Role assignment not working

Similar Messages

• Another FPN Thread: Remote role assignment not working

  Hi all,
  We have successfully implemented FPN for use in our ESS and BW environment and we are experiencing very little problems with it. We now want to start implementing it for our eRecruitment and SRM systems (as producers). For some reason we are not able to use the Remote Role Assignement functionality.
  We have set up trust for the systems and use SSO.
  Connection test for the producer is successfull.
  We can see the Producer content in the pcd on the consumer.
  Server times are the same.
  As far as I know I have correctly set permissions on producer and consumer.
  Possible cause: We are in the process of upgrading our consumer Portal to NW 7.0 SPS15 and have encountered some problems. The system is partially upgraded, so some components are SP15 and some others are still SP13. This is currently under investigation by SAP. Can this be an issue as our producer portals all are still on SP13?
  I hope to hear from you soon. Please ask if you need any screenshots. Thanks in advance.
  Best regards,
  Jan Laros

  Hi Jan,
  if remote role assignment not works, you can also use remote delta links. I only work with remote delta links because i have more options   and a better performance.
  If your connection works you can go to Content Administration ->Portal Content-> NetWeaver-Content-Producer. Hier you can see your remote system. Now you can copy the role and add it to your portal-content.
  If you can not see the content make sure that you have the same user  on both sides also check the premissions on the portal-content of your remote system. To test the connection it is easier to add Everyone group to the content of your remote system.
  regards,
  Sharam

• FPN - error trying to lookup object - remote role assignment not working

  Hello everyone,
  We have implemented a Federated Portal Network connection in our landscape between our portals.
  We use only remote role assignment functionality.
  Everything was working fine, but since 2 days we encounter the following error in the Default trace.
  Error trying to lookup object: alias: <role name>
  It is possible to open the producer portal in the Portal Content Administration and also searching for the Producer portal roles is possible in User administration. But when we assign the remote role the tab is not displayed in the portal only the above mentioned error is shown in the default trace. Our portals run SP 12 and BI Java SP14.
  Is there a solution or workaround for this issue ?
  Martin

  Hi,
  I have the same issue as you, I cannot see role tabs in Consumer portal and I get the same error in the defaulttrace as you.
  What did you do to resolve this issue?
  Many thanks
  Gordon

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• ABAP centered role assignment not working

  I have been trying to implement ABAP centered role assignment for our users but not really having much luck in gettng it to work. I've been trying to make sense of it by using [the help guide|http://help.sap.com/saphelp_nwmobile71/helpdata/en/d2/3e3842b23d690de10000000a155106/frameset.htm] but I must be doing someting wrong. Here are the steps that  take.
  1. Create a single ABAP role - A single role with no menu or authorizatons
  2. Create a UME Group - I name the group exactly the same as the ABAP single role from the previous step
  3. Assign UME Group to Portal Role
  4. Assign mapped user to ABAP role
  Supposedly the ABAP role assingment is supposed to reflect through to the UME group membership so the portal user then sees the associated portal tab.
  Can you enlighten me?
  Thanks in advance

  Hi,
  I 'm facing same kind of problem.
  Case 1:
  I tried with:
                    Assigning users to group (abap role) which didn't worked.
                    Assigning UME Role to group (abap role) which worked. Then i assigned the user to the UME Role, but the user is not getting the backend authorizations.
                    Assigning the portal role to the group (abap role), then when i assiged a user to the abap role from R/3 automatically the user is getting the portal role.
  How can i do the same from portal?
  Case2:     
  While distributing the portal roles to the ABAP system (System Administrator -> Permissions -> SAP Authorizations), the status is showing as "Role transfer compleated". but when i checked from the R/3 transaction WP3R, there are no portal roles.
  Why are the portal roles not getting transfered even though the status is green?
  Mr.Chowdary

• Custom Auth. Object with Profile and role assignment not working

  Hi,
  I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
  Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
  When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
  AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
              ID 'ACTVT'  FIELD '01'.
  Am I missing anything? The profiles are generated correctly. 
  Best Regards,
  Nilesh

  Below are the screen shots for PFCG:

• Row Level Security - Data filter - Roles Variable Not working in OBIEE 11.1.1.7.1

  Hi all,
  Previously, we were using OBIEE 11.1.1.5.0 and we were able to assign users to application roles by using the initialization block to assign the ROLES session variables.
  1. My USER_SECURITY table in Oracle database:
  USER_NAME | USER_ID | ROL
  user1       | 1723    | GobalDataRole
  user2       | 1739    | GobalDataRole
  user3      | 1743    | GobalDataRole
  2. The SQL query in my session initialization block:
  select USER_NAME, USER_ID, ROL
  from USER_SECURITY
  where USERNAME = ':USER'
  3. The row-wise initialization option is not checked.
  4. In the Oracle Enterprise Manager Fusion Middleware Control, we created new application role: GobalDataRole and sync with rpd.
  5. The GobalDataRole is used in the RPD to filter the data under permissions --> data filter. GobalDataRole only has access to Country A data.
  6. Result: under my account, also in rpd Manage --> Sessions, user variable details
  User_name , user_id & Rol variable is working fine as expected,
  When we log in as user1, we can see in My Account, user assigned to: BI Consumers; Authenticated Role; GobalDataRole
  When we log in as user2, we can see in My Account, user assigned to: BI Consumers; Authenticated Role; GobalDataRole
  When we log in as user3, we can see in My Account, user assigned to: BI Consumers; Authenticated Role; GobalDataRole
  User1, User2, and User3 are able to see the data correctly according the their data access setup.
  Now, we using OBIEE 11.1.1.7.1 and using the same method, but we not able to assign users to application roles by using the initialization block to assign the ROLES session variables anymore.
  Result:
  User_name & user_id variable is working fine as expected, but the ROl variaible is not capturing the DB value,
  When we log in as user1, we can see in My Account, user assigned to: BI Consumers; Authenticated Role
  When we log in as user2, we can see in My Account, user assigned to: BI Consumers; Authenticated Role
  When we log in as user3, we can see in My Account, user assigned to: BI Consumers; Authenticated Role
  User1, User2, and User3 can see all data (which is wrong) because they are not assigned to the correct application role that sets the data restriction/filter.
  Has anyone encountered the same issue? Any advice on how to solve this?
  Thanks in advance!
  Satheeshkumar P

  Thanks user10615659     ,
  - Yes the variable ROLES available in OBIEE 11.1.1.7.1
  - Tested the init block and variables in offline rpd its working as expected.
  - In online rpd, except ROLES and GROUP variable remaining variables working fine.
  - Verified log file in both online and offline init block testing - the init block execution is successful.
  Thanks

• BPM 11g Role Assignment not Reflected on BPM Workspace

  Hi,
  I'm having trouble with role maping in JDeveloper for my BPM 11g project, where the server groups mapped against a particular applcation role is not reflected in BPM workspace.
  I'm mapping application roles with server groups in the Organization section of my BPM project in JDeveloper, but when I open the Administration section of the BPM workspace, I see that the appropriate section is blank where there should be the server group assigned.
  I have confirmed that the server groups are in place, and have users associated with them. I even tried ti with the Administrators groups of WebLogic, with the same results.
  However, when I deployed this same project on an Oracle On Demand server, the JDeveloper role maapping was successfully deployed along with my process. Could anyone please provide some insight in this matter?
  I'm working on JDeveloper and SOA 11.1.1.5
  Thanks,
  Debojit

  HI,
  In 11g you have the concept of Global Links. You can refer to http://docs.oracle.com/cd/E23943_01/user.1111/e15175/bpmug_ext_apps.htm#BACCACGI fro example of how this can be acheived
  I think there are also some samples on java.net for Oracle BPM Suite however this appears to be down at the time of posting so I can not validate this.
  Hope this helps
  Regards Dave

• Application Role does not work

  In EM, I add a new application role to an ADF web application.
  This application role named simple11_AR_superAdmin and it has a group member named simple11_G_superAdmin.
  This group is created in weblogic console and assign users.
  However, this setting does not work. This application can be login by all users (including weblogic).
  How to enable application roles? Does application role of EM equal to application role created in Jdeveloper?

  DO NOT UPDATE ON THE PHONE ITSELF! Never do this! You risk bricking your iPhone and seeing the Silver Apple Logo of Death due to incomplete downloads and/or crashing! This has happened to me on my old iPhone as well as thousands of others. Use iTunes and iTunes only to update Apps!

• Assign not working

  Hi,
  The below assign statement is not working. I am checking whether billToMasterAccount is equal to the OfflineAccountNbr, then i am assigning the value to the target variable BillToAccount. Actually i am not supposed to use switch to check this condition.
  *<copy>*
  *<from variable="Invoke_WS_MW_OUT_MwWebService_getVistaAgreements_OutputVariable"*
  part="parameters"
  *query="/ns10:getVistaAgreementsResponse/ns10:getVistaAgreementsReturn[ns11:billToMasterAccount=bpws:getVariableData('Invoke_OSB_BSOA_OUT_Services_process_OutputVariable','payload','/ns1:ORDER/Company/OfflineAccountNbr')]"/>*
  *<to variable="BillToAccount"*
  *part="parameters"*
  *query="/ns10:getVistaAgreementsResponse/ns10:getVistaAgreementsReturn"/>*
  *</copy>*
  I am getting the following error.
  *Error in evaluate <from > expression at line "688". The result is empty for the XPATH expression : "/ns10:getVistaAgreementsResponse/ns10:getVistaAgreementsReturn[ns11:billToMasterAccount=bpws:getVariableData('Invoke_OSB_BSOA_OUT_Services_process_OutputVariable','payload','/ns1:ORDER/Company/OfflineAccountNbr')]"*
  *"{http://schemas.xmlsoap.org/ws/2003/03/business-process}selectionFailure" has been thrown.*
  *<selectionFailure xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/">*
  *<part name="summary">*
  *<summary>empty variable/expression result.*
  *xpath variable/expression expression "/ns10:getVistaAgreementsResponse/ns10:getVistaAgreementsReturn[ns11:billToMasterAccount=bpws:getVariableData('Invoke_OSB_BSOA_OUT_Services_process_OutputVariable','payload','/ns1:ORDER/Company/OfflineAccountNbr')]" is empty at line 688, when attempting reading/copying it.*
  *Please make sure the variable/expression result "/ns10:getVistaAgreementsResponse/ns10:getVistaAgreementsReturn[ns11:billToMasterAccount=bpws:getVariableData('Invoke_OSB_BSOA_OUT_Services_process_OutputVariable','payload','/ns1:ORDER/Company/OfflineAccountNbr')]" is not empty.*
  *Possible reasons behind this problems are: some xml elements/attributes are optional or the xml data is invalid according to XML Schema.*
  *To verify whether XML data received by a process is valid, user can turn on validateXML switch at the domain administration page.*
  *</summary>*
  *</part>*
  *</selectionFailure>*

  Hi,
  Looks like the variable/s you are comparing donot have any value to be compared.
  If you are using a select and populating the output to these variables, have a check after the select to see if it is a empty variable and then do a compare.
  Regards,
  Aasta

• Location Assignment not working

  Hi Guys - Have I gone mad
  I am trying to get Location Assignment working and appear to be having some problems.
  My environment is Server Windows 2008 R2, Workstations XP SP3.
  I have performed the following tasks.
  Created a Corporate Location
  Created a Network Environment and assigned it to the above Location
  Created matching criteria in the Network Environment which at the moment is the IP Address of my test Workstation.
  Create a Location Assignment Policy and Assigned to my test Devices
  When I look at the client agent, as I have permitted the Locations to be manually changeable, I can see both the Unknown Location and the Corporate Location. However no matter what Network Environment Settings I use I cannot get the Workstation to match my Corporate Location and the Agent always assigns Unknown for the Security Location and Unknown for the Configuration Location.
  Am I missing a step or have I gone mad. Please help Im going round in circles.
  Regards
  Chris

  Originally Posted by arothe
  Hi Shaun,
  we have a similar problem. Created a new Location and new Location environment. Our minimum match is only 1. The interesting thing is that it is working on our "old" fujitsu workstations, but not on our "new" hp dc7900 sff workstations. So the settings must be ok and we think it is hardware related. Tried different network drivers for the hp workstation but no change. Also compared the services that are running, no change. We are using german win xp sp3 on our clients. No matter if novell client is used or not. Our Primaries are running on sles 10 sp3.
  The hp clients always show ~unknown~ in confiigurationlocation in agent status.
  Any suggestions?
  Andr
  I found out that this problem is NIC-related.
  This is the NIC which is not working:
  Intel(R) 82567LM-3 Gigabit Network Connection (HP DC7900 Small From Factor)
  I then used this "Intel(R) Pro/100+ Management Adapter" in the same workstation and disabled the integrated NIC. That did the trick, the location was right now.
  So this is a hardware-related bug.
  What NIC are you using Chris? Maybe its the same one...
  Cheers
  Andr

• Assignment not working

  Hi
  data: temp(30) type c.
  Field-symbols: <fieldname> type any
  LOOP AT li_output INTO ls_output.
    temp = ls_output-atnam.
    assign (temp) to <fieldname>.
  if sy-subrc = 0.
  endif.
  unassign <fieldname>.
  endloop.
  Assign statement is not working. Please suggest.
  Regards
  Aditya

  Hi aditya,
  Try this...
  data: temp(30) type c.
  Field-symbols: <fieldname> type any
  LOOP AT li_output INTO ls_output.
  temp = 'lS_OUTPUT-ATNAM'.
  assign (temp) to <fieldname>.
  if sy-subrc = 0.
  endif.
  unassign <fieldname>.
  endloop.
  Reward points if Helpful.
  Regards,
  Sachin M M

• Business Role assignment now working as Expected

  Hi All,
  We have a User A, B and C , all these users have Business Role X, when these users were logging in they were gettings screens as per the configuration.
  However now all of sudden Only User A ,though still has same Business Role X , is getting different Work centers,Logical links Mostly standard(Claim management, worklist, calendar,Email Inbox) .
  User B and C who have the same business role are getting correct UI screens.
  We are unable to find what went wrong all of sudden.
  Thanks in advance for your suggestions
  Regards,
  Chandu.

  Chandu,
  If the CRM_UI_PROFILE is set to some UI Profile, this takes more priority(than the UI Profile assigned to the Business Role)
  and shows the Navigation Bar and Work Centre configured for this UI Profile.
  The normal Business Role configs wont work at that time.
  Remove this entry and see, it will solve the issue.
  Regards,
  Masood Imrani S.

• CUP Role Mappings Not Working

  We have configured role mappings in CUP such that when a main role is added to a request the associated roles will automatically be added to the request.  We noticed this functionality works when the main role is added upon initial request, however, when the main role is added during a subsequent stage (after the request is submitted), the associated roles are not getting added.  Has anyone encountered this issue or knows how to resolve?  Any input would be much appreciated.

  Hi,
  Role mapping configuration is only relevant at the time of request creation and not relevant if the role is added to by the approver.
  I hope this should resolve your confusion.
  Regards,
  Ankush
  SAP GR&C

• Business role customizing not working in crm 2007 web client

  Can someone tell me what services need to be activated via sicf for business role customizing to work in the Web Client under the Administration component in CRM 2007.  I have everything else working in this are eg surveys, document template, fact sheet configuration, view configuration but the business role customizing when selected just opens a blank screen
  Thanks in advance
  Eddie

  Hi Eddie,
  The SAP CRM 2007 Master guide suggests enabling all the SICF services in the SAP namespace.
  We had some script errors in CRM UI, but once all the SICF services were activated, they simply disappeared.
  The IDES demo systems are also set up this way, so you can try doing it.
  Regards,
  Padma