Role Access : SS Provision Report vs Workspace Security Extract

Similar Messages

• A simple report to list security access on all folders

  Hi there
  I want a simple report to list security access on all folders (group wise)
  any help ...??
  Thanks.
  Rakesh.

  Hi AnTiiiKa,
  For this issue, you can first retrieve all the users on the site, then get all permissions of each user. With this PowerShell Script you could retrieve all Permissions for a Specific User for a SiteCollection
  on all Webs and Subwebs, Lists and Items. Here is an article about how to get  all Roles and Groups from the User and the URL.  
  SharePoint SP2010 - Retrieve all User Permissions via PowerShell:
  http://sp2010userperm.codeplex.com/
  save the report to a csv (excel file):
  $web = Get-SPWeb http://address/site/site/site
  $user=$web.AllUsers
  Get-SPWeb YOURURL | Get-SPUserEffectivePermissions $user | Export-Csv -NoTypeInformation
  -Path c:\perms.csv
  Please inform me freely if you have any questions.
  Thanks

• Error encountered while signing: The Windows Cryptographic Service Provider reported an error: Access was denied because of a security violation. Error Code: 2148532330

  Last night when i tried to sign a document i received the mesage below and after that it says this document can't be signed what can i do to fix this problem.
  Error encountered while signing:
  The Windows Cryptographic Service Provider reported an error:
  Access was denied because of a security violation.
  Error Code: 2148532330

  I assume you are implying "biztax" application here, right?
  I have contacted their program lead, with no result at all.
  Past days I have been searching for a solution - reinstalls / new systems - no solution.
  This issue appeared a week or two ago only.
  I found http://forums.adobe.com/message/5338853 useful - but no positive results either.
  http://test.eid.belgium.be/faq/faq_nl.htm obviously didnt help either.
  If anyone finds a solution to this issue, please do let me know - any help is appreciated.
  Biztax tells to use the "signature", not the "authentication"  - but it is only Auth. that is showing up as option to sign (that works)
  ps, did you fiddle with the Adobe Reader XI security settings and import that PKI etc as well? I hoped that would be the breaktrough. Sadly i'm still crying in my chair.
  Oh, and dont forget: they claim nobody else got this issue. Maybe one or two people. (We got about 8 customers experiencing exactly the same symptoms at the same time )
  >  I noticed that when I try to open the pdf  document that is 'signed' by the government it is not showing the filename in the title bar, but only " - Adobe Reader".    every piece of info helps I guess.
  Obviously last version of Reader   11.0.03

• HspRuntimeException while running the report from Workspace

  Hi
  When a user is trying to run a report from Workspace, it prompts teh following error:
  Failed to sync with user provisioning. Check Planning log for detailscom.hyperion.planning.HspRuntimeException
  The report contains 2 grids, 1 pointing to an ASO application, while second pointing to BSO planning application.
  I checked in shared services, the user has the admin access to planning application which is used in the report.
  I tried the following:
  Checked access to planning application for the user
  Restarted the planning application services
  Where in logs will i be able to find details?
  Can anyone suggest some solution?

  Try option 1 then option2:
  Please undertake changes in a test environment. Retest issue and if resolved migrate to other appropriate environments.
  Option 1:
  Verify NETDELAY and NETRETRYCOUNT are at least 1000 & 1500 respectively.
  To set NETDELAY and NETRETRYCOUNT:
  1. Open Essbase.cfg located in Essbase\Bin directory.
  2. Add the following entries
  NETDELAY 1000
  NETRETRYCOUNT 1500
  Restart Essbase agent (windows service)
  Option 2:
  Please backup the registry before making any manual modification.
  1.) Open the Registry
  2.) Navigate to Local Machine\System\CurrentControlSet\Services\TCPIP\Parameters
  3.) Add new DWORD Value named TcpTimedWaitDelay, right click and select Modify. Select decimal radio button, type in 30. (The default value of this parameter is 2 minutes. This is how long it will take for a TCP/IP port that was used by the network for a connection to be released and made available again. 30 sec is the minimum allowed by Microsoft)
  4.) Add new DWORD Value named MaxUserPort, right click and select Modify. Select decimal radio button, type in 65534. ( The default value is 5000.
  This determines the highest port number TCP can assign when an application requests an available user port from the system.
  5.) Add new DWORD Value named MaxFreeTcbs, right click and select Modify.
  Select decimal radio button, type in 6250. (The default value is 2000. This determines the number of TCP control blocks (TCBs) the system creates to support active connections. Because each connection requires a control block, this value determines how many active connections TCP can support simultaneously. If all control blocks are used and more connection requests arrive, TCP can prematurely release connections in the TIME_WAIT state in order to free a control block for a new connection.)
  The above parameters need to be added to the registry on the Planning and Essbase servers. Reboot the servers after the parameters are added.

• Few Users are unable to open reports from workspace

  Hi ,
  Few users are nt able to open reports from workspace. Can anyone let em know what all privalleges we need to give for the users who want to open reports.
  Thanks in Advance

  In general if a user can see a report and cannot open, this should be related with the application security that the reports' grid is connecting.
  If opening request from users are failing with an error, please paste the error here,
  Sometimes reports may be open with blank pages or no data, make sure users have necessary access to data...easy way to check this, connect to application and try to retrieve data from application, Lets say your report grid is connecting to Essbase, try if you can retrieve same grid from essbase excel add-in.
  Good Luck,
  Ahmet

• Proxy error while running the financial report in workspace.

  Hi,
  We are using the Hyperion financial reporting 9.3.1 with Essbase as a data source.
  While running a report in workspace, we are getting the 'Proxy error' meassage, which is following-
  "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  '<html><head>
  <title>502 Proxy Error</title>
  </head><body>
  Proxy Error
  <p>The proxy server received an invalid
  response from an upstream server.<br />
  The proxy server could not handle the request <em><a
  href="/hr/modules/com/hyperion/reporting/web/reportViewer/HRRunJob.jsp">GET /hr/modules/com/hyperion/reporting/web/reportViewer/HRRunJob.jsp</a></em>.<p>
  Reason: <strong>Error reading from remote server</strong></p></p>
  </body></html>"
  Do anybody have any idea on this? Any help will be appriciated on this.
  Thanks & Regards,
  Mohit Jain

  Hi Iain,
  We are using Microsoft Internet explorer 6.0. I am not sure about the 'proxy' (As we don't have any proxy setting in Tool--> Internet options--> connection--> LAN setting). We are accessing the Workspace and FR studio via Citrix application. How can I check the proxy.
  Also, I noticed one more point, Report has prompt for seleting 'Account hierarchy'.If we run the report only for one account hierarchy, report is returning the data but while running for multiple account hierarchy, it is throwing the 'Proxy error' as memtioned above.
  Please help us on this.
  Thank & Regards,
  Mohit

• While running a report through workspace getting "Null" error

  While running a report through workspace i am getting "Null" error.i have checekd the db connection and also access to hfm.
  Thanks

  Hi Raj,
  There are a few OSS Notes for your issue.
  If your Query has hierarchy in it then check 734184
  If your query is based on Infoset then check Note 784502 and 701941.
  Also check 668921.
  Bye
  Dinesh

• Error on running reports with filters/security

  Post Author: mishel
  CA Forum: Publishing
  Hi,    I am trying to run a report with filters/security defined via Business View.  When I run the report as administrator, I am able to view successfully.  However, when I login as test/dummy account which filters my parameters, I am getting such error - "A request was cancelled.  The necessary security privileges could not be verified.  This indicates a problem with the security server."  Appreciate all the help I can get.Thank you,Michelle

  Hi onizga,
  According to your description that you are migrating SSRS 2008 R2 reports to SSRS 2012 SP2, after migration you got some error like “The Uri string is too long” which only occurred when accessing the drill-through actions, right?
  Usually, the issue can be caused when you try to pass some parameters that cause the URL length to exceed 65,520 characters for a Microsoft SQL Server 2012 Reporting Services (SSRS 2012), you cannot render the report, and you may receive the following error
  message:
  The value of parameter 'param' is not valid. (rsInvalidParameter).Invalid URI: The Uri string is too long.
  This is an known issue and already have the hotfix SQL Server 2012 Service Pack1 Cumulative Update 9 (CU9) as you know, you can try to reinstall this hotfix to fixed this issue:
  http://support.microsoft.com/kb/2916827 .Any issue after applying the update, please post it on the following thread or you can submit an feedback:
  http://connect.microsoft.com/SQLServer/feedback/details/788964/ssrs-2012-invalid-uri-the-uri-string-is-too-long 
  Similar threads for your reference:
  SSRS - The value of parameter 'param' is
  not valid. ---> System.UriFormatException: Invalid URI: The Uri string is too long.
  Microsoft.ReportingServices.Diagnostics.Utilities.InvalidParameterException:
  The value of parameter 'pSetOfScopes' is not valid. ---> System.UriFormatException: Invalid URI: The Uri string is too long
  If you still have any question, please feel free to ask
  Regards
  Vicky Liu
  If you have any feedback on our support, please click here

• Clean Access Server could not establish a secure connection

  I have a OOB Real IP GW setup on v4.1.2
  I seem to have a problem with the CAS connecting to the CAM although I have added the CAS to the CAM and can manage the CAS from the CAM.
  I noticed while troubleshooting client authentication that the client was not being redirected to the logon web page and it had full access to the trusted network from the untrusted authentication vlan. I eventually figured out that if I change the CAS Filter Fallback method from Allow to ignore then it tries to authenticate the client. However the fact that the fallback is activated tells you that something is not right.
  I have 2 problems:
  A) The clients web page is redirected for authentication but it only lists the domain name in the URL and not the hostname or host IP. In the lab I do not have a DNS server and it would not help as it does not include the hostname in the URL anyway. How do I fix this or perhaps it's related to the 2nd problem.
  B) When I manually change the URL by replacing the domain name with the IP of the CAS (untrusted OOB Real IP GW) then I get the following error message when logging on:
  Network Error:
  Clean Access Server could not establish a secure connection to Clean Access Manager at mydomain.com.
  This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
  Please report this to your network administrator.
  I would guess the culprit is No 2 but surely the system can run on self signed certificates? I have an NTP server so time is in sync. I have even tried regenerating the cetificates on the CAM
  & CAS.
  Any ideas?

  To overcome problem B, I regenerated the SSL Certificates using the host IP address instead of the name for all the CAM & CAS appliances. This seems to have resolved this problem.
  I also SSH'd from each of the CAS's to each of the CAM's from the CLI and it then prompts to permanently store the certificates. I'm not sure it this was necessary though.

• Assigning role to role doesn't work when applying Database security model

  I applied Oracle Database security model for BI Publisher.
  then I create some roles and users and assigned roles to users in Oracle Database.
  i also assigned appropriate folders to each role in BI Publisher.
  the users with direct roles worked successfully but i got problem when i assigned roles to a super role, and assigned this role to a super user.
  the super user could only access guest folder.
  Please help me.
  thanks.
  Daniel
  Edited by: user13344498 on Jul 5, 2010 11:13 PM

  Add a Role to a Role:
  1. From the Security Center, select Roles and Permissions; this will invoke the
  Security Center page. Here you can see the list of existing roles and permissions.
  2. Select the Add Roles icon for the Role.
  3. Select the desired role from the Available Roles list and use the Move shuttle
  button to move it to the Included Roles.
  this is from "Oracle® Business Intelligence Publisher User's Guide Release 10.1.3.2 Part No. B40017-01" book, but the security model is BI Publisher Security.

• Financial Report - planning user security

  Hi,
  We created FR reports that have Entity Dimension as a prompt on report page. Datasource is planning application and users have been provisioned to be able to read only their own entities in planning. Hoever, when they run reports and select the entity they have access to reports run fine, if they select anything they don't have access to the report just runs forever. Is this the expected behaviour? How can we get the prompt to say that they don't have access to an entity they have selected?
  Thanks

  I usually set Point of View (under one of menu) of one of all report for each user from FR studio. It will restrict user to select some other entity on prompted options. I don't understand about this, but it's work by setting a report and all report would follow the prompted options. I give access to each user to login to FR Studio then set Point of View for each user. After that take the access and give a normal access as viewer.

• Hyperion Shared Services Provisioning Report Automation

  Hi,
  Provisioning Report feature in Shared Services gives pretty much everything I am looking for. I need to send this data to another system that monitors entitlements on a daily basis. Is there a way to run the provisioning report in batch mode?
  Plan B is to use LCM, but I haven't had any luck yet in exporting entitlements using it. Does LCM export external users provisioning information? Below is the export xml I am using.
  <?xml version="1.0" encoding="UTF-8"?>
  <Package>
      <LOCALE>en_US</LOCALE>
      <User name="User" password="pwd"/>
      <Task>
          <Source type="Application" product="HUB" project="Foundation" application="Shared Services"/>
          <Target type="FileSystem" filePath="/HSS-Shared Services"/>
          <Artifact recursive="true" parentPath="/Native Directory/Assigned Roles/HFMApps" pattern="MYHFMAPP"/>
      </Task>
  </Package>
  Appreciate your thoughts.
  Thanks,
  Ethan.

  If you want to automate a provisioning report then probably looking into the Java API would be a good option.
  LCM will be able to extract the external users provisioning against applications in CSV format though it will be a seperate CSV per application.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• OpsMgr EventId 26007 on Domain Controllers "The EventLog service reported that the Security event log on computer ' ' is corrupt."

  Hi,
  We are receiving several eventids '26007' from the OpsMgr log on our Domain Controllers, also eventids '26008' with similar description are logged
  The EventLog service reported that the Security event log on computer '<Domain Controller Computer>' is corrupt. The Windows Event Log Provider will attempt to recover by re-opening log.
  I'll appreciate any suggestion in order to solve this issue.
  Regards.

  I guess this issue is caused by event ID 4661 is corrupted in security event log.
  Please check if you have many 4661 events in security event log and XML view cannot be viewed.
  Running the below command on DC will disable the auditing of the SAM Object access. This should stop the Event ID 4661 from being logged which should stop the Alert regarding corrupt Event log:
  auditpol /set /subcategory:"SAM" /success:disable /failure:disable
  Regards,

• Access to wad report to user

  hi all
  what r the various ways to give access to wad reports to user?
  shalini

  Hi Shalini,
  you have to create the reports as authorisation objects and then assign it to the roles provided to the User's.
  Hope it helps,
  Sunil.

• Network Error: Clean Access Server could not establish a secure connection to Clean Access Manager

  Hello everyone
  I am implementing a failover solution of NAC in OOB VG version 4.8, I have 2 CAS and 2 CAM.
  The Error I am getting is when I connect to both IP address and the FQDN of the CAS.
  ===========
  Network Error:
  Clean Access Server could not establish a secure connection to Clean Access Manager at camsrv3.cadivi.gob.ve.
  This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
  Please report this to your network administrator.
  ==========
  For the CAM's I use this names camsrv1 and camsrv2. then generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding  to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.
  This is the failover configuration
  CAM:
  Primary:     10.1.206.248 camsrv1.mycompany.com
  Secondary: 10.1.206.249 camsrv2.mycompany.com
  Virtual:       10.1.206.250 camsrv3.mycompany.com
  Then I do exactly the same steps for the CAS's and this is the failover configuration:
  Primary:     10.1.216.248 cassrv1.mycompany.com
  Secondary: 10.1.216.249 cassrv2.mycompany.com
  Virtual:       10.1.216.250 cassrv3.mycompany.com
  Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities"  and vice versa.
  The communication between all the CAM´s and CAS´s is correct (Primary, Secondary and Virtual). I can ping the IP and the FQDN and I can also manage the CAS through the CAM.
  I verify that the time was right in the CAM and the CAS and all good up there.
  Appreciate your help
  Eduardo Navas

  Eduardo,
  Bump up the CAS/CAS communications logging on both the CAS and CAMs, and then look in the log files for clues.
  On CAM they live in /perfigo/control/tomcat/logs and on CAS in /perfigo/access/tomcat/logs
  HTH,
  Faisal
  If you find this post helpful, please rate so others can find the answer easily