User is not authorized for RFC1
I created user with roles SAP_BC_USER_ADMIN and SAP_BC_AUTH_DATA_ADMIN. But user can not add roles to another user, and i get error "User USR_ADM is not authorized for RFC1".
What's wrong?
Hello
We have moved this thread to the SAP NetWeaver Administrator forum as this is not a PI specific issue. You will have a better chance of getting a quality answer to your query on this forum.
Can anyone assist with this query?
Regards
XI/PI Moderator
Similar Messages
-
Shared Services Console - User is not authorized for the action
Hi,
I have installed Essbase 11.11.3 and configured on Linux. I started EPM and then the Shared Services Console. I created a new group Poweruser and assigned a new user to it. I provisioned the group withall the rights of the admin. This all works.
When I log on with the new user on the Shared Service Console and go to Essbase Studio Server and click on the Essbase Studio Server application it gives me the message:
User is not authorized for the action
This is the same message as I get under the user admin. Can anyone tell me what I can possibly do to make it work.
The service for EAS is started properly. The one thing that is not configured is HBR.
PatrickHi,
What are you trying to achieve, provision a user for essbase studio ?
EAS is a separate product from Studio.
Cheers
John
http://john-goodwin.blogspot.com/ -
User not authorized for particular Transaction.
While running a Custom Transaction I m getting error that user is not authorized for that transaction.
how to solve this?Hi,
Try using FM C160_TRANSACTION_CALL. Let's see if this works.
OR
Create a custom program that calls your custom transaction code.
Hope this helps.
Benedict -
Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
IngoHi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo -
RECEIVER: ERROR: Access to requested resource is not authorized for user
Hi,
I installed two instances of COREid Federation in my machine. Also installed SiteMinder and LDAP. Source Domain of COREid (8101) uses LDAP as IdMBridge and Destination Domain (9101) uses SiteMinder as IdMBridge. I am trying to access the resource protected by the SiteMinder from the source domain using the URL which is constructed using the pattern given in the PDF:
http://mymachine.domain.com:8101/shareid/saml/ObSAMLTransferService?DOMAIN=DestinationDomain&method=POST&TARGET=http://mymachine.domain.com:8887/Source/Source.html
Assertions are generated and I can see the assertion in the Source domain and transferred to the Destination Domain.
when i try to access the Source.html protected with siteminder, I get the following error in the Destination Domain Shareid Log file:
ERROR - [http10113-Processor3] - RECEIVER: ERROR: Access to the requested resource is not authorized for user uid=username, ou=People, dc=xyz,dc=com
Please help me to solve this issue?
Note: When the resource is accessed directly, siteminder authorizes the same user.We also occationaly have this error. See my log for an example :
Transaction completed successfuly for DocEntry = 54358 : In company FIXTHISPLEASE on 3/2/2010 9:48:49 AM
Transaction completed successfuly for DocEntry = 54365 : In company FIXTHISPLEASE on 3/2/2010 10:24:55 AM
Transaction completed successfuly for DocEntry = 54403 : In company FIXTHISPLEASE on 3/2/2010 12:14:53 PM
-5006 - The requested action is not supported for this object. for DocEntry = 0 : In company FIXTHISPLEASE on 3/2/2010 1:38:45 PM
Transaction completed successfuly for DocEntry = 54424 : In company FIXTHISPLEASE on 3/2/2010 2:40:44 PM
Transaction completed successfuly for DocEntry = 54425 : In company FIXTHISPLEASE on 3/2/2010 3:01:51 PM
Transaction completed successfuly for DocEntry = 54426 : In company FIXTHISPLEASE on 3/2/2010 3:03:41 PM
Transaction completed successfuly for DocEntry = 54427 : In company FIXTHISPLEASE on 3/2/2010 3:05:12 PM
As you can see from 9:48am to 3:05pm, one occurance of this error occured. And they say that the transaction was
tried a few seconds later and it worked.
the STARTTRANSACTION() and ENDTRANSACTION() are used by the DI API so I'm really in the blank about this error and it starts to anoy the customer. Their SAP is 2007 SP01 PL08
Any concrete ideas about this ? -
User not authorized for message processing
Hi,
I have a SM59 connection from SAP PI --> SAP R3.
Targethost sapr3T.mydomain.
Path prefix: /sap/xi/engine?type=entry
Process: From PI send a message to R3 (scenarie is a Server Proxy...)
User: PIPROXY has Role SAP_XI_APPL_SERV_USER
This is not enought I get error "User not authorized for message processing" when trying the connection from my PI server. (I tried with SAP_ALL and then it works)
What would be the right user role for this operation ?
Br,
MartinHi all,
I have the same problem in a XI -> BW scenario (Abap proxy).
I get error "User not authorized for message processing" when try to send message from PI to BW.
(I tried with SAP_ALL and then it works)
User: PI1REMOTE has Role SAP_XI_APPL_SERV_USER and SAP_XI_IS_SERV_USER
What would be the right user role for this operation ?
Thanks
Daniele -
The connection was denied because the user account is not authorized for remote login
Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.
Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
I would like to know this answer, as well. I have created a new AD group for my assistant admins called "Domain Admins (limited)". I have added this group to the GP setting "Allow log on through Terminal Services", but the
assistant admins cannot log in through RDP. It 'feels like' this is all I would need to do.
Craig
Found some good info
here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
2) Permissions on the RDP-listener must also be granted. If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled. If you are trying to utilize a new, custom group (as I am),
then there isn't a way to do this via group policy (that I have found).
EDIT: Found the answer. I am creating a blog post to outline the steps. They aren't hard, but they're not self-explanatory. It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
don't have to touch each computer. I think the above poster (Andrey Ganev) got it right, but
I had trouble deciphering his instructions.
Here is my blog post that walks through this entire process, step-by-step. -
Hi Everyone,
I am having some issues accessing the methods in the datasource.cfc in the adminAPI.
I can successfully load the administrator CFC and am told that I have successsfuly logged in;
But when I try to subsequently load the datasource.cfc I get an error that the current user is unable to access the method.
/* Create an Admin API object and call the login method */
var local = {};
local.adminObj = createObject("component", "cfide.adminapi.administrator");
/* Enter your password for the CF Admin */
/* if you dump this - TRUE is returned */
local.adminObj.login(adminPassword="my_admin_user_password");
/* Create an object of datasource component */
local.dsnObj = createObject("component", "cfide.adminapi.datasource");
writeDump(local.dsnObj.getDataSources());
I tried creating separate admin users and passwords - yhinking that perhaps a revent hotfix had stopped the "admin" user from being allowed to use the adminAPI - but changing to a new adminuser yielded the same results.
I could login to the admin API with the new username and passsword - but could not access the datasource.cfc after that.
Here is the debug output from the error...
The current user is not authorized to invoke this method.
The error occurred in accessmanager.cfc: line 48
Called from datasource.cfc: line 52
Called from C:/inetpub/wwwroot/projectDir/trunk/Application.cfc: line 155
Called from C:/inetpub/wwwroot/projectDir/trunk/Application.cfc: line 52
Called from C:/inetpub/wwwroot/projectDir/trunk/Application.cfc: line 45
Called from C:/inetpub/wwwroot/projectDir/trunk/Application.cfc: line 1
-1 : Unable to display error's location in a CFML template.
Resources:
Check the ColdFusion documentation to verify that you are using the correct syntax.
Search the Knowledge Base to find a solution to your problem.
Browser
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
Remote Address
127.0.0.1
Referrer
Date/Time
22-Apr-13 01:09 PM
Stack Trace
at cfaccessmanager2ecfc974154242$funcCHECKADMINROLES.runFunction(E:/cf10_final/cfusion/wwwro ot/CFIDE/adminapi/accessmanager.cfc:48) at cfdatasource2ecfc1679861966$funcGETDATASOURCES.runFunction(E:/cf10_final/cfusion/wwwroot/ CFIDE/adminapi/datasource.cfc:52) at cfApplication2ecfc498167235$funcPREREQUISITESTART.runFunction(C:/inetpub/wwwroot/projectD ir/trunk/Application.cfc:155) at cfApplication2ecfc498167235$funcINIT.runFunction(C:/inetpub/wwwroot/projectDir/trunk/Appl ication.cfc:52) at cfApplication2ecfc498167235._factor5(C:/inetpub/wwwroot/projectDir/trunk/Application.cfc: 45) at cfApplication2ecfc498167235.runPage(C:/inetpub/wwwroot/projectDir/trunk/Application.cfc:1 )
coldfusion.runtime.CustomException: The current user is not authorized to invoke this method. at coldfusion.tagext.lang.ThrowTag.doStartTag(ThrowTag.java:142) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2799) at cfaccessmanager2ecfc974154242$funcCHECKADMINROLES.runFunction(E:\cf10_final\cfusion\wwwroot\CFIDE\adminapi\accessmanager.cfc:48) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2432) at cfdatasource2ecfc1679861966$funcGETDATASOURCES.runFunction(E:\cf10_final\cfusion\wwwroot\CFIDE\adminapi\datasource.cfc:52) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.filter.SilentFilter.invoke(SilentFilter.java:47) at coldfusion.runtime.UDFMethod$ReturnTypeFilter.invoke(UDFMethod.java:405) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:655) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:444) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:414) at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:2432) at cfApplication2ecfc498167235$funcPREREQUISITESTART.runFunction(C:\inetpub\wwwroot\projectDir\trunk\Application.cfc:155) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.runtime.UDFMethod$ReturnTypeFilter.invoke(UDFMethod.java:405) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:2659) at cfApplication2ecfc498167235$funcINIT.runFunction(C:\inetpub\wwwroot\projectDir\trunk\Application.cfc:52) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:2659) at cfApplication2ecfc498167235._factor5(C:\inetpub\wwwroot\projectDir\trunk\Application.cfc:45) at cfApplication2ecfc498167235.runPage(C:\inetpub\wwwroot\projectDir\trunk\Application.cfc:1) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:244) at coldfusion.runtime.TemplateProxyFactory.resolveComponentHelper(TemplateProxyFactory.java:538) at coldfusion.runtime.TemplateProxyFactory.resolveName(TemplateProxyFactory.java:234) at coldfusion.runtime.TemplateProxyFactory.resolveName(TemplateProxyFactory.java:159) at coldfusion.runtime.TemplateProxyFactory.resolveFile(TemplateProxyFactory.java:120) at coldfusion.cfc.CFCProxy.<init>(CFCProxy.java:138) at coldfusion.cfc.CFCProxy.<init>(CFCProxy.java:84) at coldfusion.runtime.AppEventInvoker.<init>(AppEventInvoker.java:64) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:232) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:112) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:79) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:414) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:204) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
And here is the listed exceptions, beneath the stack trace;
13:09:56.056 - cfadminapiSecurityError Exception - in E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc : line 48
The current user is not authorized to invoke this method.
13:09:56.056 - cfadminapiSecurityError Exception - in E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc : line 48
The current user is not authorized to invoke this method.
13:09:56.056 - java.io.FileNotFoundException - in C:/ColdFusion10/cfusion/wwwroot/WEB-INF/exception/errorcontext.cfm : line 44
E:/cf10_final/cfusion/wwwroot/CFIDE/adminapi/accessmanager.cfc (The system cannot find the path specified)
This perspn seems to be having the same issue;
http://forums.adobe.com/message/5051892
and I agree I don't have "E" drive either!I've found a solution to my plight - I don't know if it'll work for you or help you try something that MAY fix it.
I use a common code set which includes the Application.cfc from a CF Mapping - So, in the application.cfc in the actual website I do this:-
<cfinclude template="/UberDirectory/Application.cfc">
Then, in the /UberDirectory/Application.cfc, I was initialising a CFC which checks if the datasource was created for the website. The datasource checking code attempts to log into the Admin API and check & create if necessary the datasource.
This has previously worked without fail for me - But in this instance it failed!! I was doing two things wrong - Firstly, the CFC should only be called in the Application.cfc in the onRequestStart section as the Application had to be initialised first - This is maybe because I've invoked the application.cfc in a "non-standard" manner.
Secondly, once I'd moved the CFC invocation into oNRequestStart I saw the following error:-
The string COOKIE.CFAUTHORIZATION_uber-directory is not a valid ColdFusion variable name.
I had this as the app name .... <cfset this.name = 'uber-directory'>
Changedthe dash to an underscore and I was away and could once again check the datasources
Hope it helps
Martin -
Hi All,
I get the below error when i load my xsjs file in browser,
Error while executing query: [dberror(PreparedStatement.executeQuery): 2048 - column store error: column store error: [2950] user is not authorized : at ptime/session/dist/RemoteQueryExecution.cc:1354]
I am able to execute the same query in HANA SQL editor
Please note that ,No Analytical privileges are applied to the view.
Could you please help solving this issue.
Regards,
Logesh Kumar.Hay,
are you using the same Database user for both SQL Editor and XSJS ?
try the following.
Before executing the query , display it and copy the same from browser and execute in SQL editor.
Put the statement in a try catch block and analyse the exception .
Sreehari -
CProjects - DMS integration:26 036 You are not authorized for with doc.type
Hi Experts,
I need to use cProjects integration with DMS. When I try to create a link to an existing document I find the following error:
26 036 You are not authorized for with document type DRW
My user has authorization to the doc type in the DMS system (linked by RFC to cProjects system). I also have defined the object link in the document type.
Do you know which configuration may be missing?
Thanks in advance!
NeilHi Niel,
How is the RFC connection established between DMS and cProjects system? Do check the authorizations of the RFC user through which the connection is established.
Regards,
Vivek Pandey -
Hi,
I have a reqt where i have to create auth on 2 info object namely location and region. I have done following steps but when i run the query i get "user is not authorized" error
1: Made location authorization relevant and in navigational attribute checked region as authorization relelvant
2: In rsecadmin , created analysis authorization for location and region specifying the value and also provided the 3 other 0TCT* auth.
3: Creater a role with auth object s_rs_auth and assigned the created analysis auth. Also added 2 auth object s_rs_comp with full auth except display and execute and s_rs_comp1 since queries are build by other person
4: assigned this role to the user
5: when i run the query i see the reqd 5 location and 1 region in variable input help but when i execute it gives me "user is not authorized" error.
Please let me know if i miss any step or how can i get the data
Thanks
PrashantHello prashant,
It is possible with Analysis authorization. You're just probably missing something...
First of all realize that in your first step:
1: Made location authorization relevant and in navigational attribute checked region as authorization relelvant
assigning a characteristic as authorizationRelevant and assigning an attribute as authorizathionRelevant are two distinct things.
So please check the authorization created under RSECADMIN that you've included authorization for the characteristic "location" and also for the characteristic "location__region" (and not for "region"!)
If so you do have to check what is missing:
check transaction RSECADMIN -> Analysis -> Execute as... to analyze the system authorization check.
Please test that... It would show the sql code that lacks for authorization, there you can see what characteristic (and values accessed and assigned) are missing.
Diogo. -
Error running Web Services in DEMO : User is not Authorized error
Hi all,
We created a Web Service in our DEMO installation of ERP9 Tools 8.97, Database Local SSE (User - DEMO, Password-DEMO). The Web Service is using JDE Vanilla BSFN - B0100021 - Formatted Address and created through JDeveloper using JDE BSSV tool.
When we are running the Web Service (TestCustomWebService) from JDeveloper (Right Click and Run) it is providng an url (http://moequbal:8988/context-root-JP55HOL/TestCustomWebServiceSoapHttpPort) and when we are pasting the URL in the browser and entering a valid value in the Input field and pressiing the 'Invoke' Button, the following Error pops up -
"<env:Envelope
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ns0="http://oracle.e1.bssv.JP55HOL/types/">
<env:Body>
<env:Fault>
<faultcode>env:Server</faultcode>
<faultstring>Internal Server Error (Caught exception while handling request: oracle.e1.bssvfoundation.exception.E1AuthorizationException: User is not authorized to invoke this published business service)</faultstring>
</env:Fault>
</env:Body>
</env:Envelope>"
Please help.
Thanks,
TufanI can confirm that the lab and BSSV functionaly works in DEMO, I have it working nicely. However, I dont think you can deploy this to a Business Services server. I haven't tried as yet. but you can test all the published BSSV via jDeveloper to verify that you have the correct code. It starts O4CJ and web services locally and brings up an input web page to enter the AN8, the data outputs to XML.
Tip:
1) Make sure that you have an entry in the P00950 security workbench. .
2) make sure that you select the BSSV item (i.e CustomAddressManager) and select 'set to publish' available (this only appears on checkin) when you check the object in. Make sure that you have entries in the F98601, 602, 603 tables in Object Librarian
3) Open P00950 select published bssv, click on the grid line (1st column) in the grid form of W00950X click the searchlight, in W00950U hit find you must see your published BSSV in here.
if not you go back to step 2. You must 'set to publish' for the bssv i.e CustomAddressManager object. Otherwise you will not be able to see in the W00950U form.
4) Repeat for the 2nd column and Make sure you select the 'Secure by Method' this will take you to W00950Y form and you must select your bssv and select the 'Allow Execute' on the bottom of the form.
Once you have these in place then you will not get the 'Not authorized' error messages.
Christopher Koloszar
JDE Senior Business Analyst
Oracle 10g DBA
[email protected]
Edited by: user3025204 on 15-Oct-2009 02:00 -
TNS-01190: The user is not authorized to execute the requested listener com
Hello All,
I just re-installed oracle forms10g and oracle 10g rel 2 on windows vista. The first time i installed both software, i swithched d pc off without turning off the listener on my laptop. When i rebooted, i found that i could not startup both forms 10g and oracle 10g database let alone loggin in. So i re-installed both prodcts. Every time i try to turn off the listener i get the error TNS-01190: The user is not authorized to execute the requested listener com. I have tried several ways to turn this off, but all effort has failed. After reading several literature on this issue, I learnt that if you change the password then any user who knows the password should be able to turn off the listener. But I still get thesame error on trying to add a password. Please can anyone help me by telling me how i can deduce the oracle user that has the administrative right to perform this task.
Pls forgive me for the long text. Thanks again. Pls note I am not an expert so pls be explicit in your explanations.
cheers
ajMany thanks for your reply. It did not allow me to set up the password. It came back with thesame error TNS-01190 The user is not authorized to execute the requested listener command.
I used the change_password command in lsnrctl from Dos. Note that I have created several users eg Oracle, on windows and gave it the Administrator privilege. But still it will not let me stop the listener or create a password for it. Hope anyone has experienced this before? Due to this my system has been on for the past 24hrs, approximately. Many thanks.
Cheers
Aj -
Logged on user is not provisioned for this application
I created(shared services) the one user in the ldap not in native directory, i given provision in such a application to user ...
i try to login that user but the message was displayed " *Logged on user is not provisioned for this application*"
Pls help me
ThanksHi
have you given authority in the application groups for the different profiles for that specific user too?
a common error is giving a user right on the application and omitting to give it in application groups in shared services. -
My iPhone wont let me download some apps that i have payed for on on my account; it says my iPhone is not authorized for this computer, but it is.
No, iTunes never says an iPhone is not authorized.
This is occurring on a computer, correct?
Is the computer authorized for the account the media or apps were acquired with?
Maybe you are looking for
-
Creation of lsmw for updation of position and pers area
Hi friends, I am tried many time to update position and personnel area through lsmw for all employees ,at time of recording its coming.But once compltion of lsmw preparation i am uploaded my inputs through tabfile that time its updating only personne
-
Connecting 6800Ultra VGA (2xMolex) to PSU that has PCI-Express connector
Hi there, I have a PSU that has 2 PCI-express power connectors (ThermalTake 680W). However I'm still using an AGP video card (6800 Ultra) with 2 Molex connectors. I would like to try and connect 1 of the PCI-express connectors from the PSU to the 2 m
-
WARNING JBO-35007 after validator throws msg
Could somebody help me understand what is going on here? I am trying to create a simple creation form on a table that has a field being populated with a db sequence. All seems to work fine until I put a backing bean method validator on one of the fie
-
Open Adobe Reader without Tools menu or Fill & Sign menu
Windows 7 Ultimate SP 1 (x64) Adobe Reader XI 11.0.10 When I open a PDF file, I often get a menu down the right side of the Adobe Reader window. Usually, it is the Tools menu; but if the PDF file is a fill-in form, I get the Fill & Sign Tools menu.
-
How can I reduce my time required for rendering?
Hello, I guess I'm used to an editing environment where I never had to really render in order to review my most recent edit. I do miss that. Right now it seems that even for the most minor of insert edits and the like I am asked to render my media in