Service level accounts and security policy

Similar Messages

• Service Level Accounts (error 500)

  Hi experts,
  We have performed a BPC7 installation at a client but it seems we are having some trouble, not with the install process itself but with client access (we are getting http error 500). 
  The problem seems to be linked with the service level accounts that the company has set-up for the BPC server. The company is very security-concerned so the system-admin account that has been provided has reduced rigths. The installl guide states that BPC sysadmin should be:
  - Member of the Local Administrators group
  - Member of the SQL Administrators group
  - Preferably be member of the domain users group (we're on a monoserver environment)
  We meet all three requirements but obviuosly we are missing something as we cannot access te server. The client web component works if we connect from the server.
  Does anybody know what these service-level-accounts minimum requirements are? The client is very security-aware and would like to keeep this account as restricted as possible
  Kind regads,
  Ibai Madariaga

  Hi Ibai
  From my understanding, HTTP 500 means internal server error, Have you tried modified your web.config file and chaning custom errors to off. This will provide you with a details exception message, which should hopefully point you in the right direction, also in your servers event log, are there any authentication failure events for the user which is running the Osoft components and services?
  You mentioned that that the client web component works if we connect from the server. do you mean when using the server console . i.e. Http://localhost/osoft ?
  If you are able to view the SAP BPC landing page from the server itself, and are only experiencing the issue from the clients connecting to the server, are you sure that the users have the neccesary rights on their local machines, has the server been added to the local users machines trusted sites configuration in IE?
  Kind Regards
  Daniel

• Error 404-not found? though services are up and security password look fine.

  Installed Enterprise Edition on server, Error 404-not found? though services are up and security password look fine.
  Thanks in advance,

  looks for the logs as why they were down. You can bring the managed server up by running the command
  sh ./startManagedWebLogic.sh bi_server1 http://hostname:7001> start_bi_server1.log &
  inorder to start the above without password you need to add the username and pwd in boot.properties under /MW_HOME/user_projects/domains/bifoundation_domain/servers/bi_server1/security and for admin server /MW_HOME/user_projects/domains/bifoundation_domain/servers/AdminServer/security
  and start the OPMN processes using command line ./opmnctl startall
  if any of the serivces wont start check the logs
  Thanks,
  RM

• PO for item of service Level short and long text using sap script

  Please let me know how to do the PO for item of service Level short and long text using sap script.
  <MOVED BY MODERATOR TO THE CORRECT FORUM>
  Edited by: Alvaro Tejada Galindo on May 5, 2009 10:25 AM

  Hi ,
        In the transaction related to PO select the path goto->header texts and then details of the texts like ID,objectname,language,name.Pass all theses details to 'READ_TEXT '   FM. Then you will get text lines described for a perticular Po ,similarly for item also.
  Thanks,
  Suma.

• Need info regarding Oracle UCM Accounts and Security Groups behaviour

  Need information regarding Oracle UCM Accounts and Security Groups behaviour.
  Oracle UCM version: 11.1.1.5.0
  Steps:
  1. Log in with "weblogic" user and created a content with id "content1"
  2. Applied "@acc1(R)" and "TestGroup1" to the cotent created in step 1
  3. Log out
  4. Log in as "acc1user1", the user is not able to see the "content1"
  5. Log out
  6. Log in as "role1user1", the user is not able to see the "content1"
  Account and Group information:
  1. User "acc1user1" is part of "@acc1(R)"
  2. User "role1user1" is part of "role1(R)" and is mapped to "TestGroup1" in UCM
  Expected:
  Both "acc1user1" and "role1user1" should be able to see "content1" as they have at least Read permission.
  Please help me understand why the users are not able to see the content.

  ACLs, like Accounts, are optional security setting which may add on some extra functionality to mandatory security groups. Likewise, the resulting permission is taken as an intersection of SG and ACLs.
  But in the second part the number of set of users is huge (approx say 600)I don't get this completely. Does this mean that those "sets of users" (users who see the same data) are distinct and that there is 600 of such groups?
  If you read thoroughly the manual I sent earlier, there is a recommendation that there should be maximum 50 security groups, and you should use accounts, should this number be exceeded. This means you could have all the documents in one security group (and have one common role with Read permission), but combine it with accounts. ACLs are not a good choice here - their performance and manageability is much worse than of accounts. ACLs are primarily used if you expect security settings to change during the lifetime (e.g. a project manager adds temporarily rights to access an item to another user, and revokes it when the user finishes his or her work).
  Note that accounts as well as permissions of users within accounts can also be mapped externally (from LDAP/AD) and it usually follows some kind of org chart.
  I'd feel more comfortable not to speak about users, security groups, roles, etc., but about some real-life objects and scenarios.

• Socket and Security Policy

  I've tried to set experiment with Socket communication in Flex, but I keep hitting problems. Approach 1: in a Flex web app, I load a crossdomain security policy from a server. I then open a socket and write a few bytes to the server. In my server, I do not get the expected output on the stream--in fact, I get nothing at all--until I close the Flex application, at which point I get a seemingly inifinite stream of the bytes '0xEFBFBF'. Here's a hexdump view of a fragment of the data Flash Player sends to the server after I close the Flex app:
  00000130  ef bf bf ef bf bf ef bf  bf ef bf bf ef bf bf ef  |................|
  00000140  bf bf ef bf bf ef bf bf  ef bf bf ef bf bf ef bf  |................|
  00000150  bf ef bf bf ef bf bf ef  bf bf ef bf bf ef bf bf  |................|
  Approach 2: I then tried it in air, but although the connection seems to initiate properly and I can go through the above trivial client-server interaction, after a few seconds, I get a SecurityErrorEvent. From what I've been able to follow of the docs, Air applications are trusted in this respect, and should not need to load security policy, right? I tried to add a call to Security.loadPolicy(), but it seems to be ignored. This is the message flow:
  Received [class Event] connect
  Received [class ProgressEvent] socketData
  Received [class Event] close
  Received [class SecurityErrorEvent] securityError
  Security error: Error #2048: Security sandbox violation: app:/main.swf cannot load data from localhost:5432.
  The Air version of my client code is below:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
  <mx:Script>
      <![CDATA[
          var str:Socket;
          private function handleClick(e:Event):void {
              Security.loadPolicyFile("xmlsocket://localhost:2525");           
              str = new Socket('localhost', 5555);
              var message:String = 'hello';
              for (var i:int = 0; i < message.length; i++) {
                  str.writeByte(message.charCodeAt(i));               
              str.writeByte(0);
              str.flush();
              str.addEventListener(Event.ACTIVATE, handleEvent);
              str.addEventListener(Event.CLOSE, handleEvent);
              str.addEventListener(Event.CONNECT, handleEvent);
              str.addEventListener(Event.DEACTIVATE, handleEvent);
              str.addEventListener(IOErrorEvent.IO_ERROR, handleEvent);
              str.addEventListener(ProgressEvent.SOCKET_DATA, handleEvent);
              str.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleEvent);           
          private function handleEvent(e:Event):void {
               trace("Received", Object(e).constructor, e.type);
               if (e is ProgressEvent) {
                   var strBytes:Array = [];
                   while(str.bytesAvailable > 0) {
                       var byte:int = str.readByte();
                       strBytes.push(byte);
                   trace(String.fromCharCode.apply(null, strBytes));
               } else if (e is SecurityErrorEvent) {
                   trace("Security error:", SecurityErrorEvent(e).text);
      ]]>
  </mx:Script>
  <mx:Button label="test" click="handleClick(event)"/>   
  </mx:WindowedApplication>
  The server is in Java and is as follows:
  import java.net.*;
  import java.io.*;
  public class DeadSimpleServer implements Runnable {
      public static void main(String[] args) throws Exception {
          if (args.length != 2) {
              throw new Exception("Usage: DeadSimpleServer policy-port service-port");
          int policyPort = Integer.parseInt(args[0]);
          int servicePort = Integer.parseInt(args[1]);
          new Thread(new DeadSimpleServer(policyPort,
                                          "<?xml version=\"1.0\"?>\n" +
                                          "<cross-domain-policy>\n" +
                                          "<allow-access-from domain=\"*\" to-ports=\"" + servicePort + "\"/>\n" +
                                          "</cross-domain-policy>\n"
                     ).start();
          new Thread(new DeadSimpleServer(servicePort, "world")).start();
          while (true) Thread.sleep(1000);
      private int port;
      private String response;
      public DeadSimpleServer(int port, String response) {
          this.port = port;
          this.response = response;
      public String getName() {
          return DeadSimpleServer.class.getName() + ":" + port;
      public void run() {
          try {
              ServerSocket ss = new ServerSocket(port);
              while (true) {
                  Socket s = ss.accept();
                  System.out.println(getName() + " accepting connection to " + s.toString());
                  OutputStream outStr = s.getOutputStream();
                  InputStream inStr = s.getInputStream();
                  int character;
                  System.out.print(getName() + " received request: ");
                  while ((character = inStr.read()) != 0) {
                      System.out.print((char) character);
                  System.out.println();
                  Writer out = new OutputStreamWriter(outStr);
                  out.write(response);
                  System.out.println(getName() + " sent response: ");
                  System.out.println(response);
                  System.out.println(getName() + " closing connection");
                  out.flush();
                  out.close();
                  s.close();
          } catch (Exception e) {
              System.out.println(e);
  Am I missing something? From what I understand, either of these approaches should work, but I'm stuck with both. I have Flash Player 10,0,15,3 and am working with Flex / Air 3.0.0 under Linux.

  So... apparently, with the Air approach, this is what I was missing: http://www.ultrashock.com/forums/770036-post10.html
  It'd be nice if FlashPlayer gave us a nicer error here.
  I'm still trying to figure out what the heck is going on in the web app (i.e., non-Air Flex) example. If anyone has any suggestions, that would be very helpful.

• [ANN]  Online Seminars on Web Services Development Management and Security

  This week and the next, join us online here:
  http://www.oracle.com/technology/tech/java/newsletter/seminars.html
  Or catch the recordings.

  join us now here:
  http://conference.oracle.com/imtapp/app/cmn_jm.uix?mID=21194005&src=app/wel_public_mtgs

• Invoke a business service base in a WSDL with customer WS-Security Policy

  Customer write a Web service (Refer to the attachment file “HTTPS_PartyServicePortType.WSDL”)which declare a WS-Security Policy and apply this it to WS binding ,How can I generate a business service base in this WSDL and invoke it successfully?
  When create a business service in OSB, we get a error with below messages
  [[OSB Kernel:398133]The service is based on WSDL with Web Services Security Policies that are not natively supported by Oracle Service Bus. Please select OWSM Policies - From OWSM Policy Store option and attach equivalent OWSM security policy. For the Business Service, either you can add the necessary client policies manually by clicking Add button or you can let Oracle Service Bus automatically pick and add compatible client policies by clicking Add Compatible button.
  After enhanced the OSB domain with OWSM extension, we found the OOTB OWSM defined cannot support the HttpsToken and OSB cannot support below WS-Policy defined in OWSM, refer to http://docs.oracle.com/cd/E21764_01/doc.1111/e15866/owsm.htm#OSBDV1681
  51.2.8.1 Unsupported Assertion
  •     binding-permission-authorization
  •     http-security
  •     OptimizedMimeSerialization (MTOM)
  •     RMAssertion (Reliable Messaging)
  •     sca-component-authorization
  •     sca-component-permission-authorization
  •     UsingAddressing
  •     wss-saml-token-bearer-over-ssl (Authentication)
  it means that we cannot generate a web service with customer WS-security Policy
  The WS-Security Policy is shown as below:
  <wsp:Policy wsu:Id="WSHttpBinding_IPartyServicePortType_policy">
  <wsp:ExactlyOne>
  <wsp:All>
  <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
  <wsp:Policy>
  <sp:TransportToken>
  <wsp:Policy>
  <sp:HttpsToken RequireClientCertificate="false"/>
  </wsp:Policy>
  </sp:TransportToken>
  <sp:AlgorithmSuite>
  <wsp:Policy><sp:Basic256/></wsp:Policy>
  </sp:AlgorithmSuite>
  <sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout>
  </wsp:Policy>
  </sp:TransportBinding>
  <wsaw:UsingAddressing/>
  </wsp:All>
  </wsp:ExactlyOne>
  </wsp:Policy>
  BestRegards!
  Simon

  Hi
  According to
  http://e-docs.bea.com/wls/docs90/webserv/annotations.html#1050414
  If you are going to publish the policy file in the Web Service archive, the policy XML file must be located in either the META-INF/policies or WEB-INF/policies directory of the EJB JAR file (for EJB implemented Web Services) or WAR file (for Java class implemented Web Services), respectively.
  Can you make sure the policy file is in there?
  Also there is a sample from the developer at http://dev2dev.bea.com/blog/jlee/archive/2005/09/how_to_use_anno.html
  Vimala-

• Unified Communications Operations Manager 8.0: How can I get rid of exlamation marks in Service Level View?

  Hi all,
  In Operations Manager I open the Service Level View and there are 3 exclamation marks visible for some devices. I acknowledged all alerts & events and they are already cleared now, but I'd like to know if I can get rid of the exclamation marks in Service Level View too. Is this possible?
  Kind regards,
  Richard
  Message was edited by: Richard Bovens

  Nancy,
  You are God!
  It worked!
  Thanks.
  I have a dumb basic question which is sort of related to your shambles comment, which I don't deny is true.
  I am confused about whether style.css files get affiliated with each separate HTML page or whether there is just one style.css file that is affiliated with all my HTML pages. If they are separate CSS files, how do I separate each style.css file?
  Best, P.

• Application error while using security.policy feature

  I am learning Java by reading http://java.sun.com/docs/books/tutorial/
  While studying the "Security/Quick Tour of Controlling Applications" part I compile GetProps.java example:
  import java.lang.*;
  import java.security.*;
  class GetProps {
  public static void main(String[] args) {
  String s;
  try {
  System.out.println("About to get os.name property value");
  s = System.getProperty("os.name", "not specified");
  System.out.println(" The name of your operating system is: " + s);
  System.out.println("About to get java.version property value");
  s = System.getProperty("java.version", "not specified");
  System.out.println(" The version of the JVM you are running is: " + s);
  System.out.println("About to get user.home property value");
  s = System.getProperty("user.home", "not specified");
  System.out.println(" Your user home directory is: " + s);
  System.out.println("About to get java.home property value");
  s = System.getProperty("java.home", "not specified");
  System.out.println(" Your JRE installation directory is: " + s);
  } catch (Exception e) {
  System.err.println("Caught exception " + e.toString());
  When I run it without security manger it prints all the property as it has to:
  E:\Test>java -jar GetProps.jar
  About to get os.name property value
  The name of your operating system is: Windows XP
  About to get java.version property value
  The version of the JVM you are running is: 1.6.0_03
  About to get user.home property value
  Your user home directory is: C:\Documents and Settings\mikhail
  About to get java.home property value
  Your JRE installation directory is: C:\Program Files\Java\jdk1.6.0_03\jre
  When I run it with security manager it prints the first two properties only and throws AccessControlException on user.home property as it has to either:
  E:\Test>java -Djava.security.manager -jar GetProps.jar
  About to get os.name property value
  The name of your operating system is: Windows XP
  About to get java.version property value
  The version of the JVM you are running is: 1.6.0_03
  About to get user.home property value
  Caught exception java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
  But when I run it with security manager and security policy allowing access to user.home and java.home properties it nevertheless throws AccessControlException, in spite of that mypolicy file grants access to these properties:
  E:\Test>java -Djava.security.manager -Djava.security.policy=mypolicy -jar GetProps.jar
  About to get os.name property value
  The name of your operating system is: Windows XP
  About to get java.version property value
  The version of the JVM you are running is: 1.6.0_03
  About to get user.home property value
  Caught exception java.security.AccessControlException: access denied (java.util.PropertyPermission user.home read)
  Here is content of mypolicy file which I created by using policytool utility:
  grant codeBase "file:/E:/Test/" {
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "user.home", "read";
  My system:
  MS WindowsXP Professional, Servis Pack 2
  Sun SE JDK 1.6.0_03
  What am I doing wrong?
  Thank you, Mikhail.

  The last two days have been frustrating. The error above also appeared when I was trying to view one of the relationships in one of my entities.
  What seems to have been happening is Designer showed a relationship existing after it had been deleted. This seems to be a bug in Designer. These rouge links can be deleted in the RON (although if you try to look at their details the RON will crash with the error in original query). After this cleanup everything worked like clockwork.
  Hannah Fraser

• Service level agreement application

  we are considering investing in a service level agreement application through which we can better monitor and deliver more consistent, and predictable performance levels to our Oracle end users
  there are few applications that can do the job, including mercury, bmc, infovista.
  for the mercury solution there is a good online webinar coming up
  https://placeware.viewcentral.com/events/cust/single_event.asp?cid=mercint&pid=2&payment_type=USD&cbClass=16&signupkey=V-SLM
  has anyone used any of these applications for service level monitoring, and can share some thoughts on the selection process?
  thanks,
  Joe

  HI
  the BMC's Patrol is very goob monitoring, this work over OS, Oracle and more databases
  Check the BMC DBA tools, i don't remember the name, but yu can check it in
  http://www.bmc.com
  cheers
  Mario

• Is there any report for service level agreement monitoring?

  Regards,
  Lament

  Hello
  To configure the SLR Report, goto transaction DSMOP or DSWP
  in soution overview, choose your system (i'm suposing you already configured monitoring for your system)
  goto tab Solution Monitoring, choose operations setup on the left, and Service level reporting on the right.
  there you can activate service level reporting, and customize your report.
  If you need more help, let me know.
  Regards
  Geert

• EIM 4.3 - Service Levels

  Hello,
  I have been looking at setting service levels within an integrated EIM environment, and I can't seem to make the correlation between configuring them in my workflow and reporting.
  In my workflow, I setup two SL's.
     1 - Total Case Activity Time - 8 hours
     2 - Total Activity Time - 2 hours
  I can see how to setup alarms to notify my supervisors if I am going to exceed my SL set above.
  For reporting... I don't see where these service levels are tied into my reports. It looks to me like I need to set a service level manually for each report I would like to do.
  I figured Service Levels were kind of like call types, in that I would run a service level report and it would return data based on emails hitting that service level, etc.
  If someone has created reports based on the service levels they entered in their workflow, can you let me know what you chose?
  Thanks!
  Barry

  Hi Matthew,
  Unfortunately the service levels you enter are just for monitoring and notifying. The actual reports you run, you need to specify the service levels in there manually.
  Other than that, I have found no other work around, or had the opportunity to engage eGain directly to try to talk about this.
  Thanks!
  Barry

• Service Level Management

  dear all
  I'm looking for the meaning of "Service level management" and it purpose in SAP solution manager. can someone tell me what it is really?
  Thanks for your help

  Hi
  Check the foll links
  https://websmp110.sap-ag.de/~sapidb/011000358700000059852008E
  https://websmp110.sap-ag.de/~sapidb/011000358700000873942006E
  https://websmp110.sap-ag.de/~sapidb/011000358700006405632006E
  http://help.sap.com/saphelp_smehp1/helpdata/en/c7/6b1ec041ae44e28df020b232cb5fb4/frameset.htm
  http://www.sap-press.com/products/Service-Level-Management-%252d-the-ITIL-Process-in-SAP-Operations.html
  Regards
  Prakhar

• Passing 'Service Level' from Forwarding order to Freight order

  Hi All,
  If I create a Forwarding order with Service Level "XYZ" and create a freight order from it,
  the service level 'XYZ' is not passed on to the Freight order Service Level field.
  Instead of 'XYZ' it is empty.
  When investigated found out that, freight order will take Service Level defined in the corresponding Freight order type.
  In my case, the Service level in Freight order type is left Empty.
  Is there any workaround to bring the Service level from FWO to FO?
  Thanks & Regards,
  Michael.

  Hi Michael,
  It depends how you are creating a FO from forwarding order. Do you have FUs as linkage or you are creating FO directly by using FUBR?
  Thanks & Regards,
  Tarun Kumar