SOD Detour in Role Approval Workflow possible?
Hello GRC Experts,
we have implemented an Access Request Approval Workflow with a Detour Rule (GRAC_MSMP_DETOUR_SODVIOL).
The second workflow we are working at is the Role Approval Workflow. Is it possible to use the SOD Detour Rule also in Role Approval Workflow? I didnt find the SOD Detour Rule in the MSMP Role Approval Workflow.
We would like to implement a following Scenario:
if the role contains an SOD the request should take Path 1 and if not Path 2.
Is it in MSMP Standard possible or should we use BRF+ for creating a Detour Rule?
Thanks,
Best Regards
Sabrina
Hi Sabrina,
For Access Request workflow, we generally use GRAC_MSMP_DETOUR_SODVIOL to implement routing rule(based on detour condition - risk found). Purpose of same (if I am not mistaken) is to through the request to another level of approver wherein mitigation monitor agent reviews the mitigation performed by role owner stage and approve/reject the request.
But, when we create a role same is not the condition as we do not mitigate role level risk thus no need to go for mitigation monitor stage. May be you have some business scenario, if you can let us know will be gr8.
For the rule ID, did you try adding the rule ID ?(you may already know, still would like to cross check with you).
GRAC_MSMP_DETOUR_SODVIOL under list of rules for "
Role Approval Workflow" In the screenshot you have shown, just click on ADD feed -
Rule ID -GRAC_MSMP_DETOUR_SODVIOL.
Rule description - same as Access request.
Rule type - Function module based
rule kind - routing rule.
Add this and check if it works and let us know the result too.
Regards,
Nishant
Similar Messages
-
Role Approval workflow and generation
hi to all,
can you just suggest me, what is the role approval workflow and tell brief about it
give me any workflow
thanks in advance
RameshHi Ramesh,
Approval workflow is the way you can think of a process for approving a user to be created or assigned a group in the org. Example : User Create in HR -
> Manager gets email notification -
> Manager approves the user----
> Division manager gets notified -
> email sent to Helpdesk for a PC -
> etc.
Role Approval sounds like if the user is to be assigned a ROLE via an Approval Process before it gets created in LDAP. The provisioning will happan not just for the User but for the appropriate group according to the Role.
Dev -
Send Email Notification to Assignees in Role Approval Workflow in OIM 11g
Hi Experts,
I am using a Custom Workflow for Role Approval in OIM (11.1.1.5.4). It is a two stage Approval Process.
First level Approval is Requester's Manager and Second Level Approver are Role Owners(Two users who are Role Owner in OIM).
I want to send a Email Notification to this Assignees when a request is assignd to them . So i have done Email configurations in SOA. and i am receiving Mail in English.
But, the requirement is the mail's language should be dependent on Locale of these users.
for example if locale of Manager is German then Manager should recieve mail of Request assigned in German Language.
and after manager Accepts the request, Request goes to Role Approvers where we have two User, So mail should go to this two users according to their Respective Locale.
So how can i achive this????
Thanks!!
TJOne option would be to create views and then use the oob daily alert for each manager. If the number of managers is too much, then you should consider a custom timer job.
Your suggested approach is possible, but has potential issues in execution. I'd suggest the timer job first.
Andy Wessendorf SharePoint Developer II | Rackspace [email protected] -
OIM11g- Role Approval workflow Error
I am getting the follwing error message when I follow Custom Approval Process for Assign Role Scenario.Metalink article [1207077.1] Sample #8 Custom Approval Process for Assign Role Scenario
Prototype for invoking an OIM API from a SOA Composite
RTM Usecase: Organization Administrator
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.OIMClient.loginSessionCreated(OIMClient.java:209)
at oracle.iam.platform.OIMClient.login(OIMClient.java:136)
at oracle.iam.platform.OIMClient.login(OIMClient.java:129)
at orabpel.approvalprocess.ExecLetBxExe0.execute(ExecLetBxExe0.java:184)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELxExecWMP.__executeStatements(BPELxExecWMP.java:42)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy309.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=oim#11.1.1.3.0, module=iam-ejb.jar, ejb=ClientLoginSessionService, method=loginSessionCreatedx, methodInterface=Remote, signature={java.lang.String,java.lang.String}.
at weblogic.ejb.container.internal.MethodDescriptor.checkMethodPermissionsBusiness(MethodDescriptor.java:581)
at weblogic.ejb.container.internal.BaseRemoteObject.checkMethodPermissions(BaseRemoteObject.java:111)
at weblogic.ejb.container.internal.BaseRemoteObject.preInvoke(BaseRemoteObject.java:274)
at weblogic.ejb.container.internal.StatelessRemoteObject.__WL_preInvoke(StatelessRemoteObject.java:41)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:24)
at oracle.iam.platformservice.api.ClientLoginSessionService_1nfafx_ClientLoginSessionServiceRemoteImpl.loginSessionCreatedx(Unknown Source)
at oracle.iam.platformservice.api.ClientLoginSessionService_1nfafx_ClientLoginSessionServiceRemoteImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.cluster.ClusterableServerRef.invoke(ClusterableServerRef.java:230)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Login Successful
The request ID is 372
*This is +the error message from the Java Embedding task in the bpel.*
The bpel is going to the faulted state with the following errors.---------------------
<Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine> <BEA-000000> <The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" >
<Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine> <BEA-000000> <The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" . Root cause : null>
<Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.system> <BEA-000000> <Error while invoking bean "cube delivery": Exception not handled by the Collaxa Cube system.
an unhandled exception has been thrown in the Collaxa Cube systemr; exception reported is: "java.security.PrivilegedActionException: ORABPEL-02199
JTA transaction is not in active state.
The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
Consult the system administrator regarding this error.
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:373)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy309.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: ORABPEL-02199
JTA transaction is not in active state.
The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
Consult the system administrator regarding this error.
at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:107)
at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:67)
at com.collaxa.cube.engine.ext.common.InvokeHandler.checkIfTransactionIsActive(InvokeHandler.java:1346)
at com.collaxa.cube.engine.ext.common.InvokeHandler.__invoke(InvokeHandler.java:1048)
at com.collaxa.cube.engine.ext.common.InvokeHandler.handleNormalInvoke(InvokeHandler.java:586)
at com.collaxa.cube.engine.ext.common.InvokeHandler.handle(InvokeHandler.java:130)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:74)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
... 52 more
An internal exception has not been properly handled by the server.
Set the logging level for all loggers to debug, and resubmit your request again. The server log should contain a more detailed exception report.
Exception: java.security.PrivilegedActionException: ORABPEL-02199
JTA transaction is not in active state.
The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
Consult the system administrator regarding this error.
Handled As: com.collaxa.cube.CubeException
ORABPEL-02199
JTA transaction is not in active state.
The transaction became inactive when executing activity "100064-BpInv1-BpSeq2.6-2" for instance "100,064", bpel engine can not proceed further without an active transaction. please debug the invoked subsystem on why the transaction is not in active status. the transaction status is "MARKED_ROLLBACK".
The reason was The execution of this instance "100064" for process "ApprovalProcess" is supposed to be in an active jta transaction, the current transaction status is "MARKED_ROLLBACK" .
Consult the system administrator regarding this error.
at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:107)
at com.oracle.bpel.client.util.TransactionUtils.throwExceptionIfTxnNotActive(TransactionUtils.java:67)
at com.collaxa.cube.engine.ext.common.InvokeHandler.checkIfTransactionIsActive(InvokeHandler.java:1346)
at com.collaxa.cube.engine.ext.common.InvokeHandler.__invoke(InvokeHandler.java:1048)
at com.collaxa.cube.engine.ext.common.InvokeHandler.handleNormalInvoke(InvokeHandler.java:586)
at com.collaxa.cube.engine.ext.common.InvokeHandler.handle(InvokeHandler.java:130)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BPELInvokeWMP.__executeStatements(BPELInvokeWMP.java:74)
at com.collaxa.cube.engine.ext.bpel.common.wmp.BaseBPELActivityWMP.perform(BaseBPELActivityWMP.java:158)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:2543)
at com.collaxa.cube.engine.CubeEngine._handleWorkItem(CubeEngine.java:1165)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1071)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:73)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:220)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:328)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4430)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:4361)
at com.collaxa.cube.engine.CubeEngine._createAndInvoke(CubeEngine.java:698)
at com.collaxa.cube.engine.CubeEngineSecurityManager$2.run(CubeEngineSecurityManager.java:84)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:47)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedExceptionAction.run(CascadeActionExecutor.java:79)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.security.Security.runAs(Security.java:61)
at oracle.security.jps.wls.jaas.WlsActionExecutor.execute(WlsActionExecutor.java:48)
at oracle.security.jps.internal.jaas.CascadeActionExecutor.execute(CascadeActionExecutor.java:52)
at com.collaxa.cube.engine.CubeEngineSecurityManager.performActionAsSubject(CubeEngineSecurityManager.java:67)
at com.collaxa.cube.engine.CubeEngine.createAndInvoke(CubeEngine.java:551)
at com.collaxa.cube.engine.delivery.DeliveryService.handleInvoke(DeliveryService.java:673)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleInvoke(CubeDeliveryBean.java:293)
at sun.reflect.GeneratedMethodAccessor1756.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
at sun.reflect.GeneratedMethodAccessor859.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy309.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionLocalMethodInvoker.invoke(SessionLocalMethodInvoker.java:39)
at com.collaxa.cube.engine.ejb.impl.bpel.BPELDeliveryBean_5k948i_ICubeDeliveryLocalBeanImpl.handleInvoke(Unknown Source)
at com.collaxa.cube.engine.dispatch.message.invoke.InvokeInstanceMessageHandler.handle(InvokeInstanceMessageHandler.java:35)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleMessage(DispatchHelper.java:140)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.process(BaseDispatchTask.java:88)
at com.collaxa.cube.engine.dispatch.BaseDispatchTask.run(BaseDispatchTask.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
>
<Nov 11, 2011 5:36:35 AM EST> <Error> <oracle.soa.bpel.engine.dispatch> <BEA-000000> <failed to handle message
ORABPEL-02199Could you able to resolve the issue, I have same as it is exception with my test.
Thanks in advance for the help. -
Mitigated risks workflow for SoD detour approval
Hi All,
Please assist. I have configured a workflow for requests as follows:
Super user submits request - Workflow to Business Analyst (if there are violations they can assign an existing mitigation control) - Auto Provision
If no existing control is available - Detour to SoD officer (to compile a new control with Business Analyst) - workflow to GRC administrator to capture new control on the system - Auto provision
The problem that I have now is with the first part of the workflow wherein there are violations and there is a control in place that can be applied to mitigate the risk. If mitigate the risks associated with the request, the worflow still goes to SoD officer in spite of all risks mitigated.
Is there a way I can set this to enforce the assigned controls? Checking from RAR, the user is only linked to the control upon closing the request.
I have set Risk Analysis defaults on CUP to "Consider Mitigation Controls"
GRC 5.3 SP13
Any help will be appreciated.
Thanks,Hi Sabrina,
For Access Request workflow, we generally use GRAC_MSMP_DETOUR_SODVIOL to implement routing rule(based on detour condition - risk found). Purpose of same (if I am not mistaken) is to through the request to another level of approver wherein mitigation monitor agent reviews the mitigation performed by role owner stage and approve/reject the request.
But, when we create a role same is not the condition as we do not mitigate role level risk thus no need to go for mitigation monitor stage. May be you have some business scenario, if you can let us know will be gr8.
For the rule ID, did you try adding the rule ID ?(you may already know, still would like to cross check with you).
GRAC_MSMP_DETOUR_SODVIOL under list of rules for "
Role Approval Workflow" In the screenshot you have shown, just click on ADD feed -
Rule ID -GRAC_MSMP_DETOUR_SODVIOL.
Rule description - same as Access request.
Rule type - Function module based
rule kind - routing rule.
Add this and check if it works and let us know the result too.
Regards,
Nishant -
ERM - CUP Approval Workflow E-mails
Hello gurus,
We are experiencing an issue with Role Expert (ERM) to Access Enforcer (CUP) role approval workflow. When a role reaches the approval stage in ERM, an e-mail notification with a link to CUP approval is sent to the designated approver's LDAP e-mail address. This functions properly. Following approval or rejection of the role, another e-mail should be sent to the requester's e-mail address to inform him/her that the role has been approved/rejected. This e-mail is not functioning. We have the same e-mail address configured in the LDAP, UME, and back-end SAP system, but this e-mail address is not receiving any notification of approval/rejection.
This functionality is appropriately configured in CUP with the following:
Name: RE_APPROVAL
Workflow Type: Role Expert
Approval Determinator: RE_APPROVAL
Request Wait Time (Days): 0
Request Wait Time (Hours): 0
Escalation Configuration: None
Approval Type: Any One Approver
[No e-mail group]
Request Rejection: Yes
Re-Route: No
Confirm Approval: Yes
Confirm Rejection: Yes
Reject By Email: No
Approve By Email: No
Forward Allowed: No
No additional security.
Has anyone seen this issue before? Any advice for troubleshooting will be greatly appreciated.
Thanks,
JoyHi everyone,
We are experiencing something similiar as Joy related.
We have configured in CUP 5.3 a workflow for ERM role approval with two stages.
In both stages, the e-mail notification with a link to CUP approval is sent to the designated approver's e-mail address, but following approval or rejection of the role, the e-mail informing the role has been approved/rejected is not sent to the requester's e-mail address.
In the first stage, the CAD is configured to send the request to the approver defined in the role in ERM (web service). In this stage, the requester's e-mail address is not receiving any notification of rejection but do recives all notifications of approval.
The second stage is configured with a fixed approver, and in this case the requester's e-mail address is not receiving any notification of approval nor rejection.
Any suggestions of what can we do to make this work?? We wolud like that both (approval and rejection) notifications be sent to the requester's requester's e-mail address.
Or, if it is possible, can CUP be configured to send e-mail notifications of approval and rejection ONLY in the LAST stage of the workflow??
Regards,
Pablo -
AE 5.2 - Detour Workflows - One of the Role Approver not found
Hi All,
My question is regarding using the Detour workflow functionality for the situation below - pls let me know if this possible or if any alternates are available.
- Main path has 2 stages (1) manager approver, (2) Role Approver.
If the Requestor asks for a Role that Does not have a Role Approver we would like to route this request to the Security lead.
- I have created a Detour Path with 1 stages - Secuity lead and associated with Stage 2 (Role approver) of the Main path based on the condition "No Role Owners"
- I still get the error "Approver not found at Stage @@@@"
Is the condition "No Role Owner" in the Detour workflow config for "Role Expert" workflows or for Access requests?
Is it possible to route the Request to Security if the Role being requested does not have a Role Approver? IF yes How?
thanks
THi,
sometimes in the Detour configuration you have the problem that the "Save" action is not saved properly.
If this entry is empty, please go into edit mode and save the detour config again, so that the action will actually display "Save".
Hopefully it works, then.
Regards,
Daniela -
Issue with Inactive Approver Role in Workflow definition
Hi Experts,
we are having issue with Inactive Approver Role in workflow definitions.
we have created workflow for Master agreements and Projects. Phases and workflow are working fine.
But the issue is when a programmatically added approver has completed the approval activity, collaborator role is not changing from approver role to Inactive Approver Role mentioned in workflow definition. For example, you might select Reviewer in Inactive Approver Role, Then Selected collaborator role to be given to programmatically added approvers when the approval activity is completed.
This is functionality not happening when project or contract document approved and workflow completed in project and MA. we have followed all the standard functionality when we have created workflow. Please see screen shot for the same.
Can anyone please tell me is there any functionality we missed it or do we need to write any script in xpdl or do we need to check anything with collaborator role or with security profiles.
we have checked with other roles also same issue coming.
This Reviewer is in active state and have Readonly profile. We don't have Pre script in this workflow because we are using standard approval.
Thanks in advance!
LavaThanks gary for your helpful answer.
As per your answer We have added the approver role in the prescript so that it gets added programmatically , still no luck.
here is the script we wrote in prescript.
import com.sap.eso.api.common.*;
import com.sap.eso.api.projects.*;
import com.sap.odp.api.workflow.*;
import com.sap.odp.api.usermgmt.masterdata.*;
import com.sap.eso.api.doc.collaboration.*;
import com.sap.eso.api.doccommon.masterdata.*;
import com.sap.eso.api.ibean.*;
import com.sap.odp.api.ibean.*;
import com.sap.eso.api.contracts.*;
import com.sap.odp.api.doc.collaboration.*;
collaboratorsCollection = doc.getCollectionMetadata("COLLABORATORS").get(doc);
if (collaboratorsCollection.size() > 0)
for (int i = collaboratorsCollection.size() - 1; i >= 0; --i)
collaboratorsCollection_member = collaboratorsCollection.get(i);
if (hasValue(collaboratorsCollection_member))
collaboratorRole = collaboratorsCollection_member.getCollaboratorRole().getDisplayName();
// Get approver of Role "Approver".
if(collaboratorRole.equals("Approver"))
principal = collaboratorsCollection_member.getPrincipal();
if (hasValue(principal))
addApprover(principal);
Do you have any other suggestions? or if you have any related code snippet please share with us. -
Set SoD detour condition on path level?
Dear forum,
We have a parallel workflow where the different paths are divided by business processes.
We want that SoD free paths continue as normal. Problematic paths are sent for resolution.
The problem as I see it is that the SoD detour condition is set on request level, not path level. Both problematic and non-problematic paths will meet the condition and are pushed into the detour. The non-problematic path will get stalled, because it has to wait for mitigation approval. Is there any workaround?
Kind Regards,
Vit V.Hi Jose,
We have different detour paths for every parallel path. But if any SoD conflict is detected, the SoD condition is met for all paths and are pushed into the detour(s). Have you successfully tested it?
Example:
Main Paths
P1
P2
P3
Stages
_1: Manager
_2: Role Owner
_3: BPO (CAD business process of role)
P1_1
P1_2
P1_3
P2_1
P2_2
P2_3
P3_1
P3_2
P3_3
Detours (1-stage with mitigation controll approver)
P1_DT
P2_DT
P2_DT
SoD detour takes place at stages:
P1_2
P2_2
P3_2
Problem 1: If the SoD conflict condition is met, all paths are pushed into their detours
Problem 2: Let say we have two paths with SoD conflicts, a third one is not. Two mitigation controlls are applied. All three paths are pushed into their detour paths for mitigation approval.
Worst case scenaro:
Conflicting path 1: Mitgation Approver 1 approves
Conflicting path 2: Mitgation Approver 1 + Mitgation Approver 2 Approves
Non-conflicting path: Mitgation Approver 1 + Mitgation Approver 2 Approves
kind regards,
vit v -
Hi experts,
I'm trying to understand what's needed to remove user roles using workflow. My understanding was that I needed to use the same workflow for user provisioning and just treat the removal as a user change (SAP_GRAC_ACCESS_REQUEST) but when executing the workflow I get the word "ERROR" under "Stage Status" (even thought nothing is showing up on SLG1 or ST22). Is there something that needs to be added to the workflow to allow the removal of roles? We are on GRC 10.1This is what I see on GRFNMW_DBGMONITOR_WD. The detour condition is coming with an Error but when I simulate the conditions for that request I get expected results. After the error message the request staus goes to "Decision Pending" but it doesnt show any approver.
-
SOA Approval Workflow - Questions
Hello,
i created a simple approval workflow, which assigns a request to the creator.
I use the following expression:
Identification Type: User
Data Type: By Expression
Value: /task:task/task:payload/task:
Now, i want to assign the request to a group/role of the request. All members of this group could accept/reject the request.
How to set this expression?This works, but i need a dynamically solution.
If a user of group A do a request, this should be assigned to group A
If a iuser of gorup b do a request, this should be assigned to group B
My solution is at the momente "hard coded". I need for each group another workflow
Is it possible create one dynamic workflow for all groups? -
Approval Workflow for multiple Entitlements
Hi Experts,
I want to create an approval Workflow such that, When a user requests for a role the request should go to the User's manager.
The Role has an access policy with with 5 Resource Objects, and each RO has 5 entitlements. and after the manager approves the request should go to entitlement owner.
The No of resources binded with access policy and entitlements in each RO wont be fixed.
How can we handle this situation.?
One approval policy on Assign Role Request with so many approval tasks decided at run time, at that many callbacks. Is it possible even?
Thanks
SjitCheck these links
https://slingeronline.wordpress.com/2013/02/27/setting-cancel-on-first-rejection-on-an-spd-workflow/
http://sharepointduffbert.com/2014/06/17/getting-an-spd-approval-workflow-to-cancel-on-rejection-or-change/
https://social.msdn.microsoft.com/Forums/office/en-US/c212e5d7-f7bf-4f17-be16-374e02652dbb/reject-stop-workflow-not-working?forum=sharepointcustomizationprevious
https://social.msdn.microsoft.com/Forums/sharepoint/en-US/a2d0a259-f8ca-48cf-b9ab-0c9387329502/sharepoint-designer-workflow-how-to-jump-back-to-previous-workflow-step?forum=sharepointcustomizationprevious
Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply. -
Role approver - automatical approver
Hi,
We are testing IDM in our organization and we have following scenario. Managers of department are defined as role approvers. For example manager of operative is defined as role approver for role RW_access_operative. As manager of department is also responsible for adding this role to users in his department. Is it possible to setup IDM this way: If manager add role to the user and he is also role approver (and he is only one approver) the IDM will automatically approve this role assignment for it. As managers are complain that they must assign role and then approve it :-( which is time consuming ...
Thanks for answerIn your workflow, add a condition where you generate the approvers list.
1. Read all the approvers for the role selected.(May be a configuration)
2. If the above list contains only 1 approver = WF owner (Who initiated the workflow), set the list to null and set the variable to approved or true, (so that the rest of the workflow will proceed as if the request is approved).
3. If the list from #1 has more than 1 approver id, remove the case owner id from the list and generate the approval workitem for the rest of the approvers.
Thanks, -
Approval workflow error when creating a new custom entity in FIM 2010 R2
Hello,
i'm hoping somebody here can help, me i've been struggling with this for some time now. On a fresh FIM installation i create a custom entity named "Role" and add a few custom attributes.
I then create an approval workflow and MPR for normal users to create entities of type Role, but another user must approve this request. The other user has a working mailbox - i've tried firing an action workflow that sends a mail notification when someone
creates a new role and it is working fine. But, when i enable my approval workflow (the only field i changed from default is the approver) on the MPR, the workflow always failes with the message:
Error processing your request: The operation was rejected because of access control policies.
Reason: The server workflow rejected the operation.
Attributes:
Correlation Id: 750a558a-d3e4-4216-b16a-e76d79f011ec
Request Id: feaabbc9-dea4-49a3-8b29-65b77de6f8fd
Details: The Workflow Instance '04202cc0-14a3-410c-a3fc-2d6e5d25ebe6' encountered an internal error during processing. Contact your system administrator for more information.
I enabled tracing and this is what i found:
Microsoft.ResourceManagement Verbose: 0 : Creating WorkflowServiceHost for XOML Definition:\n<ns0:SequentialWorkflow ActorId="00000000-0000-0000-0000-000000000000" RequestId="00000000-0000-0000-0000-000000000000" x:Name="SequentialWorkflow"
TargetId="00000000-0000-0000-0000-000000000000" WorkflowDefinitionId="00000000-0000-0000-0000-000000000000" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/workflow"
xmlns:ns1="clr-namespace:System.Workflow.Activities;Assembly=System.WorkflowServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856
ThreadId=8
DateTime=2013-09-04T15:17:10.0496188Z
Microsoft.ResourceManagement Information: 1 : 1 : : Invalid Element 'ReceiveActivity.WorkflowServiceAttributes' found while deserializing an object of type 'Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity'.
ThreadId=8
DateTime=2013-09-04T15:17:10.1277486Z
Microsoft.ResourceManagement Information: 1 : 1 : : Invalid data found while deserializing an object of type 'Microsoft.ResourceManagement.Workflow.Activities.ApprovalActivity'.
ThreadId=8
DateTime=2013-09-04T15:17:10.1277486Z
Microsoft.ResourceManagement Verbose: 0 : A WorkflowRuntime is not available for this WorkflowDefinitionVersionKey '20'.
ThreadId=8
DateTime=2013-09-04T15:17:10.1277486Z
Microsoft.ResourceManagement Error: 3 : Workflow host activation failed for workflow definition id : 231457c6-d044-4cc7-839f-98e5cf88f514, version key: 20. Exception: Object reference not set to an instance of an object. at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHost(ResourceManagementWorkflowDefinition
workflowDefinition, Boolean suspendWorkflowStartupAndTimerOperations)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()
ThreadId=8
DateTime=2013-09-04T15:17:10.1277486Z
Microsoft.ResourceManagement Information: 1 : The service has updated the list of active hosted workflow definitions to sequence number '1'.
This happened on two separate FIM deployments, but both of them were set up in the same way. What am i missing here?
Thank you,
Martin(...) What am i missing here? (...) - Sharepoint 2013 and probable bug in FIM related to it. Check this thread for workaround
and resolution:
http://social.technet.microsoft.com/Forums/en-US/1b76672d-1276-4c71-b9fc-5bb1fcb36877/event-id-3-with-approval-activity?forum=ilm2
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl -
I am trying to add a new workflow to a document library with the below mentioned settings and getting error saying "This form cannot be opened in a web browser. to open this form use microsoft infopath" while adding a new Approval - Sharepoint
2010 and Publishing Approval workflow" . For your information the I have checked the server default option to open in browser.
Versioning Settings.
Error
This is quiet urgent issue . Any help would be really helpful.. Thanks..Hi Marlene,
Thank you very much for your suggestions.
But I am not creating a custom workflow in designer as Laura has mentioned. I am instead trying to create a new Out of the box Approval Workflow and I get the error mentioned above.
As it works in other environment, I tried figuring out the possible differences which can lead to this error.
Today I found one difference which is there are no form Templates within Infopath Configurations in Central Admin. Now I am trying to figure out what makes this form templates to be added to the template gallery.
Regards,
Vineeth
Maybe you are looking for
-
VO with bind variable defined in SQL is not updated correctly
Hi Experts, I have one simple question here, could you please help answer? Thanks a lot! I have 2 pages, the first page displays an employee table, the second page shows some details related to the selected employee. When select one employee and clic
-
How do I get rid of what appears to be 'ghosting' with previous and now 4.0.1 versions?
Using Windows 2000xp. Decided to uninstall Firefox completely and then download 4.0.1 for re-install. Problem persists.
-
How to find the BAPI for transfering data to VK11 T.code. Sunil.
-
Windows Live Mail Error ID: 0x80004004 and Windows Live Mail Error ID: 0x8004882E
Hello I am having trouble getting into Windows live. Here are the messages I get. Can you help me? Thank You, Mary
-
I downloaded photos from my MacBook to my new iPhone4S. I discovered several duplicates and would like to delete them. I have not been able to figure out how to do so. Please help?