View Access Deniew

Similar Messages

• View access denied to Reset on task definition

  Hi,
  We are facing a weird issue. We have an end user task which we trigger directly from a web page of a different application. The URL for task launch is something like this : https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi.
  If we open a new browser window and copy paste this URL and hit enter, it takes to /user/login.jsp. We input the user credentials and submit, it triggers the task.
  But the behavior is different if we do the following:
  1. Open a browser window, access anonmain.jsp (https://mycomany.com/idmcs/user/anonmain.jsp)
  2. It routes to anonlogin.jsp (https://mycomany.com/idmcs/user/anonlogin.jsp) and asks for anononymous user name
  3. We input some junk user name submit. It takes to anonmain.jsp.
  4. Now in the same browser window if we copy past the processLaunch URL (https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi) and click submit, it ideally should route to login.jsp.
  Instead it throws the view access denied error : "View access denied to Reset on process Self Service Password Reset Registration"
  Any idea what the issue might be?
  Thanks,
  kIDMan.

  Hi
  Normally when this happens you need to add the process "Self Service Password Reset Registration" to the End User Tasks list and Anonymous User Tasks list configuration objects.
  I dont know if this will help in your situation.
  -Mocx

• View access denied to Subject Reset on Policy

  Hi, there.
  I created a custom workflow so that anonymous user can launch the workflow, then start creating an account.
  During the workflow activity, the first form is asking user to enter the accountID of his/her choice, and the form has a validation logic to catch any conflict with the accountId policy. (for example, the accountID must be at least 4 character long)
  <Rule name='Validate String With AccountId Policy'>
  <Description>returns "true" if validation succeeded. returns error message if validation failed.
  </Description>
  <RuleArgument name='string'/>
  <block trace="true">
  <invoke name='checkStringQualityPolicy' class = 'com.waveset.ui.FormUtil'>
  <rule name='getCallerSession'/>
  <s>AccountId Policy</s>
  <ref>string</ref>
  <null/>
  <null/>
  <s>user</s>
  </invoke>
  </block>
  </Rule>
  The validation rule specified above works well if the form is used by the existing IDM admin user, however, this throws an exception when the form is used by the anonymous user.
  XPRESS <invoke> exception:
  com.waveset.util.WavesetException: Can't call method checkStringQualityPolicy on class com.waveset.ui.FormUtil
  ==> com.waveset.util.WSAuthorizationException: View access denied to Subject Reset on Policy: AccountId Policy.
  It seems like the anonymous user does not have any access right to Policy objects.
  Does anyone know how to get around this problem?
  In worst case, I can create another rule that is checking the string length, but I really wish I can take advantage of the built-in policy checking routine.
  Thanks for reading my post. :)

  Can you use the <RunAsUser> functionality within your rule?
  To use it you add this inside the <Rule>
  <RunAsUser>
  <ObjectRef type='User' name='Configurator'/>
  </RunAsUser>
  More information can be found in IDM FAQ.
  HTH..

• Cannot open/view/access interactive pdf form on iMac after updating Adobe Reader to 11.0.06.70

  Cannot open/view/access interactive pdf form on iMac after updating Adobe Reader to 11.0.06.70. Please help!

  Here is what it says:
  Please wait...
  If this message is not eventually replaced by the proper contents of the document, your PDF viewer may not be able to display this type of document.
  You can upgrade to the latest version of Adobe Reader for Windows®, Mac, or Linux® by visiting http://www.adobe.com/products/acrobat/readstep2.html.
  For more assistance with Adobe Reader visit http://www.adobe.com/support/products/ acrreader.html.

• End User Rule View Access Denied

  Hi,
  This has been discussed here, but after trying all possible options it still doesn't seem to be working.
  I am using a rule in a end user task, which throws "View Access Denied to Subject on Rule" error.
  I've set the rule authType to "EndUserRule" and
  <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
  for MemberObjectGroups.
  Still it would keep throwing same error. I even used:
  <RunAsUser>
  <ObjectRef type='User' id='#ID#Configurator' name='Configurator'/>
  </RunAsUser>
  Still not success.....??? Any idea what could be wrong?
  I am using IdM Version 5.5
  -Thanks

  Hmmm...
  Seems to be working now...all I did was a restarted the application server??? Tried the same steps again in a different environment, and worked without a restart. Must be something odd with one particular environment.
  -Thanks though for the reply!
  -\

• Hierarchical view access in worklist

  Good Day!
  exists BPM application with roles to grant access to users
  The organisation has Hierarchical structure and user must have access in worklist only to task in his view area
  Is it possible to separate view not only by roles, for example by Hierarchical structure ??
  Ths!

  HI!
  No
  Example
  We have next Organization structure
  1. Company Tester
  1.1Department Socks
  1.1.1 SubDepartment One
  1.1.2 SubDepartment second
  1.1.3 SubDepartment third
  1.2Department T-short
  1.2.1. SubDep T-short One
  1.2.2. SubDep T-short 2
  1.2.3. SubDep T-short 3
  1.3department Smile
  For example employee Emp works in 1.1.1 - and he has view access only to 1.1.1 task in BPM Workslist (of course BPM roles must be granted)
  Next the employee Boss works in 1.1 and he has access to 1.1 + 1,1,1 + 1,1,2 + 1,1,2task in BPM Workslist
  The CEO works at 1. and has access to all tree

• View Access Denied

  Hi all,
  I created a custom workflow, with form and logic. I link to this custom workflow from the home page in the admin interface. I want to create my own capability for accessing this workflow. I added the capability using the admin UI, then set the the AuthType in the workflow to match this value. However, I still get 'view access denied' errors. Is there something else I need to do here? I did this once before but this time it doesn't seem to be working.... What else do I need to do?
  Thanks!
  Jim

  This is actually only partially working. The workflow I have does a checkout and check in of a user view, and modifies some data. So it is requiring that the user executing the workflow have the Update User capability as well as my custom capability. I don't really want it to have this capability. How can I get around it? I just want them to be able to run my workflow, but not edit a general user view...

• View access denied to Subject .. on ProvisioningTask: Worflow

  Good Morning!
  I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
  The next is the activity:
  <Activity id='1' name='Get Requester View'>
  <Action id='0' application='com.waveset.session.WorkflowServices'>
  <Argument name='op' value='getView'/>
  <Argument name='type' value='User'/>
  <Argument name='id'>
  <ref>accountId</ref>
  </Argument>
  <Argument name='authorized' value='true'/>
  <Argument name='options'>
  <Map>
  <MapEntry key='noFetch' value='true'/>
  </Map>
  </Argument>
  <Variable name='view'/>
  <Return from='view' to='user'/>
  </Action>
  <Transition to='Is Requestor a Manager'/>
  <WorkflowEditor x='62' y='21'/>
  </Activity>
  Any body can help me? Where is the error?.
  ATTE: Felipe Forero

  Have you added you new workflow to end user tasks ?

• View access denied to configurator

  hi all,
  I have created a workflow which contains just one activity other then start and end.This activity is calling a form.Whenever i try to run the workflow from end user menu i get the error "view access denied to configurator".However when i add this workflow name to configuration object's end user tasks the error disappears and i am able to execute the workflow.Can some one explain me why is it so?
  tia

  This is because the end user doesn't have enough rights to execute the workflow. You can add your workflow to "EndUserTasks.xml".
  Get the "EndUserTasks.xml" configuration object from debug/session and add your work flow.
  eg:
  <Extension>
  <List>
  <List>
  <String>ur workflow</String>
  <String>ur workflow</String>
  </List>
  </List>
  </Extension>

• SCSM View access control not working

  I have 15 odd each SCSM Incident and SR roles, one for each support group.  Each role contains an AD group, populated with users.  No OTB roles contain any users other than the admin role.
  Each role is granted access to only the views for SR and IM that they need. 
  All the views are stored in one MP, that is one top level folder with all the views inside it.  So when they expand the folder, they should only see the views assigned to the roles of which they are a member.
  However, more and more often, Users are opening their console to find that they see all the views, for all roles.
  Sometime if they shut down the console, and restart it, the views will return to normal.
  But that is starting not to work anymore as well.  And its very odd that it will happen to one user in the role, but not the other users.
  Any ideas?
  SCSM2012 R2
  Joshua Fuente

  Never mind, I did find that they added a group to an OTB role... Removed, Fixed.  Created a new role, and removed the view access....
  Joshua Fuente

• View access on triggers

  Oracle DB version 9.2.0.6.0 on HP Unix - Itanium 11.23
  Is it possible to give view access on triggers to the developers.
  I just want them to view the code.
  I need this so that when the Application Users receive in error due to the triggers created , the developer / funtional
  people should be able to read the trigger code.

  In TOAD the user logins and wants to describe the object (Key used F4) then the entire code is displayed., but in my case say for example - In TOAD after login when i type a trigger name which exists and click f4 it should describe the object..but at this point it gives error "Object not found' , but if i run a select query on that trigger name i get the output.
  Are you using TOAD?
  I hope i am making it clear.
  I want to know why after giving select access i am not able to describe the object..

• View access denied to Subject  on a Rule error: - what does it mean?

  I get this red error message when I attempt to validate a field on a form.
  I am logged in as mailadmin and I am using his default form. When I edit and save a user, I want to ensure that the mail username is unique.
  I wrote a rule which compares the username entered on the form against all present IdM accountIds (queriable attribute 'name'). The rule has a <RunAsUser> section and the rule runs as id 'Configurator'
  What is the trick here to allow mailadmin View access?
  I want an admin (not Configurator) to be able to list all IdM objects so I can apply the Attribute condition startswith for all present IdM accountIds. I believe it should be possible.
  Any hints gratefully accepted

  I've had problems with a rule that was unaccessible to end users. here is what I had to change in the rule :
  <Rule authType='EndUserRule'
  <ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
  now it works

• How can view/access Enterprise manager to other user?

  Hi,
  We have one request regarding accessing grid enterprise manager console.
  I have create user TEST which privilege required to view/access the db console using this user?.

  Error that you have described above happens when test user connect,if this is the scenario....
  what is the output of this command
  SQL>select username,account_status from dba_users where username='TEST';
  If status of test user is lock then unlock it by following command:--
  SQL>alter user test account unlock;
  And if its grid control then see below mentioned link , Search with keyword privileges:---
  http://docs.oracle.com/cd/B16240_01/doc/install.102/e10953/getting_started_with_em.htm

• View access denied to Subject  on TaskDefinition:

  I cloned an existing workflow and just changed the name of the task definition and imported into IDM.
  when I tried to execute it I am getting the following error message
  View access denied to Subject xxxxxon TaskDefinition: DSRS - New Request-new2.
  Any ideas?

  If you are trying to run a workflow in the User Interface, you'll need to add your workflow into the End User Tasks configuration file.
  Best,
  Aidy
  httpp://www.waveset.allidm.com

• How to provide View access for all the projects to an employee?

  We’ve a requirement to provide view access to certain employees to all the projects. They are supposed to have only view access to the project information (HTML Interface). We don’t want to assign these employees to the projects.
  In this regard we created a menu that gives users only view access to project information. We assigned the employee/user the profile option “PA: Cross Project User View” and set the value to “Yes”. However the user is only able to view Project Overview information. The moment I assign the user to a project (non scheduled member), the user is able to view all project information.
  We’ve tried bouncing the apache post assignment of the profile option to the user, but no luck. Is there something else required to be done? Why is the profile option not working? Please advice.
  Note: We don’t want to give the user Project Authority as it by default gives the user rights to modify information in the project.
  Any other suggestions to achieve the said functionality is most welcome.

  For 10.1.4, there are two ways to reference a document :
  1. Path URLs which takes the form :
  http://<host>:<port>/portal/page/<dad>[lang-<language>][ver-<version>]/<page_group_name>/<page_path>/<item_name>
  More info : http://download.oracle.com/docs/cd/B14099_19/portal.1014/b13809/apdxurls.htm#BEIBFDBH
  2. Durable URLs which take the form :
  http://<host>:<port>/portal/page/<dad>[lang-<language>][ver-<version>]/<item_guid>
  The advantage of durable URLs is that they will not change even when the object name changes. The durable URL is available in the properties sheet of the item.
  More info :
  http://download.oracle.com/docs/cd/B14099_19/portal.1014/b13809/pageinfo.htm#BABDGHIB