Security role document

Similar Messages

• Issue with generating a security role in program CRMD_UI_ROLE_PREPARE

  Hello -
    We have recently upgrade from CRM 2007 from CRM 4.0. We are working with the Business Roles and generating the security role from the business role using CRMD_UI_ROLE_PREPARE. We first create a simple test Business Role, a Z* copying from TPM_ROLE. Then we generated the security using CRMD_UI_ROLE_PREPARE. This was fine. Now was have copied a Business Role from TPM_ROLE that is one we want to use. We have created our own Z* Nav Bar and Role Config Key. This is working fine, but now when we try to generate using CRMD_UI_ROLE_PREPARE, the txt file is not generated, though there are no errors in the log. We can still generate the security role from our simple test. We have looked on line, and read the article in CRM Expert in June on Business Roles, but have not found the solution yet. Has anyone run into this?
  thanks
     George

  This is how I used this program:
  A. Generate required authorization objects
  1.     T-Code: SA38
  2.     Enter report CRMD_UI_ROLE_PREPARE and choose Execute.
  3.     Select your Business Role.
  4.     Choose language EN.
  5.     Choose Execute.
  Result: A file is created for each Business Role and saved on your computer in the SAP working directory. If you are working with Microsoft Windows XP, this file is saved in C:\Documents and Settings\<User ID>\SapWorkDir\.
  B. Assign authorization objects
  1.     T-Code: PFCG
  2.     Enter your Role and choose Change.
  3.     On the Menu tab choose Import from file and upload the file previously created.
  4.     Choose Save.
  Then adapt the authorizations if needed and choose Generate.
  Stephanie.

• Ejb security role & bea implementation

  A role has been defined in ejb-jar as following:
  <security-role>
  <description><![CDATA[Deployer User]]></description>
  <role-name>deployer</role-name>
  </security-role>
  <method-permission>
  <description><![CDATA[Deployer Method Permission]]></description>
  <role-name>deployer</role-name>
  <method>
  <description><![CDATA[All method for CCPStateBean]]></description>
  <ejb-name>CCPStateBean</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  If the principal is included in the weblogic-ejb-jar as below, and the jndi lookup
  includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>jzhu</principal-name>
  </security-role-assignment>
  The problem comes when the principal is not included as above weblogic-ejb-jar
  instead a role "deployer" is defined in WLS's, The user ("jzhu") is defined in
  the deployer group. And the deployer group belongs to deployer role. The defaultRoleMapper
  is enabled. In this scenario, the access failed due to insufficient permission.
  Can ejb-jar's role relates to WLS's role. Please advise. THX.
  -John

  Thanks for the information. It works. I wish bea monitor this newsgroup since this
  is not in their document. By the way, the following links clarifies the relationship
  between DD and admin console security configuration.
  http://edocs.bea.com/wls/docs70/security/cli_apps.html#1090734
  -John
  "Arjuna Chala" <[email protected]> wrote:
  I don't know about "defaultRoleMapper", but this works
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>deployer</principal-name>
  </security-role-assignment>
  where <role-name> maps to a ejb-jar role and <principal-name> maps to
  a
  weblogic group (in this case).
  "john" <[email protected]> wrote in message
  news:[email protected]..
  A role has been defined in ejb-jar as following:
  <security-role>
  <description><![CDATA[Deployer User]]></description>
  <role-name>deployer</role-name>
  </security-role>
  <method-permission>
  <description><![CDATA[Deployer Method Permission]]></description>
  <role-name>deployer</role-name>
  <method>
  <description><![CDATA[All method for CCPStateBean]]></description>
  <ejb-name>CCPStateBean</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  If the principal is included in the weblogic-ejb-jar as below, andthe
  jndi lookup
  includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
  <security-role-assignment>
  <role-name>deployer</role-name>
  <principal-name>jzhu</principal-name>
  </security-role-assignment>
  The problem comes when the principal is not included as aboveweblogic-ejb-jar
  instead a role "deployer" is defined in WLS's, The user ("jzhu") isdefined in
  the deployer group. And the deployer group belongs to deployer role.The
  defaultRoleMapper
  is enabled. In this scenario, the access failed due to insufficientpermission.
  Can ejb-jar's role relates to WLS's role. Please advise. THX.
  -John

• How to get security roles in a JSF portlet

  I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
  I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
  I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
  roleMaps.properties
  cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
  web.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <web-app version="2.4">
    <context-param>
      <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
      <param-value>server</param-value>
    </context-param>
    <context-param>
      <param-name>javax.faces.CONFIG_FILES</param-name>
      <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.validateXml</param-name>
      <param-value>true</param-value>
    </context-param>
    <context-param>
      <param-name>com.sun.faces.verifyObjects</param-name>
      <param-value>false</param-value>
    </context-param>
    <filter>
      <filter-name>UploadFilter</filter-name>
      <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
      <init-param>
        <description>
            The maximum allowed upload size in bytes.  If this is set
            to a negative value, there is no maximum.  The default
            value is 1000000.
          </description>
        <param-name>maxSize</param-name>
        <param-value>1000000</param-value>
      </init-param>
      <init-param>
        <description>
            The size (in bytes) of an uploaded file which, if it is
            exceeded, will cause the file to be written directly to
            disk instead of stored in memory.  Files smaller than or
            equal to this size will be stored in memory.  The default
            value is 4096.
          </description>
        <param-name>sizeThreshold</param-name>
        <param-value>4096</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>UploadFilter</filter-name>
      <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <servlet>
      <servlet-name>Faces Servlet</servlet-name>
      <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
      <init-param>
        <param-name>errorHost</param-name>
        <param-value>localhost</param-value>
      </init-param>
      <init-param>
        <param-name>errorPort</param-name>
        <param-value>25444</param-value>
      </init-param>
    </servlet>
    <servlet>
      <servlet-name>ThemeServlet</servlet-name>
      <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
    </servlet>
    <servlet>
      <description>Generated By Sun Java Studio Creator</description>
      <display-name>CreatorPortlet Wrapper</display-name>
      <servlet-name>VSMPortal</servlet-name>
      <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
      <init-param>
        <param-name>portlet-class</param-name>
        <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
      </init-param>
      <init-param>
        <param-name>portlet-guid</param-name>
        <param-value>VSMPortal.VSMPortal</param-value>
      </init-param>
    </servlet>
    <servlet-mapping>
      <servlet-name>ExceptionHandlerServlet</servlet-name>
      <url-pattern>/error/ExceptionHandler</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>ThemeServlet</servlet-name>
      <url-pattern>/theme/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
      <servlet-name>VSMPortal</servlet-name>
      <url-pattern>/VSMPortal/*</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
      <welcome-file>faces/null</welcome-file>
    </welcome-file-list>
    <error-page>
      <exception-type>javax.servlet.ServletException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>java.io.IOException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>javax.faces.FacesException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <error-page>
      <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
      <location>/error/ExceptionHandler</location>
    </error-page>
    <jsp-config>
      <jsp-property-group>
        <url-pattern>*.jspf</url-pattern>
        <is-xml>true</is-xml>
      </jsp-property-group>
    </jsp-config>
       <security-role>
            <role-name>Administrator</role-name>
       </security-role>          
  </web-app>
  portlet.xml
  <?xml version='1.0' encoding='UTF-8' ?>
  <portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
       <portlet>
            <description>Created By Java Studio Creator</description>
            <portlet-name>VSMPortal</portlet-name>
            <display-name>VSMPortal Portlet</display-name>
            <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
            <init-param>
                 <name>com.sun.faces.portlet.INIT_VIEW</name>
                 <value>/Uctarna.jsp</value>
            </init-param>
            <expiration-cache>0</expiration-cache>
            <supports>
                 <mime-type>text/html</mime-type>
                 <portlet-mode>VIEW</portlet-mode>
            </supports>
            <supported-locale>en</supported-locale>
            <portlet-info>
                 <title>VSMPortal</title>
                 <short-title>VSMPortal</short-title>
                 <keywords>Creator</keywords>
            </portlet-info>
            <security-role-ref>
                 <role-name>Administrator</role-name>
                 <role-link>Administrator</role-link>
            </security-role-ref>          
       </portlet>
  </portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

  Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

• CRM 2011: Can you control which form is used based not security roles, but on a field value?

  I see that you can control which form is used based on security roles, but can you control it based on other field values?  I'd like a new record to use a different form until a given status is updated.  I have a status of draft and active. So
  it would be nice if I could use form1 for those in draft, form2 for those that are active.  But I only see where you can control that via the security roles.
  I can code all of this via JavaScript, but having the ability to use two separate forms would be nice.  Is that even possible.
  Best regards,
  Jon Gregory Rothlander

  Hello,
  Recheck following article - http://gonzaloruizcrm.blogspot.com/2014/11/avoiding-form-reload-when-switching-crm.html
  Dynamics CRM MVP/ Technical Evangelist at SlickData LLC
  My blog

• How to use security roles in Weblogic server?

  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

  You should read the security information in the Servlet 2.2 specification
  that WL 5.1 implements:
  http://java.sun.com/products/servlet/download.html
  Chapter 11 deals with declarative and programmatic security, and includes a
  section on roles:
  11.4 Roles
  A role is an abstract logical grouping of users that is defined by the
  Application Developer or
  Assembler. When the application is deployed, these roles are mapped by a
  Deployer to security
  identities, such as principals or groups, in the runtime environment.
  A servlet container enforces declarative or programmatic security for the
  principal associated with
  an incoming request based on the security attributes of that calling
  principal. For example,
  1. When a deployer has mapped a security role to a user group in the
  operational environment. The
  user group to which the calling principal belongs is retrieved from its
  security attributes. If the
  principal's user group matches the user group in the operational environment
  that the security
  role has been mapped to, the principal is in the security role.
  2. When a deployer has mapped a security role to a principal name in a
  security policy domain, the
  principal name of the calling principal is retrieved from its security
  attributes. If the principal is
  the same as the principal to which the security role was mapped, the calling
  principal is in the
  security role.
  Cameron Purdy
  http://www.tangosol.com
  "Hari" <[email protected]> wrote in message
  news:[email protected]..
  Hello Gurus,
  I am new to Weblogic server and I am trying to investigate how to make
  use of security roles in weblogic server (5.1.0). Can anyone point me
  to some documentation. Specifically, I am looking for instance level,
  and method level security and how to use it.
  Thanks for taking your time to read this e-mail.
  Thank You all in advance,
  Hari.

• How to get security roles

  Hi All,
  I want to know how to get the security roles which we configured in adfsecurity.
  Regards,
  Smaran

  Hi,
  to get all roles associated with the current user, try
  SecurityContext secCtx = ADFContext.getCurrent().getSecurityContext();
  String[] roles = secCtx.getUserRoles();
  To get access to the roles defined on the system (not user specific) then this requires OPSS access. The JavaDocs are here:
  http://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e10686/toc.htm
  From the top of my head. this is how get access to the JPS context to query system resources.
  JpsContextFactory jpsfact = JpsContextFactory.getContextFactory();
  JpsContext jpxCtx = jpdfact.getContext();
  IdentityStoreService store = jpxCtx.getServiceInstance(IdentityStoreService.class);
  ... from here on I have no further hint without trying it myself. However, I hope I go you started
  Frank

• Map security roles to group within LDAP using external 3rd Party LDAP

  I'm haveing a problem mapping my logical role defined in my web.xml to a role within Active Directory. I'm currently authenticating using Active Directory succsfully, however after the user is authenticated I get a message from the OC4J container that my role can not be found. Can you map a logical role to group within Active Directory? Below are details about my configuration.
  Any help would be greatly appreciated.
  Log.xml log entry that confirms webtA is communicating successfully with AD.
  SG_TEXT>JAAS-LDAPLoginModule: authenticating user wmgraham</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>JAAS-LDAPLoginModule: DN for user wmgraham is cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  <MESSAGE>
  <HEADER>
  Error reported in the log
  <MESSAGE>
  <HEADER>
  <TSTZ_ORIGINATING>2008-08-27T11:38:05.991-04:00</TSTZ_ORIGINATING>
  <COMPONENT_ID>j2ee</COMPONENT_ID>
  <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
  <MSG_LEVEL>16</MSG_LEVEL>
  <HOST_ID>F2287032-W</HOST_ID>
  <HOST_NWADDR>30.30.16.14</HOST_NWADDR>
  <MODULE_ID>security</MODULE_ID>
  <THREAD_ID>14</THREAD_ID>
  <USER_ID>wmgraham</USER_ID>
  </HEADER>
  <CORRELATION_DATA>
  <EXEC_CONTEXT_ID><UNIQUE_ID>30.30.16.14:59560:1219851485804:6</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
  </CORRELATION_DATA>
  <PAYLOAD>
  <MSG_TEXT>for group=[JAZNGroupAdaptor: webta] there's no matching role found.</MSG_TEXT>
  </PAYLOAD>
  </MESSAGE>
  Web.xml Logical Role definition
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allpages</web-resource-name>
  <url-pattern>/servlet/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>WEBTA_J2EE_USER</role-name>
  </auth-constraint>
  </security-constraint>
  <security-role>
  <role-name>WEBTA_J2EE_USER</role-name>
  </security-role>
  Orion-web.xml This file maps the logical role defined in webxml to a group within Active Directory.
  <security-role-mapping name="WEBTA_J2EE_USER">
  <group name="webta"/> <-- Group defined in AD -->
  </security-role-mapping>

  What is the name of the group in AD (provide the DN) that you want to map the j2ee logical role WEBTA_J2EE_USER? What are the group search base and group mapping attribute?
  When wmgraham logs into the app, the 3rd party ldap login module will attempt to query for the groups wmgraham is a member of - this is done using the group search base configuration for the provider.
  In this example, the DN is "cn=wmgraham,ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and likely user search base is set to "ou=endusers,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi".
  Assuming group search base is (say) "ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi" and and group mapping attr is "cn", then the role mapping you mention should work for group DN "cn=webta,ou=groups,ou=itod,ou=endusers,ou=div20,ou=hq,dc=fbinet,dc=fbi"

• Invalid Security role-name error in Web Project

  Hi All,
  I have imported a J2EE application project built in JBOSS into NWDS 7.1.
  While building the project i get the following error
  <b>CHKJ3020E:Invalid Security role-name error: PEHNTAHO_ADMIN</b>
  This error directs me to the following code in web.xml
  <security-constraint>
            <display-name>Default JSP Security Constraints</display-name>
            <web-resource-collection>
                 <web-resource-name>Portlet Directory</web-resource-name>
                 <url-pattern>/jsp/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                 <b><role-name>PEHNTAHO_ADMIN</role-name></b>
            </auth-constraint>
            <user-data-constraint>
                 <transport-guarantee>NONE</transport-guarantee>
            </user-data-constraint>
       </security-constraint>
  <b>I have tried out the following things to resolve this issue :</b>
  <b>1) Remove the role manually</b>(as suggested by various people in other J2EE forums), but then some other error came in to picture
  <b>2)Then I added the following code in web.xml</b>
  <security-role>
            <role-name>PEHNTAHO_ADMIN</role-name>
       </security-role>
  Then the above mentioned build error gets resolved, but then I get the following error while deploying the application.
  Dec 3, 2007 12:59:21 AM /userOut/daView_category (eclipse.UserOutLocation) [Thread[Deploy Thread,5,main]] ERROR: Deploy Exception.An error occurred while deploying the deployment item 'sap.com_AnalyticsApp2EAR'.; nested exception is:
       java.rmi.RemoteException:  class com.sap.engine.services.dc.gd.DeliveryException: An error occurred during deployment of sdu id: sap.com_AnalyticsApp2EAR
  sdu file path: D:\usr\sap\CE1\J01\j2ee\cluster\server0\temp\tcbldeploy_controller\archives\191\AnalyticsApp2EAR.ear
  version status: HIGHER
  deployment status: Admitted
  description:
            1. Error:
  Cannot update application sap.com/AnalyticsApp2EAR. Reason: The application sap.com/AnalyticsApp2EAR will not be update, because its validation failed. Reason:
  ERRORS:
  Web Model Builder: com.sap.engine.frame.core.configuration.NameNotFoundException: The parameter/s in String "<?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
       <!-- whole web.xml-->
  </web-app>
  " is/are not defined and could not be substituted., file: AnalyticsApp2.war#WEB-INF/web.xml, column 0, line 0, severity: error
  WARNINGS:
  Web Model Builder: Following tests could not be executed because of failed precondition test "Web Model Builder" : Implicit Constraints Test, JSF Application Test, Mapping Test, Web File Existence Test, Web Class Existence Test, Security Role Test, file: AnalyticsApp2.war, column -1, line -1, severity: warning
  <b>3) I had also added the following code in web-j2ee-engine.xml</b>
  <security-role-map>
            <role-name>PEHNTAHO_ADMIN</role-name>
            <server-role-name>all</server-role-name>
       </security-role-map>
  but still i get the same deployment error.
  Please help me in resolving this problem.
  Can anybody tell me the use of role "PEHNTAHO_ADMIN"?
  Thanks and Regards,
  Sruti

  Hi Malathy,
  Once the users are created in Authentication Provider, and once the roles are created in Weblogic Server, You just have to map users to roles in Jazn-data.xml.
  Could you please let us know you created a roles named users in WLS ?
  Thanks & Regards,
  Murali.
  ============

• Unable to assign all security roles to a user with a new custom security role

  Dear All,
  Happy New Year.!
  I have a query regarding the assignment of Security Roles to new users in CRM. Normally we assign the security roles to new users via an Admin user who has 'System Administrator' security role assigned to him/her. This works perfectly fine, and we can assign
  any desired security role to the new user.
  However, in our case, we need to delegate the user creation rights to some of the client partners. We do not want to give them access to all the Administration functions; hence we created a new Security Role, lets say 'Support User Role'. We have provided
  'Create', 'Append', 'Append To', and 'Assign' rights on 'User' entity for this new security role. With this security role, we are able to create new users now, but we are only able to assign 'Agent' security role, not any other security roles.
  For example, if user 'x' has Security Role defined as 'Support User Role'. If 'x' tries to add a new user 'y', then 'x' is only able to assign 'Agent' security role to 'y', but not any other security role. As per business requirement, 'x' should be able
  to assign some other security roles, including 'Support User Role', to new user 'y'.
  I believe that there is something missing in Security Role configuration, which is causing the above problem. We compared both 'Support User Role' and 'System Administrator' security roles, but not able to figure out which minimum rights we can provide to
  'Support User Role' so that users with this security role can only add new users (with any security role), and that they are not having access on any other Administration features as well.
  Appreciate any help that you can provide on the above issue.
  Thanks in anticipation.

  Hi,
  Can you check if you have organization level Read access for Securitity Role and Organization level Assign access for Security role.
  Refer:-
  http://www.magnetismsolutions.com/blog/paulnieuwelaar/2013/04/22/permissions-required-to-manage-roles-in-dynamics-crm-2011
  Hope this helps!!!
  Thanks,
  Prasad
  Make sure to "Vote as Helpful" and "Mark As Answer",if you get answer of your question

• Need api for changing security role in web.xml !!

  My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
  I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
  Do I need to provide any more information ? Let me know
  Thanks,
  Karthick

  why and when do you change security-role? try to use ant task (perhaph you need xpath also). it´s the better when you perform task about life´s cycle of application.
  please, describe your problem.
  of course in you change web.xml you must restart the application.

• Will opening a pdf in version 8, that was created in version XI, automatically 'secure' the document?

  Will opening a pdf in version 8, that was created in version XI, automatically 'secure' the document?

  Thank you.

• Adobe Reader Crashes while opening Secure PDF Documents

  Hi,
  I have Adobe Reader 8.1.2. Up until today, i was able to open secure PDF documents without any issue. Suddenly, it started to give me errors, saying "Adobe Reader has encountered a problem and it needs to close. I have to tell Microsoft" and so on...
  I tried re-installing 8.1.0, secure documents opened a few times and then the same problem returned. I can open normal PDF documents but the problem is with the secure ones.
  Rebooting, re-installing again didn't help.
  What could be the issue and how to solve it? I have Trend Micro Antivirus s/w but i always had them all these days and everything was fine.
  Thanks
  anand

  Hi,
  Can someone help me on this please?
  I have tried removing Adobe Reader, re-install it but doesn't help. Secure documents do open sometimes but fail again. I have even tried removing Adobe Reader using MSI Cleanup Utility, no use.
  The problem seems to be in the imapdb.dll. An error report is generated by Windows XP but it is rather large to fit in here.
  I also Trend Micro Anti-Virus tool and it may have something to do with it is what i feel.
  Any help on how to solve this will be great.
  Thanks
  Kripaludas

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• How can I limit/control the addition of auth. objects to security roles?

  Checking the authorization object S_USER_VAL it seemed that it grants the ability to limit the addition of authorization objects, but I tried using a test ID in sandbox along with a test role, removing the object, creating ranges in order to limit to a certaing type of auth. objects and didn't work. S_USER_AGR will give me access to limit which type of roles I can modify, but I'm looking to restrict the addition of specific security objects to security roles. If anyone knows the answer to this please share! Thanks in advance for your help!!!!
  Edited by: Armando Salas on Nov 29, 2011 7:41 PM

  Hi Armando,
  Try with auth.obj. S_USER_AUT. A suggestion. Search this objects with tcode SU24, for instance, for tcode PFCG and it gives a list with objects.
  I hope this helps you
  Regards
  Eduardo