View access denied to Subject  on a Rule error: - what does it mean?

I get this red error message when I attempt to validate a field on a form.
I am logged in as mailadmin and I am using his default form. When I edit and save a user, I want to ensure that the mail username is unique.
I wrote a rule which compares the username entered on the form against all present IdM accountIds (queriable attribute 'name'). The rule has a <RunAsUser> section and the rule runs as id 'Configurator'
What is the trick here to allow mailadmin View access?
I want an admin (not Configurator) to be able to list all IdM objects so I can apply the Attribute condition startswith for all present IdM accountIds. I believe it should be possible.
Any hints gratefully accepted

I've had problems with a rule that was unaccessible to end users. here is what I had to change in the rule :
<Rule authType='EndUserRule'
<ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
now it works

Similar Messages

  • View access denied to Subject Reset on Policy

    Hi, there.
    I created a custom workflow so that anonymous user can launch the workflow, then start creating an account.
    During the workflow activity, the first form is asking user to enter the accountID of his/her choice, and the form has a validation logic to catch any conflict with the accountId policy. (for example, the accountID must be at least 4 character long)
    <Rule name='Validate String With AccountId Policy'>
    <Description>returns "true" if validation succeeded. returns error message if validation failed.
    </Description>
    <RuleArgument name='string'/>
    <block trace="true">
    <invoke name='checkStringQualityPolicy' class = 'com.waveset.ui.FormUtil'>
    <rule name='getCallerSession'/>
    <s>AccountId Policy</s>
    <ref>string</ref>
    <null/>
    <null/>
    <s>user</s>
    </invoke>
    </block>
    </Rule>
    The validation rule specified above works well if the form is used by the existing IDM admin user, however, this throws an exception when the form is used by the anonymous user.
    XPRESS <invoke> exception:
    com.waveset.util.WavesetException: Can't call method checkStringQualityPolicy on class com.waveset.ui.FormUtil
    ==> com.waveset.util.WSAuthorizationException: View access denied to Subject Reset on Policy: AccountId Policy.
    It seems like the anonymous user does not have any access right to Policy objects.
    Does anyone know how to get around this problem?
    In worst case, I can create another rule that is checking the string length, but I really wish I can take advantage of the built-in policy checking routine.
    Thanks for reading my post. :)

    Can you use the <RunAsUser> functionality within your rule?
    To use it you add this inside the <Rule>
    <RunAsUser>
    <ObjectRef type='User' name='Configurator'/>
    </RunAsUser>
    More information can be found in IDM FAQ.
    HTH..

  • View access denied to Subject .. on ProvisioningTask: Worflow

    Good Morning!
    I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
    The next is the activity:
    <Activity id='1' name='Get Requester View'>
    <Action id='0' application='com.waveset.session.WorkflowServices'>
    <Argument name='op' value='getView'/>
    <Argument name='type' value='User'/>
    <Argument name='id'>
    <ref>accountId</ref>
    </Argument>
    <Argument name='authorized' value='true'/>
    <Argument name='options'>
    <Map>
    <MapEntry key='noFetch' value='true'/>
    </Map>
    </Argument>
    <Variable name='view'/>
    <Return from='view' to='user'/>
    </Action>
    <Transition to='Is Requestor a Manager'/>
    <WorkflowEditor x='62' y='21'/>
    </Activity>
    Any body can help me? Where is the error?.
    ATTE: Felipe Forero

    Have you added you new workflow to end user tasks ?

  • View access denied to Subject  on TaskDefinition:

    I cloned an existing workflow and just changed the name of the task definition and imported into IDM.
    when I tried to execute it I am getting the following error message
    View access denied to Subject xxxxxon TaskDefinition: DSRS - New Request-new2.
    Any ideas?

    If you are trying to run a workflow in the User Interface, you'll need to add your workflow into the End User Tasks configuration file.
    Best,
    Aidy
    httpp://www.waveset.allidm.com

  • SIM 7.1 Trouble... "View access denied to Subject Configurator"

    I am getting "View Acces denied to Subject Configurator on Configuration: Tree Table Library" in the Admin user interface when navigating to the "Accounts" tab, and the "Resources" tab. Other Configuration objects in the Admin User Interface are also giving me a similar error (same error just a different Configuration object). This started happening after a server restart. The app server is Sun Java System Application Server 9.1_02. Let me know if anyone has come across this before or if more info is needed. Thanks.

    I can't imagine how that would cause such a change. Something else that was done previously must have finally committed when the app server was finally restarted.
    Generally speaking I would really recommend that you upgrade to IDM 7.1.1 and then apply the latest patch, which is 25, for a resulting 7.1.1.25.
    Specifically, that error usually relates to some kind of organizational control issue surrounding Top - but I am not sure off the top of my head.

  • End User Rule View Access Denied

    Hi,
    This has been discussed here, but after trying all possible options it still doesn't seem to be working.
    I am using a rule in a end user task, which throws "View Access Denied to Subject on Rule" error.
    I've set the rule authType to "EndUserRule" and
    <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
    for MemberObjectGroups.
    Still it would keep throwing same error. I even used:
    <RunAsUser>
    <ObjectRef type='User' id='#ID#Configurator' name='Configurator'/>
    </RunAsUser>
    Still not success.....??? Any idea what could be wrong?
    I am using IdM Version 5.5
    -Thanks

    Hmmm...
    Seems to be working now...all I did was a restarted the application server??? Tried the same steps again in a different environment, and worked without a restart. Must be something odd with one particular environment.
    -Thanks though for the reply!
    -\

  • WSAuthorizationException: Create access denied to Subject......

    I am running a Flat File Active Sync process using FlatFileSync Adapter to load users with custom FlatFileActive Sync Form and using a custom pre-poll Create User Workflow process .
    Do anybody give some tips on this exception.
    2007-01-29T15:13:40.988-0500: result from submit (blank means no errors):
    2007-01-29T15:13:40.991-0500: Create access denied to Subject Requestor on User: PaulA.
    ThankYou.
    G

    If it's easy for you to do so, I would recommend installing the latest 8.1.0.x patch (8.1.0.14) and test again. I know there are bugs that relate to this functionality so I would advise you to rule those out first.
    8.1.0.14 can be obtained from My Oracle Support (MOS): http://support.oracle.com under the patches and updates tab.

  • View access denied to Reset on task definition

    Hi,
    We are facing a weird issue. We have an end user task which we trigger directly from a web page of a different application. The URL for task launch is something like this : https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi.
    If we open a new browser window and copy paste this URL and hit enter, it takes to /user/login.jsp. We input the user credentials and submit, it triggers the task.
    But the behavior is different if we do the following:
    1. Open a browser window, access anonmain.jsp (https://mycomany.com/idmcs/user/anonmain.jsp)
    2. It routes to anonlogin.jsp (https://mycomany.com/idmcs/user/anonlogin.jsp) and asks for anononymous user name
    3. We input some junk user name submit. It takes to anonmain.jsp.
    4. Now in the same browser window if we copy past the processLaunch URL (https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi) and click submit, it ideally should route to login.jsp.
    Instead it throws the view access denied error : "View access denied to Reset on process Self Service Password Reset Registration"
    Any idea what the issue might be?
    Thanks,
    kIDMan.

    Hi
    Normally when this happens you need to add the process "Self Service Password Reset Registration" to the End User Tasks list and Anonymous User Tasks list configuration objects.
    I dont know if this will help in your situation.
    -Mocx

  • View Access Denied

    Hi all,
    I created a custom workflow, with form and logic. I link to this custom workflow from the home page in the admin interface. I want to create my own capability for accessing this workflow. I added the capability using the admin UI, then set the the AuthType in the workflow to match this value. However, I still get 'view access denied' errors. Is there something else I need to do here? I did this once before but this time it doesn't seem to be working.... What else do I need to do?
    Thanks!
    Jim

    This is actually only partially working. The workflow I have does a checkout and check in of a user view, and modifies some data. So it is requiring that the user executing the workflow have the Update User capability as well as my custom capability. I don't really want it to have this capability. How can I get around it? I just want them to be able to run my workflow, but not edit a general user view...

  • View access denied to configurator

    hi all,
    I have created a workflow which contains just one activity other then start and end.This activity is calling a form.Whenever i try to run the workflow from end user menu i get the error "view access denied to configurator".However when i add this workflow name to configuration object's end user tasks the error disappears and i am able to execute the workflow.Can some one explain me why is it so?
    tia

    This is because the end user doesn't have enough rights to execute the workflow. You can add your workflow to "EndUserTasks.xml".
    Get the "EndUserTasks.xml" configuration object from debug/session and add your work flow.
    eg:
    <Extension>
    <List>
    <List>
    <String>ur workflow</String>
    <String>ur workflow</String>
    </List>
    </List>
    </Extension>

  • URGENT - ACTIVESYNC - Create access denied to Subject XYZ

    I am running a flatfile activeSync. Adapter stautus indicates .. Executing. When i look at the ActiveSync log file all, I can see all the mapped attributes being pulled in correctly. But no user is created in IDM. The log file shows 'Create Access Denied to Subject Configurator on User:<accountid>.
    I have tried to run activesync using other activesync proxy users with all admin rights and Configurator. Still the same error.
    Why? How do I fix it?
    Thank you in advance for your help.

    when u choose "assign resource" option, you will see this problem.
    Usually the active Sync Polled accounts does not require a resouce name in user objects.
    Hope I am making sence
    --sFred                                                                                                                                                                                                                                                                                                                                                                                           

  • Com.waveset.util.WSAuthorizationException: Modify access denied to Subject

    Can anybody tell me what this exception really means.
    com.waveset.util.WSAuthorizationException: Modify access denied to Subject xyz on User: u1xxx
    Thanks.

    This means that User u1xxx does not have the necessary scope and capabilities to modify user xyz

  • HT201272 I purchase movie, when I try to view it has error massage this requested ULR not found on server. What does this mean and how can I view this movie?

    I purchase a movie on iTunes, when I tried to view I get error massage, requested ULR is not found on server. What does this mean and how can I view this movie.

    familyfromapo wrote:
    The movies are Dexter that we purchased at a store.  He uses the Air and since it does not have the disk option this is how we were hoping he could view his shows.  We had no idea we would be breaking the law....just wanted to put all of the movies we have purchased  on the external solely for the intent of our viewing. 
    Thank you for your time and help.
    Sorry.
    It is illegal to break the encryption to copy a dvd.
    Judge: DVD-copying software is illegal - CNET News
    Judge Rules DVD-Copying Software Is Illegal | Threat Level | Wired ...
    MPAA Says Making Even "One Copy" of a DVD is Illegal

  • HT204053 I have downloaded icloud to my pc, however when i go to sign in to Apple through icloud, i get an error message saying my apple ID is valid but is not an icloud account. What does this mean and how can i update my account so i can access icloud?!

    I have downloaded icloud to my pc, however when i go to sign in to Apple through icloud, i get an error message saying my apple ID is valid but is not an icloud account. What does this mean and how can i update my account so i can access icloud?!

    To use iCloud, you must first set it up with your Apple ID on a device with iOS 5 or a Mac with OS X Lion.

  • When backing up on time machine is get " The back up disk image'/volume/data/eric balnchard's Macbook.sparbundle"could not be accessed (error-1). what does it mean? it's a new time machine

    when backing up on time machine is get " The back up disk image'/volume/data/eric balnchard's Macbook.sparbundle"could not be accessed (error-1). what does it mean? it's a new time machine

    Expect to see this error again due to a bug in Lion (and Mountain Lion).
    See # C17 in Pondini's excellent support document below, or look over to the right of this web page under the heading of More Like This
    http://pondini.org/TM/Troubleshooting.html

Maybe you are looking for

  • Text missing from PDF

    I am a long-time and very experienced user of FrameMaker, Acrobat, and all associated tools. My XP-SP2 system is thoroughly debugged and fully updated. When I create PDFs in Frame, sections of the text come up missing. The document remains correctly

  • Oracle Report vs JSP efficiency and Excel XML in Web Source Questions

    I have used Oracle Reports in the past 6i, but haven't used them in about 4 years. We are now using 9.0.4 reports and I am trying to generate Excel XML from an Oracle report by manipulating the web source of the report. Basically copying and pasting

  • Use Alchemy as Standard AS3 Compiler

    Anyone know of a way to do this? Is there a way to pass an actionscript class to Alchemy and have it compile a swf? Or, pass ABC to Alchemy and have it output a swf? I ask because, then we'd essentially have a new actionscript compiler that can perfo

  • How to create Materialize view using Sysdate

    I need to create a materialize view having SYSDATE in its WHERE clause. Can i any let me know how can i do it. I know there is some documentation on that in ORACLE but i could not find it . Thanks

  • Hiding a filed based on responsibility using oaf personalization

    Hi Experts, I am learning OAF, I have following requirement. I have 'SAL' filed in my page; I want to hide that filed if i access that from responsibility A and should be shown if i access it from responsibility B. Could somebody help me how to achie