Role issue in EM

Similar Messages

• Weblogic 10.3.2 visitor entitlements roles issue

  1)I am upgrading my weblogic portal application from Weblogic 8.1SP4 to Weblogic 10.3.2 version. I found that roles that created under visitor entitlements thru weblogic portal administration portal are not visible to assigned user.For example I created testRole for my application and added user testuser to this user.When I login to my portal application this user should able to see the portal page that related to testRole.But currently this is not working.
  To fix the above issue I created one new group under User and groups management and added the above user to that group and added that group to testRole. Now the user is able to see the portal pages
  My question is why the user is not able to access the roles when he is not part of any group.Because My portal application have different business users with different entitlement setups for which I cannot categorize under groups.
  The above functionality is working fine in Weblogic8.1SP4 production environment.
  Regards,
  Satya

  Hi Satya
  Post on the WebLogic forum....
  WebLogic Server - General
  Cheers
  David

• Weblogic 10.3.2 - Visitor entitlements role issue

  1)I am upgrading my weblogic portal application from Weblogic 8.1SP4 to Weblogic 10.3.2 version. I found that roles that created under visitor entitlements thru weblogic portal administration portal are not visible to assigned user.For example I created testRole for my application and added user testuser to this user.When I login to my portal application this user should able to see the portal page that related to testRole.But currently this is not working.
  To fix the above issue I created one new group under User and groups management and added the above user to that group and added that group to testRole. Now the user is able to see the portal pages
  My question is why the user is not able to access the roles when he is not part of any group.Because My portal application have different business users with different entitlement setups which I cannot categorize under groups.
  The above functionality is working fine in Weblogic8.1SP4 production environment.
  Regards,
  Satya

  I think the rolemappings in the application are mapped to groups.
  The rolemappings are defined through deployment overrides, such as for example, weblogic.xml (which is located in the WEB-INF/lib directory of a WAR file).
  An example of such a role mapping is the following:
  <weblogic-web-app ...>
       <security-role-assignment>
            <role-name>EMPLOYEE</role-name>
            <principal-name>employees</principal-name>
       </security-role-assignment>
       <security-role-assignment>
            <role-name>MANAGER</role-name>
            <principal-name>managers</principal-name>
       </security-role-assignment>
  </weblogic-web-app>The role-name(s) are set in the web.xml of the application, through a security constraint. The principle names are the user or group names
  configured in the admin console.
  When you edit the weblogic.xml to included a security role assignment and add role-name - principle-name mapping, for example
  <security-role-assignment>
       <role-name>visitor</role-name>
       <principal-name>testuser</principal-name>
  </security-role-assignment>now the testuser has visitor rights.

• Regarding Enterprise Portal Role issue

  Hi,
  The system administrator  has assgined a role called "k-role"  to a user. The K-role has some  3 pages inside it. When the user view the portal with his id, he can see the role called "K-role" and the pages. But when he clicks a page to access the documents with in it, it says "ACCESS DENIED". There is no restriction kept at the document level. Restriction is only at the role level.
  What could the error be? How can i resolve this issue? How can the user access the document?
  Regards,
  Divya

  Hi Divya,
  the portal users assigned to super admin role (usually via group Administrators) do have full permissions on every document. You HAVE to add read permissions for group Everyone in order to make the documents accessible by every portal user.
  1.      Open the Details dialog box for the item (for example, for the folder).
  2.      Choose Settings ® Permissions.
  3.      Enter one or more users, groups, or roles.
  4.      Choose Add.
  5.      Select one of the following permissions: Read, Write, Read/Write, Delete, Full Control
  Best regards,
  Martin

• Portfolio menu role issue.

  Dear Gurus,
  I am new to this FPN area.
  We are working on a Federated Portal Network(FPN).  We are having an SAP Enterprise Portal(company wide) and SAP BI Portal(content). The issue is that when ever we are trying to run the report under the Portfolio Menu role in BI Portal it is running without any error.  When we are running the same report under the Portfolio Menu role under SAP EP we are getting the error saying the requested page not found.  Please suggest a solution to this.

  BI portal and SAP EP both are different is it?
  Have you published the report in SAP EP properly and added to the role which is present in the SAP EP.
  When publishing report, you have make as template=<report technical name> at last.
  if any mistakes in the steps when you publish the report. it would give the error when you try to execute the report.
  Please check with your EP administrator.
  Hope this would help you.

• SAP MII workbench - saving new transaction - role issue?

  We are using MII 12.1.4 (build 53) and have copied the SAP java roles to our own groups (ABAP Roles) in the UME, including the defined actions of the SAP roles.  We then assign the ABAP role in ABAP to the User, so that in the UME they now have the groups assigned. 
  We have run into an issue where when creating a new transaction in the MII workbench we are unable to save it.  If we add the standard SAP UME role SAP_XMII_DEVELOPER, we are now able to create and save the transaction (or whatever work).  The only difference we can see in the SAP_XMII_DEVELOPER role and our copied role is the name, all the actions in SAP_XMII_DEVELOPER are in our Group (ABAP role).
  our ABAP role (UME Group) example is:
  ZZZZ:Z_MII_DEVELOPER (has UME role AD_JU_MII_DEVELOPER assigned)
  UME Roles:
  Z_MII_DEVELOPER has the 3 actions below assigned:
       xappsxmiiumeactions     XMII_User
       xappsxmiiumeactions     XMII_Read_Only
       xappsxmiiumeactions     XMII_Developer
  SAP_XMII_DEVELOPER has the same 3 actions as above, and the onluy difference is the description, and that it doesn't have any assigned groups.
  Does the MII workbench use the hardcoded role names somewhere that would not allow us to use  our the ABAP roles (JAVA groups) or is there something else we are missing in the group?
  I have searched the best practices, forums, SAP help, OSS, etc. with no luck
  Thanks for any help,
  jake

  Hi Jake,
  I also faced the same problem recently.
  As Mike said, you need to add your role in " Transaction -> Security". Here, you will find all the available roles. Put the required role in Reader and Writer Roles windows.
  As far as your question is concerned, by default MII assigns XMII Administrators, XMII Developers and XMII Users roles (MII 12.0) as Reader to Transaction. Where as MII assigns XMII Administrators and XMII Developers roles as Writer to Transaction.
  Hope this helps!
  Best Regards,
  Kedar

• SSAS Cube Role Issue

  Hi,
  I want to grant access to a user to a SSAS database. I'm able to add him to two databases but when i try to add him to the third database, it seems to hang. I have tried both GUI and XMLA query for this.The ALTER ROLE XMLA query(after extracting the member
  tag from the role query of another database) gives the following error in a couple of seconds:
  "Transaction errors: Aborting transaction on session 115585.
  Transaction errors: Aborting transaction on session 115585. Transaction errors: Aborting transaction on session 115585.
  I had to kill the query eventually. It doesn't seem to be a user issue as a simple alter role of the existing role also gives this error.
  I'm using SSAS 2005. Its strange that it is showing this issue suddenly today. Can someone please help?
  Regards,
  Sumit

  A restart of the SSAS service worked in this case. Never thought it would be as simple as this.

• Roles Issue?

  Hi All,
  The roles are migrated to BP1then the old queries under roles are deleted from shred queries now how to find the queries under which role.
  Thanks in Advance,
  Ravi

  Hi Ravi,
                      U can use the T-code PFCG... There if u type the role It will display all the option avaliable for that role...U go to Menu tab and it will display the query associated to the given role..
  I hope this solve u r issue?
  Regards,
  Bala

• Role issue in 11g

  Hi,
  Object privileges assigned via roles are not working in 11g R2 version.
  Scenario
  -CREATE ROLE EXT_ROLE IDENTIFIED BY VALUES 'D863A60E46D68927';
  -Grant select on ext.action_table to EXT_ROLE;
  -grant EXT_ROLE to scott;
  SQL>conn scott/scott
  Connected.
  SQL>desc action_table;
  ERROR:
  ORA-04043: object ext.action_table does not exist.
  Can some one shed some ligh on this issue.

  Please do something like this:
  SQL> show user
  USER is "SYSADM"
  SQL> create table mytable(id number);
  Table created.
  SQL> create role myrole;
  Role created.
  SQL> grant select on mytable to myrole;
  Grant succeeded.
  SQL> grant create session to scott identified by scott;
  Grant succeeded.
  SQL> grant myrole to scott;
  Grant succeeded.
  SQL> conn scott/scott@hdev
  Connected.
  SQL> desc mytable
  ERROR:
  ORA-04043: object mytable does not exist
  SQL> desc sysadm.mytable
  Name                                      Null?    Type
  ID                                                 NUMBER
  SQL>
  Nicolas.
  /*sorry for the horrible formatting, it seens the forum grab spaces*/

• Links and Roles issue

  Hello everyone,
  I'm having a big issue with roles and links. Let me set
  out the scenario for you. I have a top level navigation
  tab "My Pages". Underneath this i have three tabs "Tab
  A", "Tab B" and "Tab C". I have two roles setup for this
  top level tab, namely:
  Role_A
  Role_B
  Now, i want a link on "Tab A" to both "Tab B" and "Tab C"
  independent of the role the user has assigned. Currently
  I have the problem that if i link to "Tab A" doing:
  ?Navigation=/roles/Role_A/My Pages/Tab A
  Then it'll work fine if the user has Role_A assigned but
  it won't work fine if the user has Role_B assigned.
  Is there anyway of programatically linking to another
  tab independently of what roles a user has assigned?
  I've tried searching for the EPCM help files but it's
  like looking for a needle in a haystack, found a few
  broken links and that's it. Furthermore i'm not sure
  it can be done using EPCM.
  Note: I'm using EP5 SP6.
  Thanks everyone,
  Ale

  Hi Hans-G
  Thanx for the reply.
  There are no other issues on the page except the links not working in IE8 (even in compatibility mode). I did however come across some topics on getElementsByName() and how it is not suported in IE8 =(
  I think thats where the problem is.
  But as you can see...I can't exchange 'name' for 'ID' because my function needs both. The 'name' attribute is to Hide all divs, and 'ID' to show the clicked div.
  Have you got enough javascript experience to give me some tips on how to get this to work without getElementsByName() ??

• WPC Role Issue

  Hi Experts,<BR><BR>
  We are using EP 7, SP18 and WPC 7. We have an issue with below scenario.<BR><BR>
  1. Created a site, site-content, page.<BR>
  2. Published the web page.<BR>
  3. Created the navigation and published for the above web page.<BR>
  4. Created the PCD Role (entry point - TLN1) and folder (TLN-2) with webpage navigation path (ofcourse nav node appears in DTN).<BR><BR>
  <BR><BR>
  5. Created the UME user.<BR>
  6. Assigned the read permission for the new site to the user.<BR>
  7. Assigned the PCD role & eu_role to the user.<BR><BR>
  Created UME user only able to view the page only, when I add "wpc_editor_role" to the user.<BR><BR>
  If we remove "wpc_editor_role" role, getting blank page.<BR><BR>
  Here is my requirement.<BR><BR>
  1. What configuration change needed to see the page without assigning "wpc_editor_role"?<BR>
  2. We have a requirement of duplicating eu_role. In that case, can anyone please suggest the steps to be followed for wpc content?<BR><BR>
  Thanks!<BR><BR>
  Best Regards,<BR>
  Kabali

  Kabali,
  You need to check the permissions.
  http://help.sap.com/saphelp_nw70/helpdata/EN/45/f91dd13c7a04aae10000000a114a6b/frameset.htm
  Also refer to my post in this thread.
  http://forumsa.sdn.sap.com/thread.jspa?messageID=5973300#5973300
  Good Luck!
  Sandeep Tudumu
  Edited by: Sandeep Tudumu on Oct 30, 2009 12:45 PM

• Cloud Trial connection/roles issues

  I have a few connection issues with the Oracle Trail account, both with Identity Console and sftp.
  If I sign into the Account Administration URL using the user name listed in the trial acceptance e-mail (the "Identity Domain Administrator") and look under My Account -> Account Administrators, that account is listed as an Account Administrator. However, if I sign into My Services (via cloud.oracle.com) with the same username and I click Identity Console, I can only see my own account info indicating I'm not actually the Identity Domain Admin. Another strange thing is that the cloud.oracle.com url accepts the same user name stated above but requires a different password? This leads me to think two accounts were created somehow. (I have since changed the passwords to be the same for simplicity).
  When I created a SQL Developer cloud connection, this will not take the "Identity Domain Admin" username. The error is "Invalid Resource owner Credentials". Looking at the forum, I tried creating an Apex user as described in the http://docs.oracle.com/cloud/CSDBU/develop.htm#CSDBU165. I granted the new user the 3 groups. When I try this username, it also will not log into the sftp server. This errors with, "Http/1.1 401 Unauthorized".
  Anyone have any ideas on how to resolve these issues?
  Thanks,
  Steve

  Hi Steve,
  For your first query i.e. you are able to see just your account info, can you please confirm are you able to see “Manage Roles” link on "Identity Console page". Please note that there is an expandable button in bottom left corner of the “Identity Console” page, upon expanding the button you should be able to see “Manage Roles” link in left hand side of the web page.
  For your secound query, I would recommend you to please try resetting your SFTP Password. For details please refer "Setting up Secure FTP Account" section at http://docs.oracle.com/cloud/CSDBU/develop.htm#BABIDECC
  Just for your reference you may refer “Using SQL Developer for Data Loading” section at http://docs.oracle.com/cloud/CSDBU/develop.htm#CSDBU179 that will help you to guide you in details for Data loading using SQL Developer tool.
  Regards,
  Rituraj Jain

• Dynamic grant user role issue

  Hi friends,
  I created a role in oracle 10 and can be granted to user one by one. it works.
  But I try to grant the role to all users and get error.
  my code as (copy and modify from OTN)
  ====
  DECLARE
  l_schema VARCHAR2(30) := 'SCHEMA_OWNER';
  BEGIN
  FOR i IN (SELECT USERNAME
  FROM all_users
  WHERE username not in ('SYS','SYSTEM','OUTLN','DMSYS','TSMSYS','XDB','CTXSYS','WMSYS','DBSNMP','DIP','OLAP','OLAPSYS','MDSYS','EXFSYS','MDSYS'))
  LOOP
  BEGIN
  EXECUTE IMMEDIATE 'GRANT USERS_SELECT ||' TO i.USERNAME;
  EXCEPTION
  WHEN OTHERS THEN
  NULL;
  END;
  END LOOP;
  END;
  ORA-06550: line 10, column 41:
  PLS-00103: Encountered the symbol "TO" when expecting one of the following:
  * & = - + ; < / > at in is mod remainder not rem return
  returning <an exponent (**)> <> or != or ~= >= <= <> and or
  like LIKE2_ LIKE4_ LIKEC_ between into using || multiset bulk
  member SUBMULTISET_
  The symbol "* was inserted before "TO" to continue.
  SQL>
  I double check syntax is OK. what is wrong?
  Thanks for help!
  Jim

  Try:
  EXECUTE IMMEDIATE 'GRANT RAC_SELECT TO '|| i.USERNAME;And remove this part, which is for 99.99% a bug:
  EXCEPTION
  WHEN OTHERS THEN
  NULL;
  ENDOnly catch errors you expect...

• Role Issue?

  Hi,
  I have created one role say SELECT_ROLE and now i want to add grant select on all the segments of XYZ schema to SELECT_ROLE. XYZ schema has 20,000 segments. How can i do this in one shot?
  DB version is 10.2.0.3
  Thanks

  There's no such system privilege available. You will have to grant explicitly on individual objects to that ROLE or any user. Or grant SELECT ANY TABLE to that role (but this will compromise security)
  Begin
    For i in (select object_type, object_name from dba_objects where owner='XYZ')
    Loop
     If (i.object_type like 'TABLE' or i.object_type = 'VIEW' or i.object_type = 'SEQUENCE') Then
      Execute Immediate 'Grant select on XYZ.' || i.object_name || ' to SELECT_ROLE';
    Elsif (i.object_type in ('PROCEDURE', 'FUNCTION', 'TYPE', 'PACKAGE') ) Then
      Execute Immediate 'Grant execute on XYZ.' || i.object_name || ' to SELECT_ROLE';
    Elsif .............................
    End if;
  End;
  /If you use DBA_SEGMENTS, you will miss out on objects like VIEWS and stored procedures. So better to use DBA_OBJECTS/ALL_OBJECTS
  Edited : Included formatting for the code

• Imp/exp user/role issue

  using 10.1.0.3 linux
  Have an export file from an existing DB (full export). Need to import it into an blank DB but I get errors regarding users and roles not existing. I thought that a full export has all of that info to create in the new DB. How can I get this imported?

  Hi,
  That should work OK - i can only think there was a problem with the tablespaces getting created, so then the users failed to create and had a knock on effect in the rest of the export.
  Can you paste the fist 50 lines or so of the import logfile?
  Cheers,
  Harry