple AUTHORISATION tables (one table in each DB instance), but the user_id/username is the same in all of these tables.
In the ADF application, each form will be equivalent to a taskflow where the same operations would be allowed in page fragments. For example in the taskflow there will be a page fragment to display a list of records, another to display a detail of a record, another that allows to create a new record and so on. The access to the taskflow and within the taskflow needs to be driven by the same table. One taskflow will appear in the menu only once, that is for sure.
I have considered using a resource permission to define a logical entity on a menu entry, and then using expressions such as
#{securityContext.userGrantedResource
['resourceName=myPanel1;
resourceType=myLayoutPanel;
action=myAction']}
to control the access/navigation in the application. However I find it quite hard to adapt is to the current situation. I have build the necessary components so I can extract all the contents of this table and wrap it inside a sessionScope managed bean so that the access to these permissions to be available from anywhere within the user session.I can code the hard way in the application to control access and navigation(by example creating a generic pageFlow managed bean for each taskflow that will have boolean properties for each operation and this managed bean will be initialized at the beginning of the taskflow, then use this managed bean in EL expressions to control the permissions to the actions). There will be a team of developers that willl build each taskflow and there are many taskflows which follows exactly the same pattern (list of records->details/create/delete).I need to make sure there is a easy way to encapsulate all this using security EL if possible so that each developer should work in a consistent manner based on a taskflow template for example that they need to follow/implement.
I am using JDev version 11.1.2.2
Not sure if my approach is the right one, or anyone has better ideas. Please advise.
Thank you in advance
Edited by: Dan Cretu on 31 oct. 2012 23:46

Hi
Thanks Peter for the helpful hints. I am also using one page, main.jsf (in fact there is a taskflow with several method calls to perform some initialization after login and at the end user end up in the same page). I am also using dynamic tabs pattern to show all the taskflows in regions. I have not yet begun the design of the templates ( this is next on my list once I finish designing the security/permission layer), but your experience is really helpful as it very much ressembles what I have. This should help me a lot to design these CRUD taskflows in the same manner as forms.
For view permission and navigation I plan to implement this in the custom NavigationHandler class specified in faces-config.xml. As for the CRUD operations within the taskflow or I plan on using a router activity or a method call activity that would act like a router in order to encapsulate more complex logic if necessary (Haven't decided yet). The real challenge is when the CRUD operations are called from another taskflow opened in another tab. For example, from Departments taskflow to try and add a new employee which is in another taskflow. I guess the employee taskflow will need to have a parameter in order to define the operations to be performed in this taskflow (and use this parameter in a router activity for example) and if the operation is allowed the proper page/fragment for the creation would be shown in the new tab. Still a lot of ideas to put in practice and I need to think ahead of some potential problems in order to make everyone's life easier afterwards :-)
Kind regards

Resource permission to view himself only in resource center

Hi All,
I have a query regarding resource permission. My scenario is how a resource can view/edit only his attributes in the resource center.
I have given Team Member permission and what other permission i need to apply to execute this scenario.
Thanks
Abbas Khan

Hello,
Depending on what category you have added to the Team Member group, lets assume "My Tasks". For the My Tasks category ensure that in the resources section you select "Only include the selected resources:" then "The User is the resource" on the
category. Make sure the category gives them access to at least one resource center view. Now on the Team Member group, select the My Task category (or the category you are using) in the categories section. In the permissions that become enabled ensure "Edit
Enterprise Resource Data" and "View Enterprise Resource Data" are enabled. That should be it.
Paul
Paul Mather | Twitter |
http://pwmather.wordpress.com | CPS

Cross Forrest Resources Permission Issue

Hi, I am facing an odd issue before I describe the issue here is the structure:
we have two forests with two domains. Domain A is in forest A and domain B is forest B. two way trust is established between both forests. we recently upgraded forest A to 2008R2 functional level forest B we have added 2008R2 domain controller but its still
on 2003R2 functional level. after the upgrade the recourses some of the resources on some servers of domain A was not accessable by domain B as it would give 'you might not have permission, there is no logon server available' error. but this was only to some
server shares while some other were just being accessed fine. sometimes if you restart the server the issue is being resolved for maybe another 24 hours the shares are accessible just fine but then after a day or two the issue appears again.
Can anyone please assist in resolving this issue and finding what is causing this ???

Here are the hotfixes.
DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
Post Windows 2008 R2 SP1 HOTFIX available.
APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
Requires a restart.
http://support.microsoft.com/kb/2616776
DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2
Hotfix release - (released 4/15/2011)
http://support.microsoft.com/kb/2508835
Windows 2008 -
DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008
Post Windows 2008 SP2 Hotfix available
Requires a restart.
http://support.microsoft.com/kb/2625735/
DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in Windows Server 2008 R2 - Post Service Pack Hotfix available.
Does not require a restart.
http://support.microsoft.com/kb/2655960
As for your link, cguan provided your answer. I added some info, too.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.

OIM resource permission configuration

Hello,
We are required to configure a user groups that should be able to modify user profile and resource A while restricting modifications on resource B.
If a member of this group makes a modification to the user attribute that would trigger access policy and subsequently changes child table in resource B, OIM fails to update the user since the user has no pinsert ermission for resource B (Error evaluating access policy)..
Is there a solution for this problem?
Thanks

Access policies are mostly for provisioning, you're talking about delegated administration where the delegated admin is allowed to manage resource A but not resource B. This requires customization in both 9.1 and 11g. In 11g there's an authorization policy concept that can be used along with organizations but it's still not a good fit for what you're trying to do. Anyway you can implement this by checking the user's permissions against your own (custom) authorization model. Search the forum, this has come up before.

Could not load my login page

Hi ewerybody
In my application i have configured security with "grant to new objects" and given a role under Application Role called Underwriter with a User by name Sarvanan.
and i have authenticated a Home.jspx in my application and loginPage.jspx is given with anonymous and testall.
Now when i debugg/run my Home.jspx,the page is not at all loading .I know that as it is authenticated it would direct me to the loginPage.jspx but u know i cant c whats happening.
I have been waiting for about 10 minutes for it and still it was not loading .
Can somebody help me please.
I will provide you the jazn-data.xml,web.xml,jps-config.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<jazn-data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-data.xsd">
<jazn-realm default="jazn.com">
<realm>
<name>jazn.com</name>
<users>
<user>
<name>Sarvanan</name>
<display-name>Sarvanan</display-name>
<credentials>{903}MFOhR0q8BDLh7Jw6o+g9j9JFdZFrT1A8YHlPRux+mWw=</credentials>
</user>
</users>
</realm>
</jazn-realm>
<policy-store>
<applications>
<application>
<name>CommonUI</name>
<app-roles>
<app-role>
<name>test-all</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>test-all</display-name>
<members>
<member>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
</member>
</members>
</app-role>
<app-role>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
<display-name>anonymous-role</display-name>
</app-role>
<app-role>
<name>underwriter</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
<display-name>Underwriter</display-name>
<description>
</description>
<members>
<member>
<name>Sarvanan</name>
<class>oracle.security.jps.internal.core.principals.JpsXmlUserImpl</class>
</member>
</members>
</app-role>
</app-roles>
<resource-types>
<resource-type>
<name>RegionResourceType</name>
<display-name>Web Page</display-name>
<description>Example of registered resource type</description>
<matcher-class>oracle.adf.share.security.authorization.RegionPermission</matcher-class>
<actions-delimiter>,</actions-delimiter>
<actions>view</actions>
</resource-type>
</resource-types>
<resources>
<resource>
<name>Pages.loginPagePageDef</name>
<display-name>loginPage (Pages)</display-name>
<description>Pages.loginPagePageDef</description>
<type-name-ref>RegionResourceType</type-name-ref>
</resource>
</resources>
<permission-sets>
</permission-sets>
<jazn-policy>
<grant>
<grantee>
<principals>
<principal>
<name>test-all</name>
<class>oracle.security.jps.service.policystore.ApplicationRole</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.controller.security.TaskFlowPermission</class>
<name>/WEB-INF/out-pro-treayt-setup.xml#out-pro-treayt-setup</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.loginPagePageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.errorPagePageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<name>anonymous-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAnonymousRoleImpl</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.loginPagePageDef</name>
<actions>view</actions>
</permission>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.errorPagePageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
<grant>
<grantee>
<principals>
<principal>
<name>authenticated-role</name>
<class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>
</principal>
</principals>
</grantee>
<permissions>
<permission>
<class>oracle.adf.share.security.authorization.RegionPermission</class>
<name>Pages.HomePageDef</name>
<actions>view</actions>
</permission>
</permissions>
</grant>
</jazn-policy>
</application>
</applications>
</policy-store>
</jazn-data>
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Security precaution to prevent clickjacking: bust frames if the ancestor window domain(protocol, host, and port) and the frame domain are different. Another options for this parameter are always and never.</description>
<param-name>oracle.adf.view.rich.security.FRAME_BUSTING</param-name>
<param-value>differentDomain</param-value>
</context-param>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>


<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>


<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adf.view.faces.bi.webapp.MapProxyServlet</servlet-class>
</servlet>

<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/Pages/Home.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>2</session-timeout>
</session-config>
<mime-mapping>
<extension>swf</extension>
<mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<mime-mapping>
<extension>amf</extension>
<mime-type>application/x-amf</mime-type>
</mime-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/Pages/loginPage.jspx</form-login-page>
<form-error-page>/faces/Pages/errorPage.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
</web-app>
<?xml version = '1.0' encoding = 'Cp1252'?>
<jpsConfig xmlns="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/11/jps-config-11_1.xsd">
<property value="doasprivileged" name="oracle.security.jps.jaas.mode"/>
<serviceProviders>
<serviceProvider class="oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider" name="credstore.provider" type="CREDENTIAL_STORE">
<description>Credential Store Service Provider</description>
</serviceProvider>
<serviceProvider class="oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider" name="jaas.login.provider" type="LOGIN">
<description>Login Module Service Provider</description>
</serviceProvider>
<serviceProvider class="oracle.security.jps.internal.idstore.xml.XmlIdentityStoreProvider" name="idstore.xml.provider" type="IDENTITY_STORE">
<description>XML-based IdStore Provider</description>
</serviceProvider>
<serviceProvider class="oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider" name="policystore.xml.provider" type="POLICY_STORE">
<description>XML-based PolicyStore Provider</description>
</serviceProvider>
<serviceProvider class="oracle.security.jps.internal.anonymous.idm.IdmAnonymousServiceProvider" name="anonymous.provider" type="ANONYMOUS">
<description>Anonymous Service Provider</description>
</serviceProvider>
</serviceProviders>
<serviceInstances>
<serviceInstance provider="credstore.provider" name="credstore">
<property value="./" name="location"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="saml.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.saml.JpsSAMLLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="www.oracle.com" name="name"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="krb5.loginmodule">
<property value="com.sun.security.auth.module.Krb5LoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="true" name="storeKey"/>
<property value="true" name="useKeyTab"/>
<property value="true" name="doNotPrompt"/>
<property value="./krb5.keytab" name="keyTab"/>
<property value="HOST/[email protected]" name="principal"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="oam.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.oam.OAMLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="$ACCESS_SDK_HOME" name="access.sdk.install.path"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="admin.tool.loginmodule">
<property value="oracle.security.jazn.login.module.RealmLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="digest.authenticator.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.digest.DigestLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="certificate.authenticator.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.x509.X509LoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="jaas.auth.manager.loginmodule">
<property value="oracle.security.jazn.login.module.WSSLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="saml.auth.manager.loginmodule">
<property value="oracle.security.jazn.login.module.saml.SAMLLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="www.oracle.com" name="issuer.name.1"/>
<property value="orasign" name="issuer.trustpointalias.1"/>
<property value="oracle" name="issuer.keystorepassword.1"/>
<property value="config/oraks.jks" name="issuer.keystorepath.1"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="wss.digest.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.digest.WSSDigestLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
<serviceInstance provider="jaas.login.provider" name="idstore.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.idstore.IdStoreLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
<property value="false" name="remove.anonymous.role"/>
</serviceInstance>
<serviceInstance provider="idstore.xml.provider" name="idstore.xml">
<property value="./jazn-data.xml" name="location"/>
<property value="OBFUSCATE" name="jps.xml.idstore.pwd.encoding"/>
<property value="jazn.com" name="subscriber.name"/>
</serviceInstance>
<serviceInstance provider="policystore.xml.provider" name="policystore.xml">
<property value="./jazn-data.xml" name="location"/>
<property value="false" name="oracle.security.jps.policy.principal.cache.key"/>
</serviceInstance>
<serviceInstance provider="anonymous.provider" name="anonymous"/>
<serviceInstance provider="jaas.login.provider" name="anonymous.loginmodule">
<property value="oracle.security.jps.internal.jaas.module.anonymous.AnonymousLoginModule" name="loginModuleClassName"/>
<property value="REQUIRED" name="jaas.login.controlFlag"/>
<property value="true" name="debug"/>
<property value="true" name="addAllRoles"/>
</serviceInstance>
</serviceInstances>
<jpsContexts default="CommonUI">
<jpsContext name="CommonUI">
<serviceInstanceRef ref="idstore.xml"/>
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="anonymous"/>
<serviceInstanceRef ref="policystore.xml"/>
<serviceInstanceRef ref="idstore.loginmodule"/>
</jpsContext>
<jpsContext name="anonymous">
<serviceInstanceRef ref="credstore"/>
<serviceInstanceRef ref="anonymous"/>
<serviceInstanceRef ref="anonymous.loginmodule"/>
</jpsContext>
</jpsContexts>
</jpsConfig>
<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.1/weblogic-web-app.xsd"
xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
<security-role-assignment>
<role-name>valid-users</role-name>
<principal-name>users</principal-name>
</security-role-assignment>
</weblogic-web-app>
Edited by: 937558 on Aug 5, 2012 10:34 PM

Thanks Arun for ur early reply,
I am Using the Jdev Studio Edition Version 11.1.2.1.0 .
And i have given the permissions to Home.jspx as authenticated and for all the others i have given the permissions as anonymous,testall.
Please kindly reply.
I can provide u the Debugging Integrated Weblogic log:
*** Using HTTP port 7101 ***
*** Using SSL port 7102 ***
C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\bin\startWebLogic.cmd
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_jdev1112\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK160~1\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_10.3.5.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\xqrl.jar
PATH=C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\native;C:\Oracle\MIDDLE~1\patch_jdev1112\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~1\jre\bin;C:\Oracle\MIDDLE~1\JDK160~1\bin;C:\Oracle\11g;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\;c:\Program Files\Intel\DMIX;C:\Program Files\Intel\Services\IPT\;C:\Program Files\Enterprise Vault\EVClient\;C:\Oracle\MIDDLE~1\WLSERV~1.3\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_24"
Java(TM) SE Runtime Environment (build 1.6.0_24-b50)
Java HotSpot(TM) Client VM (build 19.1-b02, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\JDK160~1\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\weblogic.policy -agentlib:jdwp=transport=dt_socket,server=y,address=57042 -Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -Djavax.net.ssl.trustStore=C:\Users\RAJESH~1.RED\AppData\Local\Temp\trustStore1425708266528215067.jks -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.3 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.3\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1 -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\Users\RAJESH~1.RED\AppData\Roaming\JDEVEL~1\SYSTEM~1.81\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1035\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_jdev1112\profiles\default\sysext_manifest_classpath weblogic.Server
Listening for transport dt_socket at address: 57042
Debugger connected to local process.
<Aug 6, 2012 11:02:14 AM AST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Aug 6, 2012 11:02:14 AM AST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Aug 6, 2012 11:02:14 AM AST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 19.1-b02 from Sun Microsystems Inc.>
<Aug 6, 2012 11:02:15 AM AST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
<Aug 6, 2012 11:02:16 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Aug 6, 2012 11:02:16 AM AST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Aug 6, 2012 11:02:16 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:02:16 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00076. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<Aug 6, 2012 11:02:16 AM AST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
Aug 6, 2012 11:02:17 AM com.sun.xml.bind.v2.runtime.reflect.opt.AccessorInjector <clinit>
INFO: The optimized code generation is disabled
<Aug 6, 2012 11:02:19 AM AST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Aug 6, 2012 11:02:20 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:02:20 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log00282. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log.>
<Aug 6, 2012 11:02:22 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Aug 6, 2012 11:02:22 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<MessageLocalizationHelper> <getLocalizedMessage> The resource for bundle "oracle.jrf.i18n.MBeanMessageBundle" with key "oracle.jrf.JRFServiceMBean.checkIfJRFAppliedOnMutipleTargets" cannot be found.
<Aug 6, 2012 11:02:51 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:02:51 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00046. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<Aug 6, 2012 11:02:51 AM AST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Aug 6, 2012 11:02:51 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Aug 6, 2012 11:02:51 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias DemoIdentity from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoIdentity.jks.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\WLSERV~1.3\server\lib\DemoTrust.jks.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file C:\Oracle\MIDDLE~1\JDK160~1\jre\lib\security\cacerts.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 172.20.101.98:7102 for protocols iiops, t3s, ldaps, https.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 172.20.101.98:7101 for protocols iiop, t3, ldap, snmp, http.>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Aug 6, 2012 11:02:52 AM AST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
IntegratedWebLogicServer startup time: 39846 ms.
IntegratedWebLogicServer started.
[Running application CommonUI on Server Instance IntegratedWebLogicServer...]
[11:02:53 AM] Web Module CommonUIWebApp.war recognized in project CommonUI.jpr
[11:02:53 AM] ---- Deployment started. ----
[11:02:53 AM] Target platform is (Weblogic 10.3).
[11:02:53 AM] Retrieving existing application information
[11:02:53 AM] Running dependency analysis...
[11:02:53 AM] Deploying 2 profiles...
[11:02:54 AM] Wrote Web Application Module to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\o.j2ee\drs\CommonUI\CommonUIWebApp.war
[11:02:54 AM] Wrote Enterprise Application Module to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\o.j2ee\drs\CommonUI
[11:02:54 AM] Deploying Application...
<CodebasePolicyHandler> <migrateDeploymentPolicies> Migration of codebase policy failed. Reason: oracle.security.jps.JpsException: java.lang.reflect.InvocationTargetException.
<AppPolicyHandler> <migrateAppPolicies> Migration of application policy failed. Reason: oracle.security.jps.JpsException: java.lang.reflect.InvocationTargetException.
[11:03:03 AM] Application Deployed Successfully.
[11:03:03 AM] The following URL context root(s) were defined and can be used as a starting point to test your application:
[11:03:03 AM] http://172.20.101.98:7101/CommonUI-CommonUI-context-root
[11:03:03 AM] Uploading jazn-data users.
[11:03:03 AM] Updating user "Sarvanan".
[11:03:03 AM] Elapsed time for deployment: 10 seconds
[11:03:03 AM] ---- Deployment finished. ----
Run startup time: 10129 ms.
[Application CommonUI deployed to Server Instance IntegratedWebLogicServer]
Target URL -- http://172.20.101.98:7101/CommonUI-CommonUI-context-root/faces/Pages/loginPage.jspx
<Aug 6, 2012 11:03:30 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:03:30 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log00283. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log.>
<Aug 6, 2012 11:03:54 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:03:54 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log00284. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log.>
<Aug 6, 2012 11:04:17 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:04:17 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log00285. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log.>
<Aug 6, 2012 11:04:40 AM AST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Aug 6, 2012 11:04:40 AM AST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log00286. Log messages will continue to be logged in C:\Users\rajesh.reddy\AppData\Roaming\JDeveloper\system11.1.2.1.38.60.81\DefaultDomain\servers\DefaultServer\logs\access.log.>
Edited by: 937558 on Aug 6, 2012 1:06 AM

Access Denied while trying to delete document

In SharePoint 2013, if the user ONLY has contribute access to a library, (user does not have access to the site) and if the user tries to delete a file, it throws an error message.
Access Denied: You do not have permission to perform this action or access this resource.
permission inheritance is broken on library level, Contribute Permission does have these options checked delete files, versions, and view application pages, but can not delete file.
If read access is provided to the site level, then user can delete file, why is that ?
using SharePoint 2013 Standard Edition.

Does the user get the error both from the ribbon and from the "...", "..." menu?
If a user has the Delete Items permission, but not the Use Remote Interfaces permission then they can delete files from the ribbon, but when attempting to delete from the content dropdown (Edit Control Block) will get Access Denied.
I'd like to try to duplicate your problem...
Is versioning enabled? Major or major and minor versions?
Is this consistent with all document types? .txt, pdf, docx, etc.
Is the file in a Document Set?
Is there a workflow running on the documents?
Is the document assigned to a custom Content Type?
Any other settings?
Mike Smith TechTrainingNotes.blogspot.com
Books:
SharePoint 2007 2010 Customization for the Site Owner,
SharePoint 2010 Security for the Site Owner

ADF: Read only user access to application role on BTFs

Hi,
My JDeveloper version is 11.1.1.5
I am trying to create read only users in my adf application. But I am unable to give read only permissions to the user on bounded task flows/ .jssf page which have editable tables and forms.
I have searched for the information, I did not find any solution.
Could some one please help me?
Many thanks in Advance
--Anil
Edited by: 977652 on Apr 5, 2013 6:50 AM

If you are using ADF BC, you can protect fields at EO level or protect the entire EO (check the security tab). The frontend will then render fields as read-only if your user is only allowed read permissions.
If you are not using ADF BC, you can implement a custom resource permission as described here (ignore the fact that this is for an entity, the principle remains the same) http://www.oracle.com/technetwork/developer-tools/adf/learnmore/76-insert-update-entity-protection-334421.pdf
You must then add an el expression to each fields readOnly attribute or you can implement a phaselistener that traverses all fields enclosed within a form and make them readonly.

How to change massively in some folders the permissions owner ?

Hi:
We have some folders in SAP Portals 2004s (7.0) with a user which is the ACL permission owner and the Services permission owner of these folders.
We need to change that owner massively in these folders to a group without using the user of that owner.
How can we do that ?
Thanks in advance,
Felipe Mendivil Ortiz

Hi Felipe,
it seems that you have missed one thing (in terms of understanding).
The System Principal is a special permission. It is like defining a super admin user who is able to do a lot of administrative things in the Knowledge Management platform. This special permission can be applied to every existing portal user (independent of the other permissions the user has) but also to a group or a role. All users assigned in that group or with that role will become a system principal and have the defined permissions.
As you've mentioned above, when you create a new system principal definition you can type the following:
1) Name - To be on the safe side I would use here the same UserId/RoleID/GroupID as in the User Name /Role Name /Group Name field.
2) Change Resource Permissions - If you check this box, as mentioned in SAP Help, the defined user/role/group is able to change resource permission for every resource (document or folder).
3) Service ACLs - Yes, here you define if the user/role/group should also be able to change service permissions for every resource (document or folder), or not.
4) Set System Properties - This is for properties that are not set over the UI (Details screen) but can only be set via API. Sometimes you want to have a system user, which you define as system principal and give him this permission to user this user to set system properties.
5) Unlock Permission - As mentioned in the SAP Help link, with this permission a system principal could remove document locks set by other users.
6) Resource Permissions - Here you define what the system principal (user/group/role) is allowed to do in KM (besides the above defined status of changing permissions). If you selected only READ, the system principal will only be able to read ALL resources (files/folders) in KM. It should be clear what happens if you define READ, WRITE, DELETE.
7) User Name - Type here the User ID of the user(s) that you want to give this system principal status. You can have here a comma separated list.
8) Audit Actions - By checking this box, every time the mentioned user changes permission / unlocks objects / etc. this action will logged. You will be able to see it in the [KM audit|http://help.sap.com/saphelp_nw04/helpdata/en/44/a9b4e2f9677455e10000000a11466f/frameset.htm].
You will not find a initial path definition, because you can not restrict a system principal on a special path. The system principal is defined global for ALL KM repositories.
Hope this clarifies all your questions,
Robert

Oracle ADF Security

Dear All,
we have created some good number of Custom ResourcePermissions in our Oracle ADF 11g Application. we are trying to refer the permissions with wildcard character in jazn-data.xml. The same worked well for taskflows.
Is there anyway that we can implement wildcard character in custom resource Permissions ?
we are calling hasPermission() API to check whether permission exists or not. Currently this method returns false when we configured the resource name in wildcard character.
For example, actual key - a.b.c.menu
wild card character we are referring for this key is a.*.*.menu . The hasPermission() returns false for this case.
Regards
Deivee

Hi,
more an OPSS question than ADF Security. Anyway, the answer is
"No wildcard use is supported in a resource permission."
See: The OPSS Policy Model - 11g Release 1 (11.1.1)
Frank

Problem with Import Computer Information Wizard not doing check for MAC or GUID already in database

Hi,
My client is using SCCM 2012 RTM in a standalone site.
Yesterday, a technician was preparing computers to deploy OS. He was in a replace scenario and mistakenly mixed the MAC address of the source computer with the one of the new computer.
So when importing computer information for the new one, he entered the wrong MAC address; the one of the source computer already existing in the SCCM database.
I expected the Import Computer Information wizard to generate an error, but no, the import was successful resulting with the source computer DDR being overwritten...
We spent (and lost) time recreating the DDR for the source computer so we could create the computer association for USMT migration.
2 years ago, I opened a call with Microsoft for the exact same issue with SCCM 2007. At that time, they told me that no hotfix would be developped for this bug since there was a workaround (overwritten DDR will re-create itself with Heartbeat
discovery over time) and SCCM 2012 was coming up.
It seems to me that they forgot to fix the issue in 2012. It doesn't seem to be fixed with SP1 as I didn't find anything about it in SP1 doc..
Can someone confirm this bug and can Microsoft do something? Or is there a hotfix already available for it?
Tnx
Patrick

Well you could always remove the Delete Resource permission from the technicians User Rights :P
The option to not overwrite the existing computer object, is right there in the SDK.
So it's anyone's guess, why they haven't added an checkbox in the Import Computer Information wizard and why overwrite is set as the default.
Anyways...you can use the following PowerShell script instead of the Import Wizard.
Just open up a PowerShell console, type in . X:\Path\To\Script\ScriptName.ps1 and
then type New-SCCMComputer
Or you can create a shortcut with the following target %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -NoExit -Command . X:\Path\To\Script\New-SCCMComputer.ps1; New-SCCMComputer
You will need to change the default values for $SiteServer and $SiteCode to your environment
Function New-SCCMComputer
[CmdletBinding()]
Param(
[Parameter(Mandatory=$False)] $SiteServer = "Server.Domain.Local",
[Parameter(Mandatory=$False)] $SiteCode = "PS1",
[Parameter(Mandatory=$True,HelpMessage="Please Enter the Computers Name")] $ResourceName,
[Parameter(Mandatory=$True,HelpMessage="Please Enter the Computers MAC ")] $ResourceMAC
#ImportComputer
$WMIConnection = ([WMIClass]"\\$($SiteServer)\root\SMS\Site_$($SiteCode):SMS_Site")
$NewEntry = $WMIConnection.psbase.GetMethodParameters("ImportMachineEntry")
$NewEntry.MACAddress = $ResourceMAC
$NewEntry.NetbiosName = $ResourceName
$NewEntry.OverwriteExistingRecord = $False
$Resource = $WMIConnection.psbase.InvokeMethod("ImportMachineEntry",$NewEntry,$null)
if ($Resource)
if ($Resource.MachineExists) {
Write-Host "ERROR: MACAddress allready exists" -foregroundcolor red
} else {
Write-Host "Succesfully imported the computer information" -foregroundcolor green
} else {
Write-Host "ERROR: Could not import the computer information" -foregroundcolor red
Best Regards
Claus Codam
Consultant, Developer
Coretech -
Blog

You do not have security rights to perform this operation exception occurred in CreateComputerVariable method

I am getting an exception near computerSettings.Put();Its throwing an exception as You do not have security rights to perform this operation..Can i know exactly when does this error occur..
Details of Error:
ConfigMgr Error Object:
instance of SMS_ExtendedStatus
CauseInfo = "5";
Description = "CSspMachineExtProperties: ERROR_ACCESS_DENIED: ";
ErrorCode = 1112017925;
File = "e:\\qfe\\nts\\sms\\siteserver\\sdk_provider\\smsprov\\sspmachineextprops.cpp";
Line = 958;
ObjectInfo = "";
Operation = "PutInstance";
ParameterInfo = "";
ProviderName = "ExtnProv";
StatusCode = 2147749889;
stack trace:
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put(ReportProgress progressReport)
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObject.Put()
at TestWqlManage.Program.CreateComputerVariable(WqlConnectionManager connection, String siteCode, List`1 variables, Int32 computerId) in /path/path/path
ComputerVariable Method where exception occurs
public static string CreateComputerVariable(WqlConnectionManager connection, string siteCode, List<ComputerVariableDC> variables, int computerId)
try
// Get the computer settings.
IResultObject computerSettings = null;
IResultObject computerSettingsQuery = connection.QueryProcessor.ExecuteQuery(
"Select * from SMS_MachineSettings where ResourceId = '" + computerId + "'");
foreach (IResultObject settings in computerSettingsQuery)
computerSettings = settings;
if (computerSettings == null) // It doesn't exist, so create it.
computerSettings = connection.CreateInstance(@"SMS_MachineSettings");
computerSettings["ResourceID"].IntegerValue = computerId;
computerSettings["SourceSite"].StringValue = siteCode;
computerSettings["LocaleID"].IntegerValue = 1033;
computerSettings.Put();
computerSettings.Get();
// Create the computer variable.
List<IResultObject> computerVariables = computerSettings.GetArrayItems("MachineVariables");
foreach (ComputerVariableDC variable in variables)
IResultObject computerVariable = connection.CreateEmbeddedObjectInstance("SMS_MachineVariable");
computerVariable["Name"].StringValue = variable.Name;
computerVariable["Value"].StringValue = variable.Value;
computerVariable["IsMasked"].BooleanValue = false;
computerVariables.Add(computerVariable);
computerSettings.SetArrayItems("MachineVariables", computerVariables);
computerSettings.Put();
return computerId.ToString();
catch (SmsException e)
Console.WriteLine("Failed to create computer variable: " + e.Message);
//throw;
//return e.Message;
throw e;

Hi,
What's the error when you create a computer variable manually?
Please make sure you have give "Modify Resource" permission to this user. You could see it in Administration workspace -> Security -> Security Roles -> Full Administrator -> Collections -> Modify Resource.
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Project 2010 Server - Users loosing permissions to Projects

Hi all.
I am having an issue where some of our users are loosing permissions to certain projects. It is not always the same ones. It is even ones that they own.
I have done some searching through the forums but cannot seem to find the same issue.
Has anyone come across this or know what could be causing it?
We are running Project 2010 server on SharePoint 2010 platform.
Thanks for reading.

User are losing permission in project site or project ?? If it is project site then
May be users to whom access has been given manually and after every publish and change resource permission they were loose the permission to project site.
Choose only one approach described below then you will not face the issue
1.either Check to automatically synchronize Project Web App users" in PWA --> Server setting so that all the resource who are present in Project build team get the access.
http://technet.microsoft.com/en-us/library/cc197668(v=office.14).aspx
When you have this enabled, it doesn't sync all of the Project Web App users from the top level site, it only syncs users to the project site that should have access based on the following rules:
Project managers who have published a project or who have Save Project
permissions on a project are added to the Project Managers (Microsoft Project
Server) site group.
Team members with assignments in a project are added to the Team members
(Microsoft Project Server) site group.
Other Project Server users who have View Project Site permission on a
project are added to the Readers (Microsoft Project Server) site group.
2. or If you disable Check to automatically synchronize Project Web App users" then either Administrator need to give access to project site to required resources. this one is manual work and hectic to administrator to mention the up to date permission
kirtesh

Issue with User web page into Call Manager

Hello
I have an issue where all my users can log into their User page on UCM but when they make a change to speed dial or anything else, the change does not reflect on the phone in UCM. Doing a reset from their web page doesn't reset the phone. This is UCM 7.1.5 and the standard ccm end user group is enable for all end users.
thanks

Hi Bill -
Have you verified your User Management Roles and effective permissions? Go to User Management - Roles - select Standard CCMUSER Administration and for the permissions you want, ensure both Read and Update are selected.
Role Information
Application
Cisco Call Manager End User
Name
Description
Resource Access Information
">Resource Description Privilege
read                                               update
CCMUser: Access List
read                       update
CCMUser: Device
read                       update
CCMUser: Directory
read                       update
CCMUser: Fast Dials
read                       update
CCMUser: IP Phone Services
read                       update
CCMUser: Line Settings
read                       update
CCMUser: Personal Address Book
read                       update
CCMUser: Plugins
read                       update
CCMUser: RemoteDestination
read                       update
CCMUser: Service URL
read                       update
CCMUser: Speed Dial User
read                       update
CCMUser: User Settings
read                       update
You can also check an individual's effective permissions by using these procedures:
Viewing a User's Roles, User Groups, and Permissions
This section describes how to view the roles, user groups, and permissions that are assigned to a user that belongs to a specified user group. Use the next procedure to view the roles, user groups, and permissions that are assigned to a user in a user group.
Note: You can also view user roles by using User Management > Application User (for application users) or User Management >End User (for end users) to view a particular user and then display the user roles.
Choose User Management > User Group.
The Find and List User Groups window displays.
Find the user group that has the users for which you want to display assigned roles.
Click the name of the user group for which you want to view the roles that are assigned to the users.
The User Group Configuration window displays for the user group that you chose. The Users in Group pane shows the users that belong to the user group.
For a particular user, click the i icon in the Permission column for the user.
The User Privilege window displays. For the user that you chose, this information displays:
User groups to which the user belongs
Roles that are assigned to the user
Resources to which the user has access. For each resource, this information displays:
Application
Resource
Permission (read and/or update)
Now if both items above look OK, you might check your DB replication status. I assume you have a Publisher and one or more Subscribers? User phones registered to Subscriber? You can check replication several ways:
CLI
RTMT
Unified Reporting on CUCM administrator web page - select "Unified CM Database Replication Debug" report. This is the easiest.
The desired Replication State is 2.
Here is some further information:
Check the DB replication status on all the Cisco Unified Communications Manager nodes in the cluster to ensure that all servers are replicating database changes successfully. You can check by using either RTMT or a CLI command.
• To check by using RTMT, access the Database Summary and inspect the replication status.
• To check by using the CLI, enter the command that is shown in the following example: admin: show perf query class "Number of Replicates Created and State of Replication"
==>query class :
- Perf class (Number of Replicates Created and State of Replication) has instances and values:
ReplicateCount -> Number of Replicates Created = 344 ReplicateCount -> Replicate_State = 2
Be aware that the Replicate_State object shows a value of 2 in this case. The following list shows the possible values for Replicate_State:
0—Replication Not Started. Either no subscribers exist, or the Database Layer Monitor service is not running and has not been running since the subscriber was installed.
1—Replicates have been created, but their count is incorrect.
2—Replication is good.
3—Replication is bad in the cluster.
4—Replication setup did not succeed.
I'm thinking it's more your Roles/permissions and not replication, but I included just in case. Hope this helps!
Ginger

My iPhone 4 has been saying You do not have permission to access the requested resource whenever I try to watch one of the episodes I bought from iTunes. It will not let me watch them and I don't know why.

A few days ago I bought a season of the series Psych off of iTunes. I was able to watch the first bunch without a problem but now all of a sudden when I try to watch one it says "You do not have permission to access the requested resource". I tried restarting my phone but that do not help. I cleared up a lot of space on my phone as well. I have and iPhone 4 with the update of iOS 6.1.3.

Are you using the same Apple ID that the purchase was linked to? I had this issue with a shared device, and the other person had logged out of my ID and logged in with hers.
If it's the same ID, then try redownloading the purchase.

Resource permission

Similar Messages

Maybe you are looking for