Role Approver of Removal of Roles

HI Everyone,
We are coming across a situation where the management team would like to have the "removed roles" in the access request not require the role approver approval and review. 
Is there a way that AE allows for this?  I have tested various ways and can only come up with situations where the role approver has to approved removed roles.
Thoughts?
Thanks,
Jerri,

Hello Jerri,
For achieving the role deletion without the approver of the role owner, create a different initiator with Request type change and probably some custom attribute and have this initiator configured with a path which has no Role Owner at any of the stages.
This wil have the Request type "role deletion" with no Role Owner required to approve.
Regards,
Hersh.

Similar Messages

  • Role approver removed from role in GRC

    Hello Experts,
    I am a fresher to SAP GRC. Please help me on the below issue.
    In SAP GRC 5.3,  for some roles role approver has been removed and some roles automatically uploaded to GRC. The role that are uploaded to GRC should not be and while checking there is no change log for the role. For other roles for which role approver have been removed, also there is no log for which recent approver have been removed.
    Can you tell how it happened and who did this or way to troubleshoot.
    Thanks in Advance.
    Biswaranjan

    Hello samiran,
    Thanks for your reply.
    Yes we have already uploaded the OLD file. But my concern is how we can troubleshoot to find out how it was corrupted as no one did the change.  we can find the change log for the approver change for any role in GRC 5.3 .
    Or it is not possible to find out how it happened???
    Regards,
    Biswaranjan

  • Role Approver Actions-Add, Keep, Remove

    Currently, our role approvers were not able to modify the action of (ADD, KEEP, REMOVE).  This fields was greyed out and it was passed in by IDM as ADD or REMOVE depending on what the user selected.  We just implemented SP12 for CUP. We noticed that under Workflow>Stage>Change Request Content if this is set yo YES then the approver has the ability to do perform these functions below.  1 & 2 are ok.  We reject roles at the role level on the request.  However, we want to disable the ability for the role approver to modify ADD, REMOVE, KEEP  on #3.  
    1.  Approver can reject
    2.  Approver can modify the Valid State Date and Valid To Dates
    3.  Approver can modify the action and change it to KEEP or REMOVE.  We wnat to disable this drop-down selection.
    We noticed that if we Workflow>Stage>Change Request Content and change the value to No then the role approver can no longer reject the role.
    Does anyone know how to disable this functionality so that role approvers cannot change the action on the request?

    SAP confirmed  that there is no way turn this feature off if the approver needs to reject at the role level so this will be a process change we need to implement most likley.  However, it would appear that with the Add Role feature turned on there is a new button called Existing Roles/Groups that is displayed.  Approver can now view the roles assigned in the SAP ABAP back-end without adding new roles which is very nice that it is display only.  Thank you for your quick response to my question.
    New question:  Do you know if there is a web service that is used to call this new feature Existing Roles/Groups.  We would like to utilize that for our IDM system to call a web service and display this on the request form.

  • Approver for the application role not working out

    Hi,
    I have created a role with type application and Approver A, then created a business role with the Approver B and included application role into the business role.
    When i assign this business role to a user the only request for approval goes to Approver B and after approval the both application and business roles are assigned. Strangely it seem to skip the Approver A. I did even remove the approver in business role, leaving only approver in application role, still same result - it skips Approver A.
    I'm using IDM 8.0.0.1, any ideas why it would skip the approver in the included role?
    Thanks!

    Thanks for the quick reply. I've tried optional with approval and here is what I found.
    It seems I need a combination of the two. My end goal is to have a second level approval, one group would be responsible for approving the business role and the system owners would be responsible for approving the nested application roles. When a user requests the business role, they must have approvals for the business role and all of the nested application roles for their request to be completed.
    If the app. roles are required, the workflow automatically incorporate the nested appl. roles in the request but does not require approval for them. If they are conditional with approval, the user would have to submit a second request to get all of the nested application roles. It looks like I need a combination of the two, required with approval.
    I need it to behave like it does when you have a role with approver that includes resources with an approver. The role and resources must all be approved before the request can be completed successfully.
    I'm trying to see if this is possible through the GUI before I customize the workflow.

  • Role approver - automatical approver

    Hi,
    We are testing IDM in our organization and we have following scenario. Managers of department are defined as role approvers. For example manager of operative is defined as role approver for role RW_access_operative. As manager of department is also responsible for adding this role to users in his department. Is it possible to setup IDM this way: If manager add role to the user and he is also role approver (and he is only one approver) the IDM will automatically approve this role assignment for it. As managers are complain that they must assign role and then approve it :-( which is time consuming ...
    Thanks for answer

    In your workflow, add a condition where you generate the approvers list.
    1. Read all the approvers for the role selected.(May be a configuration)
    2. If the above list contains only 1 approver = WF owner (Who initiated the workflow), set the list to null and set the variable to approved or true, (so that the rest of the workflow will proceed as if the request is approved).
    3. If the list from #1 has more than 1 approver id, remove the case owner id from the list and generate the approval workitem for the rest of the approvers.
    Thanks,

  • Issue while Removing a role

    Hi,
    Here is my scenario.
    User 'test1' is created by assigning a role (say A). Role A has AD and database table resource assigned, so there are 2 resources assigned to the user i.e. AD and a database table resource. (This is the exisitng process, I cannot change this process at all).
    Now while removing the role, my requirement is to delete only AD resource account and it should not try to delete the database table resource account. Is there a way to do this?
    Please share your ideas.
    Thanks in advance.

    Do you only want to keep the ressource account or also keep the link? If you want to keep the link, do what the previous poster suggested. If you only want to prevent the deletion of the database row, you can configure this in the database table resource adapter by deactivating the capability to delete accounts.

  • How to define role approver/owner - through condition id in ERM 10.0

    Hi All,
    We have created a BRF + rule for Role approver with Business Process & Function area by giving the Result value as Condition ID eg., Z001
    We have provided this condition ID Z001 - in Role Owners table [Under Set Up- Role Owners] and defined the role approver and assignment approver with the User details.
    Now when we are trying to create a role with the above attribute combination of Business Process & Function area - the role is not picking up the Role Owners automatically in Owners/Approver tab [In 5.3 we can maintain approval criteria where we can define the role owners/approvers based on different attributes].
    Are we missing any configuration setting here for auto pick up of Role Owners based on defined attributes from Role Owner table.
    Thanks and Best Regards,
    Srihari.K

    Hello All,
    Please help us , I am also struggling with same issue.
    Thanks in advance,
    Jagat

  • Role Approval request not visible in Role Approvers ToDo tab

    Hi IDM Experts,
    We have implemented IDM 7.2 SP8 in our project. We have performed the basic configuration for Identity center and IDM UI. The initial load from CRM is also completed successfully.
    We followed the steps in guide https://scn.sap.com/docs/DOC-26322 to configure workflow such that in case role is requested to be assigned to user, the request goes to role approver(in his todo tab) for approval. The access will then be provisioned into backend CRM system on successfully
    approval. However, we are facing an issue where the Role approver does not get anything in "TODO" tab for approval. The request shows in "Pending" status and logs show that tthe request is pending approval, however, it never appears in role approvers queue.
    Kindly help on the issue. Please provide below information:
    1) We can check in logs that the request is pending approval. Is there any way we can check where is the request routed to and whoose approval is pending here if it did not goto "Role Approver" for approval.
    2) Any trouble shooting mechanism/tool available in IDM to debug issues like this.
    Thanks in advance for your help.
    Thanks and regards,
    Nitin

    Hi Nitin,
    How do you assign the role to the user? if it's trought IDM UI, you loggin with which user?
    There is a limitation on approval with SP08 : the requestor of the assignement can not be define as an approver.... but in this case the approval is automaticaly rejected by the system ...
    in which logs / table can you see that your request is "pending for approval" ?
    I also would recomand you to use the simple scenario "get approver from role/privs" of as krishna mentioned. (unless you need to do more custum actions)
    Besides, you can check approval entries and status in DB views :MXWV_ApprovalQueue ...
    Fadoua

  • OIM11g- Role Approval workflow Error

    I am getting the follwing error message when I follow Custom Approval Process for Assign Role Scenario.Metalink article [1207077.1] Sample #8 Custom Approval Process for Assign Role Scenario
    Prototype for invoking an OIM API from a SOA Composite
    RTM Usecase: Organization Administrator
    java.lang.reflect.InvocationTargetException
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at oracle.iam.platform.OIMClient.loginSessionCreated(OIMClient.java:209)
         at oracle.iam.platform.OIMClient.login(OIMClient.java:136)
         at oracle.iam.platform.OIMClient.login(OIMClient.java:129)
         at orabpel.approvalprocess.ExecLetBxExe0.execute(ExecLetBxExe0.java:184)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
         at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
         at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
         at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
         at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
         at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
         at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
         at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.security.Security.runAs(Security.java:61)
         at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
         at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
         at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
         at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
         at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
         at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
         at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
         at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy309.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
         at java.lang.Thread.run(Thread.java:662)
    Caused by: javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=oim#11.1.1.3.0, module=iam-ejb.jar, ejb=ClientLoginSessionService, method=loginSessionCreatedx, methodInterface=Remote, signature={java.lang.String,java.lang.String}.
         at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:581)
         at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:111)
         at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:274)
         at weblogic.ejb.container.internal.StatelessRemoteObject.__WL_preInvoke(StatelessRemoteObject.java:41)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:24)
         at oracle.iam.platformservice.api.ClientLoginSessionService_1nfafx_ClientLoginSessionServiceRemoteImpl.loginSessionCreatedx(Unknown Source)
         at oracle.iam.platformservice.api.ClientLoginSessionService_1nfafx_ClientLoginSessionServiceRemoteImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
         at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
         at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
         at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
    Login Successful
    The request ID is 372
    *This is +the error message from the Java Embedding task in the bpel.*
    The bpel is going to the faulted state with the following errors.---------------------
    <Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine> <BEA-000000> <The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" >
    <Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine> <BEA-000000> <The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" . Root cause : null>
    <Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.system> <BEA-000000> <Error while invoking bean "cube delivery": Exception not handled by the Collaxa Cube system.
    an unhandled exception has been thrown in the Collaxa Cube systemr; exception reported is: "java.security.PrivilegedActionException: ORABPEL-02199
    JTA transaction is not in active state.
    The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
    The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
    Consult the system administrator regarding this error.
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:373)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.security.Security.runAs(Security.java:61)
         at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
         at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
         at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
         at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
         at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
         at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
         at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
         at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy309.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
         at java.lang.Thread.run(Thread.java:662)
    Caused by: ORABPEL-02199
    JTA transaction is not in active state.
    The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
    The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
    Consult the system administrator regarding this error.
         at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:107)
         at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:67)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.checkIfTransactionIsActive(InvokeHandler.java:1346)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.__invoke(InvokeHandler.java:1048)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.handleNormalInvoke(InvokeHandler.java:586)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.handle(InvokeHandler.java:130)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:74)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
         at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
         at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
         at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
         at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
         at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
         at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
         at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         ... 52 more
    An internal exception has not been properly handled by the server.
    Set the logging level for all loggers to debug, and resubmit your request again. The server log should contain a more detailed exception report.
    Exception: java.security.PrivilegedActionException: ORABPEL-02199
    JTA transaction is not in active state.
    The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
    The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
    Consult the system administrator regarding this error.
    Handled As: com.collaxa.cube.CubeException
    ORABPEL-02199
    JTA transaction is not in active state.
    The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
    The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
    Consult the system administrator regarding this error.
         at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:107)
         at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:67)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.checkIfTransactionIsActive(InvokeHandler.java:1346)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.__invoke(InvokeHandler.java:1048)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.handleNormalInvoke(InvokeHandler.java:586)
         at com.collaxa.cube.engine.ext.common.InvokeHandler.handle(InvokeHandler.java:130)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:74)
         at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
         at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
         at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
         at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
         at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
         at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
         at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
         at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
         at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.security.Security.runAs(Security.java:61)
         at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
         at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
         at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
         at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
         at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
         at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
         at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
         at java.security.AccessController.doPrivileged(Native Method)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
         at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
         at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy309.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
         at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
         at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
         at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
         at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
         at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
         at java.lang.Thread.run(Thread.java:662)
    >
    <Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine.dispatch> <BEA-000000> <failed to handle message
    ORABPEL-02199

    Could you able to resolve the issue, I have same as it is exception with my test.
    Thanks in advance for the help.

  • SOD Detour in Role Approval Workflow possible?

    Hello GRC Experts,
    we have implemented an Access Request Approval Workflow with a Detour Rule (GRAC_MSMP_DETOUR_SODVIOL).
    The second workflow we are working at is the Role Approval Workflow. Is it possible to use the SOD Detour Rule also in Role Approval Workflow? I didnt find the SOD Detour Rule in the MSMP Role Approval Workflow.
    We would like to implement a following Scenario:
    if the role contains an SOD the request should take Path 1 and if not Path 2.
    Is it in MSMP Standard possible or should we use BRF+ for creating a Detour Rule?
    Thanks,
    Best Regards
    Sabrina

    Hi Sabrina,
    For Access Request workflow, we generally use GRAC_MSMP_DETOUR_SODVIOL to implement routing rule(based on detour condition - risk found). Purpose of same (if I am not mistaken) is to through the request to another level of approver wherein mitigation monitor agent reviews the mitigation performed by role owner stage and approve/reject the request.
    But, when we create a role same is not the condition as we do not mitigate role level risk thus no need to go for mitigation monitor stage. May be you have some business scenario, if you can let us know will be gr8.
    For the rule ID, did you try adding the rule ID ?(you may already know, still would like to cross check with you).
    GRAC_MSMP_DETOUR_SODVIOL under list of rules for "
    Role Approval Workflow" In the screenshot you have shown, just click on ADD feed -
    Rule ID -GRAC_MSMP_DETOUR_SODVIOL.
    Rule description - same as Access request.
    Rule type - Function module based
    rule kind - routing rule.
    Add this and check if it works and let us know the result too.
    Regards,
    Nishant

  • Report or ways to find who removed portal roles for an user id ?

    Hi Experts,
    Scenario: if admin removes super admin role or any other portal role for my id. is there any possibility to see who exactly deleted the roles for my id?
    Many Thanks
    Sekhar

    HI,
    as Anja wrote, this is not possible with a default installation of the SAP Portal.
    What you can do is to provide role provisioning with IIDM, GRC or ABAP user store solution instead of giving the portal admin the permission to change role <-> user attribution.
    br,
    Tobias

  • AE 5.2 - Detour Workflows - One of the Role Approver not found

    Hi All,
              My question is regarding using the Detour workflow functionality for the situation below - pls let me know if this possible or if any alternates are available.
    - Main path has 2 stages (1) manager approver, (2) Role Approver.
    If the Requestor asks for a Role that Does not have a Role Approver we would like to route this request to the Security lead.
    - I have created a Detour Path with 1 stages - Secuity lead and associated with Stage 2 (Role approver) of the Main path based on the condition "No Role Owners"
    - I still get the error "Approver not found at Stage @@@@"
    Is the condition "No Role Owner" in the Detour workflow config for "Role Expert" workflows or for Access requests?
    Is it possible to route the Request to Security if the Role being requested does not have a Role Approver? IF yes How?
    thanks
    T

    Hi,
    sometimes in the Detour configuration you have the problem that the "Save" action is not saved properly.
    If this entry is empty, please go into edit mode and save the detour config again, so that the action will actually display "Save".
    Hopefully it works, then.
    Regards,
    Daniela

  • I tried to remove a role from one of my 2012R2 DC's

    I tried to remove a role from one of my 2012R2 DC's and now I basically can't do anything to that DC.  Attempting pretty much anything on it tells me that it can't do it because it needs a reboot, and a reboot fixes nothing.  The role I wanted
    to delete is removed (print services), but I can't re-add it, or change any other role or feature.  There is a 'pending.xml' file, and it is rather large.  I can't delete, or rename the 'pending.xml' file, as it is owned by 'TrustedInstaller'.  This
    is the FSMO DC and there are some other services on it that I would rather not have to re-install and reconfigure. I've looked for other things that could prohibit installs and more, but there are no 'Pending Renames' in the registry.
    At least getting server manager to stop complaining would be a good start.
    Thanks in advance for any assistance.

    Hi Mike,
    Just addition, please run
    sfc /scannow command to scan all protected system files and use
    Chkdsk command to check the status of the disk in the current drive. any find?
    à
    The role I wanted to delete is removed (print services), but I can't re-add it, or change any other role or feature.
    Just a confirmation, did you mean that had un-install
    print services successfully? No error occurred? Please check relevant log file (such as event log file and so on) if find some errors. In addition, I noticed that you attempt to re-install the role. Did you get any error message when failed to re-install?
    Did you use Install-WindowsFeature PowerShell command to install? Any difference?
    If any update, please feel free to let us know.
    Hope this helps.
    Best regards,
    Justin Gu

  • How to copy and remove admin Role from SAP_ALL profile

    Hi SDN Experts,
    I need to copy SAP_ALL profile to another in CRM 5.0 system, thereafter i need to remove admin Role from SAP_ALL profile. Can any help regarding this point..
    regds
    gcp

    Chandra,
    I saw ur post in this forum regarding configuring sap intergration with genesys gplus adapter. We are in need of the same configuration. Can you please help me in configuring sap phone for gplus adapter. Reply me on [email protected]
    Thanks in Advance

  • Approval work flow for Role based and Resource based

    Hi All,
    We have to implement approval work flow for the following things in OIM 9.1.0.1
    Approval work flow for Functional Roles (Groups in OIM) (Approvalsrequired for users to get these roles)
    IT Roles (Resources in OIM) (Approvalsrequired for users to get these resource)
    Functional Role (Group) contains policy1,polici2. Polciy1 contains res1,res2 and Policy2 contain res3,res4.I want to create approval work flow for this Functional Role to achieve the following
    User raise a request for the functional role, then it should wait to get manager approval. then once its gets approval, that user account should create on all resources which are involved in that group.
    And, I have to define approoval work flow for all individual resources to get users account creation on target with approvals. These resources may include in the groups as well.
    After getting approval for functional role (Group), then Will OIM starts the approval flow for all resources involved in the group? becase, all resources have approval workflow at resource level also.
    My Goal: Approval work flow for Group, should not process the approval work flow for resource. can we do it in OIM 9.1.0.1?
    And can we do the same in OIM 11g also?
    Please help me and do let me know, if you need any information from my end.
    Thanks.

    Thats configurable buddy ! ! And possible in 10G and 11G both versions.
    Functional Roles : These are the groups/roles in OIM 10g/11g with access policies attached at the backend.
    - Create a dummy resource and name it Request Role or anything as you like. Attach an Object Form to it and have form field for Role Name, this would be a lookup type field linked to all OIM groups (leave system values using lookup query). So a user can select any OIM Group in this request as per configuration. Have approval workflows defined on this dummy resource Request Role and in its Provisioning Process make user/s a part of the requested group.
    - Now once the user is made a part of the group, the associated access policy would be invoked automatically and thereby provisioning. The only thing you need to keep in mind is that create the access policy without approval (there is a check box). If you do this the approvals would never be invoked even if you assign a group manually to the user coz it suppresses all the approvals in this access policy.
    IT Roles : These would be linked to the resource and you can define individual approvals on the resources as required.These approvals would be required if someone raises a request for these resources individually.
    Thanks
    Sunny

Maybe you are looking for

  • Captivate file won't open

    Has anyone ever had an issue where the Captivate file will not open? In my case, the program generates the following error: "Exception EParserError in module converter.dll at 0002B53E" I've tried opening this projects on 2 different computers using C

  • How to use removeFromSuperView and dismissModelViewController same time ?

    I have a UIViewController *view1. By using [self presentModalViewController:view2 animated:YES]; I added UIViewController *view2 to view1. I have a UITableViewController *table1; I added table1 to view2 by using [self.view addSubview:navController.vi

  • Smart Sync: How to fill Upload SyncBo

    Hi, i am having the following problem. I have created a Smart Sync APP and i have a GetList SyncBo and a Create SyncBo. The GetList SyncBo gives me a list of materials. Now i want to fill the Create SyncBo with one of the Material name so that it can

  • Pairing issue

    hi i have got some problem about pairing my iphone 5s to my macbook pro retina yosemite OS can u tell me what to do ?thanks advance

  • How do i copy full 8 1/2 x 14 with officejet 4620?

    how do i copy full 8 1/2 x 14 with officejet 4620? This question was solved. View Solution.