User Menus via Roles

Hi All,
We have Netweaver 2004s, Release 10.2.
I have added some new menu roles to our IP roles. These menu roles were designed to allow users to save workbooks into a common area which all could access. This was done via S_USER_AGR, activities 01, 02, 06, 22 (not sure that I need 22). This is only for the user menu role. No other roles.
This works fine and they can save workbooks ok. What I am finding through is that there a few phantom menus appears appearing with different parts of the user menu included in them. It appear to link the two menus together within BEX, but when you view the roles in PFCG in the workbench the menu only appears in the one it is suppose to?
Has anyone else experienced this?
I have tried creating user accounts with variations of the roles and the only way to remove the phantom menu is to remove the user menu. The user menu is created and maintained in production and does not have any authorisations, write permission is given by another role with the permission listed above.
Any help appreciated
rgds
Matt

I din't get your qestion perfectly but
When You create a menu role(or folder Role) and look at it through BEX You will see the menu in the following  hierarchy.
1) Role description (what ever You mentioned in  PFCG)
2) Folder details ( If You have any in the role menu)
3)all the entities.
This might have made You confuse.
Thnks

Similar Messages

  • Can't grant privilege on column to user via role?

    Hi:
    From what I read in the docs I should be able to create a role that has UPDATE privs on a column of a table, and then grant that role to a user, who should be able to update the column of the table. I get "insufficient privileges" when I try that, although it works as advertised if I grant directly to the user. Am I mis-reading the docs?
    Session GAFF:
    CREATE TABLE "GAFF"."FOO2"
       (    "F1" NUMBER,
        "F2" NUMBER,
        "F3" VARCHAR2(50),
        "F4" NUMBER,
         CONSTRAINT "FOO2_PK" PRIMARY KEY ("F1")
    create role foo2_u_f2;
    grant update (f2) on foo2 to foo2_u_f2 ;
    grant select on gaff.foo2 to play ;
    grant foo2_u_f2 to play ;session PLAY:
    update gaff.foo2 set f2 = 1 where f1 = 1ORA-01031: insufficient privileges

    Most likely role foo2_u_f2 is not a default role for user play. Initially, when user is created default role is set to ALL. Later it can be changed to NONE or a set of roles. Login as play and issue:
    select * from session_roles
    /I bet you will not see foo2_u_f2. Then issue:
    select granted_role,default_role from user_role_privs
    /That will give you a list of user play default roles. You can either issue:
    set role foo2_u_f2
    /This will enable foo2_u_f2 role in current session. Or you can login as privileged user and issue ALTER USER DEFUALT ROLE ...,foo2_u_f2.
    SY.

  • Grant privileges to subprogram via role: should not work?

    I bought Selftestsoftware for 1z0-147 for 9i and 10g. Selftestsoftware is endorsed by Oracle, should be high quality.
    But its below sample question and answer seem to be wrong: It says that privilege for subprogram can be granted via role. But from Urman 9i book, all roles are disabled inside stored procedures.
    Did Selftestsoftware made a mistake? Or the question did not mention or assume that the subprogram is based on invoker rights not definer right?
    Question:
    All users in the HR_EMP role have UPDATE privileges on the EMPLOYEE table. You create the UPDATE_EMPLOYEE procedure. HR_EMP users should only be able to update the EMPLOYEE table using this procedure.
    Which two statements should you execute? (Choose two.)
    GRANT UPDATE ON employee TO hr_emp;
    GRANT SELECT ON employee to hr_emp;
    REVOKE UPDATE ON employee FROM hr_emp;
    REVOKE UPDATE ON employee FROM public;
    GRANT EXECUTE ON update_employee TO hr_emp;
    Explanation:
    The two statements you should execute are:
    REVOKE UPDATE ON employee FROM hr_emp;
    GRANT EXECUTE ON update_employee TO hr_emp;
    Unless you are the owner of the PL/SQL construct, you must be granted the EXECUTE object privilege to run it or have the EXECUTE ANY PROCEDURE system privilege. By default, a PL/SQL procedure executes under the security domain of its owner. This means that a user can invoke the procedure without privileges on the procedures underlying objects. To allow HR_EMP users to execute the procedure, you must issue the GRANT EXECUTE ON update_employee TO hr_emp; statement. To prevent HR_EMP users from updating the EMPLOYEE table unless they are using the UPDATE_EMPLOYEE procedure, you must issue the REVOKE UPDATE ON employee FROM hr_emp;
    All of the other options are incorrect because they will not meet the specified requirements.
    Edited by: user13270686 on Jun 7, 2010 9:22 PM

    The answer is correct, and the explanation complete.
    Inside stored procedures roles are disabled. This is because privileges are checked at compile time and roles can change between compile time and execute time.
    However, privilege to execute the procedure can be granted to a role. During execution of the procedure the privileges of the procedure's owner apply.
    This is because you want to have encapsulation: when tables and procedures are in the same schema, you won't have any privilege problem, as the owner of a set of tables will always have privilege (you can not revoke them).
    Sybrand Bakker
    Senior Oracle DBA

  • Setting Application Context Attributes for Enterprise Users Based on Roles

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

    Hello,
    We have an Oracle 11g database with a table containing data from multiple sites (a SiteID field identifies the site for a record). Since application users can have access to different subsets of sites, we would like to use Oracle's Virtual Private Database feature to enforce row-level security on the table.
    I did a successful proof-of-concept with database users. I created a role for each site (example: USER_SITE_A, USER_SITE_B, ...), and then assigned the appropriate site roles to each database user. I then created a package (run via a logon trigger) which set application context attributes for each site. If the current database user has been assigned a role for a given site, then the corresponding attribute named "SITE_PRIVILEGE_SiteID" is set to 'Y'... otherwise, it is set to 'N'. Here is the code which worked to set application context attributes for database users:
    -- For each record in my RoleSitePrivileges table, set
    --   an attribute named 'SITE_PRIVILEGE_<SiteID>'.
    --   If the current user has been assigned a role matching
    --   the value in the 'RoleName' field, set the corresponding
    --   attribute to 'Y'... otherwise, set it to 'N'.
    FOR iPrivRec IN (SELECT RoleName, SiteID
                       FROM RoleSitePrivileges
                       ORDER BY SiteID)
       LOOP
          SELECT COUNT(*)
            INTO roleExists
            FROM dba_role_privs
            WHERE granted_role = UPPER(iPrivRec.RoleName)
              AND grantee = USER;
          IF roleExists > 0 THEN
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'Y');
          ELSE
             DBMS_SESSION.set_context(
                         namespace   => 'my_ctx',
                         attribute   => 'SITE_PRIVILEGE_' || iPrivRec.SiteID,
                         value       => 'N');
          END IF;
       END LOOP;To finish things off, I created a security policy function for the table which returns the following:
    RETURN 'SiteID IN (SELECT TO_NUMBER(SUBSTR(attribute, 15))
                         FROM session_context
                         WHERE attribute LIKE ''SITE_PRIVILEGE_%''
                            AND value = ''Y'')';This setup worked great for database users. I am now working to do a comparable proof-of-concept for enterprise users created in Oracle Internet Directory (OiD). I have Enterprise User Security (EUS) up and running with OiD, global roles created in the database, enterprise roles defined in EUS with global role assignments, and enterprise roles assigned to OiD users. The enterprise users are able to successfully login to the database, and I can see the appropriate global role assignments when I query the session_roles view.
    I tried using the same application context package, logon trigger, and security policy function with the enterprise users that I had used with the database users. Unfortunately, I found that the application context attributes are not being set correctly. As you can see from the code above, the applicaiton context package was referencing the dba_role_privs view. Apparently, although this view is populated for database users, it is not populated for enterprise users.
    I tried changing the application context package to use invoker's rights and to query the session_roles view instead of the dba_role_privs view. Although this package sets the attributes correctly when called manually, it does not work when called from the logon trigger. That was an oops on my part, as I didn't realize initially that a PL/SQL procedure cannot be called with invoker's rights from a trigger.
    So, I am now wondering, is there another view that I could use in code called from a logon trigger to access the roles assigned to the enterprise user ? If not, is there a better way for me to approach this problem? From a maintenance standpoint, I like the idea of controlling site access from the LDAP directory service via role assignments. But, I am open to other ideas as well.
    Thank you!

  • Notification sent to all users in a role when some of them responded in first reminde

    Hi,
    We have a workflow using (voteforresult, standard voting method) sending notifications to users via role. Sends first notification times out sends second one. If some users responded to notification in first email it still sends email to all users second time. Is it not suppose to send email only to
    users who hasn't responded.
    Example: ROLE01 has USER01, USER02, USER03. Sends email to all three, USER01 responds
    after first timeout cancellation is sent to USER02 & USER03 and new notification (second one)
    to all three even though USER01 has responded.
    thanks,
    Sridhar.

    Hi Mark,
    Thanks very much for response.
    Does post notification function also resolves who has responded first time in a role and sends
    notification only to others. Like in the example below
    Example: ROLE01 has USER01, USER02, USER03. Sends email to all three, USER01 responds,
    after first timeout cancellation is sent to USER02 & USER03 and second notification
    to all three even though USER01 has responded. What we are looking for is sending
    second notification only to USER02, USER03 who has not responded first time.
    If there is a standard package or an example which i can look at would of great help.
    thanks again,
    Sridhar.
    See the Workflow Guide on Post Notification Functions:
    You can associate a post-notification function with a notification activity. The Workflow Engine executes the post-notification function in response to an update of the notification's state after the notification is delivered. For example, you can specify a post-notification function that executes when the notification recipient forwards or transfers the notification. The post-notification function could perform back-end logic to either validate the legitimacy of the forward/transfer or execute some other supporting logic.
    If a notification activity times out, the Workflow Engine runs the post-notification function for the activity in TIMEOUT mode. For a Voting activity, the TIMEOUT mode logic should identify how to tally the votes received up until the timeout.
    Hi,
    We have a workflow using (voteforresult, standard voting method) sending notifications to users via role. Sends first notification times out sends second one. If some users responded to notification in first email it still sends email to all users second time. Is it not suppose to send email only to
    users who hasn't responded.
    Example: ROLE01 has USER01, USER02, USER03. Sends email to all three, USER01 responds
    after first timeout cancellation is sent to USER02 & USER03 and new notification (second one)
    to all three even though USER01 has responded.
    thanks,
    Sridhar.

  • Grant execute via role has odd limitations

    Hi,
    I have execute grants (with admin option) on a pl/sql package via a role. When I try to compile a pl/sql procedure that uses functions/procedures from that package, I get error
    PLS-00201: identifier '<packagename>' must be declared
    So the only workaround I see is to grant the execute rights (with grant option) straight to my userid, instead of via a role. That seems very odd.
    Can someone tell me the subtle thoughts behind this??
    Regards, Paul.

    - Definer's rights stored procedures (the default) cannot see privileges granted to a role. Invoker's rights stored procedures, however, can access privileges granted to roles. I don't expect this to help you much in general-- using all invoker's rights stored procedures probably increases your grant management issues-- but it may be an option for some.
    - Among the problems with allowing a definer's rights stored procedure to access privileges granted through a role is that roles can be enabled and disabled at runtime for a particular session and can be password protected. If your session enables a password protected role that has access to procedure A in one session, and you create a procedure B that calls A, Oracle would have no way of knowing whether some other session created with the same user account some time later still remembered the password. You'd have similar problems with non-default roles (or roles that were made non-default) for the owner of a procedure.
    Since there are relatively few schemas in a system that will own procedures and relatively many user accounts that need to execute those procedures, it also makes sense to require DBAs to grant privileges to application user accounts directly since that has the side effect of preventing normal users that can execute a stored procedure from creating (and relying) on stored procedures or views inadvertently. If you've ever come across a system where some random user accidentally had a view promoted in their schema rather than in a shared schema that some critical report relies on (ideally if you see this the day after that random user resigns and the security folks drop his schema) you'd appreciate the rule that normal user grants should be via roles while application user grants should be direct.
    Justin

  • How to restrict login for multiple users having same Role

    Our Web Application is deployed on Tomcat 5.5
    The requirement is ?
    There are roles in application like "operator", "admin"?
    There are multiple users created for each of the above role.
    When one user of "operator" role is logged in, then
    It should not allow to login for another user of "operator" role.
    Also, if user did not log out & application gets close, then
    It should not allow to login for another user of "operator" role.
    Also, it should not allow to login for multiple requests of same user
    (using another browser instance...)
    Is it possible using session object?
    But, using session object, it will create separate objects for different users,
    So here I will not be able to restrict session object creation rolewise.
    Also, how to retrieve these multiple session objects created for different users on server?
    If anyone is having the solution please reply as soon as possible,
    Thank you.

    To tell you the truth, this is a stupid requirement. It must be an extremely fragile application.
    In any case, you will have to write your stuff for that. Probably a filter that on login, logout, and session expiration checks, makes, or removes entries in a DB (using a synchronized resource to prevent race conditions) or possibly even simply in an application context object.

  • Checking if a user has a role (FGAC)

    Hi!
    I am implementing Fine Grained Access Control on a table and in my policy function I do not want to restrict the amount of result data on a select if the current user has a certain role (otherwise I want to).
    My idea was to check USER_ROLE_PRIVS/ROLE_ROLE_PRIVS for the role, but the stored procedure runs with definer-rights, so that won't help.
    Running the procedure with invoker-rights won't help either, since not the current user is the invoker of the policy function but the DB system (user sys?).
    And finally, the definer of the policy function does not have DBA privs, so I can't select the DBA_* views to check if the current user has the role.
    Is there another way to check if the current user that is known inside the policy function by the USER variable has a certain role?
    Thanks for your help!
    Marcus

    Hi Frank,
    thanks for your answer!
    Frank Kulash wrote:
    Policy functions are run by the user who queries or tries to do DML on the table.I don't see that this is happening. Here's my test case:CREATE OR REPLACE FUNCTION CU_is_member_of
    (v_role IN VARCHAR2) RETURN NUMBER
    AUTHID CURRENT_USER
    is
    v_res VARCHAR2(255);
    begin
    SELECT COUNT(*)
    INTO v_res
    FROM
    (SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS
    UNION
    select GRANTED_ROLE from role_role_privs)
    WHERE UPPER(GRANTED_ROLE)=UPPER(v_role);
    RETURN to_number(v_res);
    end;
    CREATE OR REPLACE FUNCTION POLIFUNC_PARTTYPES_WRITE
    (p_schemaname IN varchar2, p_tablename IN varchar2)
    RETURN VARCHAR2
    IS
    BEGIN
    IF USER=p_schemaname
    THEN RETURN '';
    ELSE
    BEGIN
    if SYSWM_TOOL.CU_is_member_of('#ACT#WMT_MANAGE_PARTTYPES')=1
    THEN RETURN ''; -- *****
    ELSE
    BEGIN
    RETURN '1=0';
    END;
    end if;
    end;
    END IF;
    END;
    CALL SYS.DBMS_RLS.ADD_POLICY('SYSWM_TOOL', 'TBL_PARTTYPES', 'POL_PARTTYPES', 'SYSWM_TOOL', 'POLIFUNC_PARTTYPES_WRITE', 'select'); --TODO: SELECT-&gt;UPDATE,INSERT,DELETE
    If the policy function is run by the user who queries, then I would expect that a user who has the role querying table TBL_PARTTYPES would see all entries since he would run into the line marked with *****.
    SQL&gt; select SYSWM_TOOL.CU_is_member_of('#ACT#WMT_MANAGE_PARTTYPES') FROM DUAL;
    SYSWM_TOOL.CU_IS_MEMBER_OF('#ACT#WMT_MANAGE_PARTTYPES')
    1
    SQL&gt; SELECT COUNT(*)
    2 FROM
    3 (SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS
    4 UNION
    5 select GRANTED_ROLE from role_role_privs)
    6 WHERE UPPER(GRANTED_ROLE)=UPPER('#ACT#WMT_MANAGE_PARTTYPES');
    COUNT(*)
    1
    So, the current user has the role and the stored function CU_IS_MEMBER_OF works correctly. However:
    SQL&gt; select count(*) from syswm_tool.tbl_parttypes;
    COUNT(*)
    0
    What am I missing here?
    Marcus

  • Error assigning users to application Role in Obiee 11.1.1.7.0

    Hello
    I installed Obiee 11.1.1.7.0 both on Windows and Linux platform and after that, I successfully set Active Directory integration. I have a problem assigning users to Application Role in EM. When I'm trying to search a user on Display name, the Principal userName returned is blank and the error is : Java Null Pointer Exception
    After that I install a fresh copy of 11.1.6.0. After AD Integration, I was able to assign users to Application Role. I made 11.1.1.7.0 upgrade and same error has come. I think this is a bug because same AD settings on 11.1.1.6.0 works.
    The error:
    ava.lang.NullPointerException
    #{viewScope.emas_pagemodel_security_EditAppRole.searchPrincipal}: java.lang.NullPointerException
         Hide Additional Trace Information
    javax.faces.FacesException: #{viewScope.emas_pagemodel_security_EditAppRole.searchPrincipal}: java.lang.NullPointerException at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118) at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:103) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361) at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96) at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:97) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:1086) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:434) at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:207) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emSDK.license.LicenseFilter.doFilter(LicenseFilter.java:101) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:128) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271) at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177) at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.emas.fwk.MASConnectionFilter.doFilter(MASConnectionFilter.java:41) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:180) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.AuditServletFilter.doFilter(AuditServletFilter.java:179) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.EMRepLoginFilter.doFilter(EMRepLoginFilter.java:203) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.model.targetauth.EMLangPrefFilter.doFilter(EMLangPrefFilter.java:158) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.core.app.perf.PerfFilter.doFilter(PerfFilter.java:141) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.sysman.eml.app.ContextInitFilter.doFilter(ContextInitFilter.java:542) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119) at java.security.AccessController.doPrivileged(Native Method) at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324) at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460) at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103) at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171) at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209) at weblogic.work.ExecuteThread.run(ExecuteThread.java:178) Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:51) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) ... 67 more Caused by: java.lang.NullPointerException at oracle.sysman.emas.model.security.DialogAdminBean$1.compare(DialogAdminBean.java:567) at java.util.Arrays.mergeSort(Arrays.java:1270) at java.util.Arrays.mergeSort(Arrays.java:1281) at java.util.Arrays.sort(Arrays.java:1210) at java.util.Collections.sort(Collections.java:157) at oracle.sysman.emas.model.security.DialogAdminBean.fetchPrincipals(DialogAdminBean.java:563) at oracle.sysman.emas.pagemodel.security.identity.EditAppRolePageModel.searchPrincipal(EditAppRolePageModel.java:496) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.el.parser.AstValue.invoke(Unknown Source) at com.sun.el.MethodExpressionImpl.invoke(Unknown Source) at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46) ... 68 more
    Any suggestion?
    Thx
    Gabriel
    Edited by: Gabbriel on Apr 23, 2013 10:46 PM

    We received from Oracle a work-around of this problem.
    It seems to be related to the virtualize flag set to true. I f you set it to false the problem disappear (it works for me).
    (rif. http://docs.oracle.com/cd/E28280_01/bi.1111/e10543/privileges.htm#BABDCJBH)
    There's an open BUG on this problem: Bug 16808088 - 11G JAVA.LANG.NULLPOINTEREXCEPTION ADDING USER TO ROLE AFTER UPGRADE TO 11.1.1.7.
    Hope this works.
    S.

  • Getting UWL task count for all users in a role.

    Hi.
    I recently posted a question regarding a very similar issue, but I haven't got any response yet. I think my question might have been somewhat poorly phrased, so I will try to do better at explaining what we need.
    We have a number of processes, most of which need to be dynamically assigned to a user when created. The way we want to assign those tasks is by executing a WebService which would receive a role name and get all the users for that role. Then, using the UWL API, it would check how many tasks each of the users have in their UWL, and return the UserID for whoever has the least tasks. I haven't been able to get this to work. I keep getting Logged in users context or session doesn't exist Exception.
    Please, any help on this will be greatly appreciated.
    Currently working with SAP NWDS 7.1 SP05 PAT0005

    Hi,
    Thank you for your response, however, that's not what I need.
    For you and anyone esle who might find this extra info useful...
    I know how to get a user's role(s), and how to get the users in a role.
    I also know how to assign a task to a specific user dynamically.
    Using the UWL API, I know how to get the tasks (or items) in a user's UWL from a WD application, I need to do that from a WebService and using pretty much the same code, with the necessary adjustments, I can't get it to work.
    Furthermore, I'm able to get the UWL tasks for ONE user, that user being the one I log into the application with. For example, if I write code to get the tasks for user testUser1, I need to log in with testUser1 to get it to work, if I log in with any different user or make it a non-authenticated application, it won't work.
    Again, help on this is much needed and will be appreciated.

  • How to add multiple users to a role in ECC 6.0

    How to add multiple users (say 1000) to a role in ECC 6.0?

    Hi
    You can actually add multiple users to a role using transaction SU01. From SU01, use the menu Environment->Mass Changes.
    Here you can manually add the users, select them by address or authorisation data. Once you have your user list, you can then add or remove roles and/or profiles.
    Secondly , You can use SU10 to do mass changes to multiple users including role assignments per logical systems
    Also check the following link:
    http://www.sap-img.com/bc021.htm
    I hope this should do it
    regards
    Chen

  • Report to see user type and roles assigned to users in EP?

    Hi,
    a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
    b) If  the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.

    By default Portal UME comes along with the installation of portal.
    Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories.  But you can also create users in the portal UME.  The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
    You can check them in user administration->identity management and search for the users.
    THere you can see some users will be from UME and some from LDAP.
    User Admin tool is nothing but User Administration only.
    Raghu

  • Performance tab not working in Enterprise Manager for user with dba role

    Database: 11g2
    New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
    1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
    2. Created user dbauser1 with dba role
    3. Log in as dbauser1 in Enterprise Manager
    After click Performance tab, it just went straight to "Database Login" page. No error message.
    Any suggestions or advice will be appreciated.
    piaoma

    Hi Gourav,
    This is the wsdl url:
    http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
    Kind Regards,
    Richard

  • Abap+java abap-user and portal-role PROBLEM?? help

    We have the ABAP+java add-on install.
    The UME is by default ABAP engine.
    From Portal:
    1 I create a portal user, it ALWAYS creates ABAP user in ABAP engine.
    2. I create a portal role, it creates a role in the Portal.
    3. When I assign the user this portal role,
    having worksets and pages,
    I get no pages or worksets shown in the portal page as soon
    user logs in.
    Can you help configure this so that I could see the pages and iviews inside this workset when user logs in.
    Thanks  a lot.

    Hi Mike,
    You did right,
    Just check the Entry Point Property of your iView, page and workset to YES
    there are two radio buttons yes and no select the yes one,
    you can see your pages afte rlogin with the new user.
    Regards
    Abhimanyu L

  • Display default Group space for users in a Role  upon login

    Is it possible to configure the role/group space so that the users in that role will see the group space as default page after logging into webcenter.
    Scenario:
    Group Space : G_SPACE1
    Role: W_ROLE1
    Uers with W_ROLE1: user1, user2, etc
    Requirement:
    Whenever users with role W_ROLE1 login to webcenter(http://..../webcenter ),
    they should see the group space G_SPACE1.
    Note: I am aware that we can access the group space directly with url as http://...../webcenter/spaces/G_SPACE1.
    Thanks-
    Sachin

    Hi,
    Not as far as I know. This is something I had a requirement to do but couldn't find a way.
    Although PS3 added support to configure the landing page/space for a user, it wasn't a very useful addition in my opinion. It only allows the admin to hard-code a single Space as the default for all users and doesn't work with ELs either.

Maybe you are looking for

  • Recovery dvd from Lenovo

    How much does a recovery dvd from Lenovo cost and is it different from dvds made thru One Key Recovery? Alos, How do I reinstall windows on a laptop with RapidDrive? thanks

  • Installing onto system using Marvell 91xx fails on RTM but works in Preview

    Asking the question for the second time. I've been trying to install RTM on a system with a Marvell 9128 and a 9230. The system has a pair of mirrored disks on the 9130 that I'm trying to install to. When the installer starts, it can see the raid dis

  • Android App Keeps Crashing

    The app has been working fine for quite some time and now it just keeps crashing. When I call someone it will ring until they answer or voicemail picks up then it just crashes, I've restarted my phone several times and it still keeps doing this. What

  • How to backup a mounted & encrypted disk image?

    I have read all the posts about creating a sparse bundles. I guess this allows you to backup the disk image as long as it is not mounted? Will it still backup if it is mounted? Will it be usable when I restore it? What if all I want to do is just bac

  • Open files from cd

    Hi I created a projector and I would like to publish it as a shockwave. How can I enable the HTML file to open files on the cd when a button is clicked. What command can I use, the baOpenFile does not work in this format. Any help will be appreciated