View Access Problem
HI All,
I have a requirement as explained below
I have a couple of tables availabe in XXDYN schema and i have to grant select and insert access on these tables to different users p16 and p17.
I also have to restrict the users p16 and p17 in the way such that p16 user can enter only p16 data and p17 user can only enter p17 data.
So to acheive the above requirement i followed the below approach.
I created the custom tables in XXDYN schema and granted select and insert permission to p16 and p17 users on these tables.
As i have to restrict the user p16 and p17 from entering erroneous data (i.e p16 user entering p17 user data and p17 user entering p16 user data)
I have created custom views on XXDYN tables with a where condition
for ex:
create or replace view p16.custom_table as
select * from xxdyn.custom_table
where column1_value='P16';
so the above view is created in p16 user schema, so that the p16 can enter only p16 users data and not p17 users data.
The problem is that now both the table and the view are visible to P16 user i.e P16.custom_table and xxdyn.custom_Table.
is there any way to hide the xxdyn.custom_Table from p16 user? so that only p16.custom_table is availabe to p16 user.
Thanks for your inputs.
Regards,
Nagesh Manda.
Hi Nagesh Manda,
Another approach would be deploy both views in the data schema, i.e.,
XXDYN.p15_custom_table
XXDYN.p16_custom_table
And then grant privileges on only the views to p15 and p16
Tom Kyte discusses this in the latest Oracle magazine
http://www.oracle.com/technology/oramag/oracle/08-nov/o68asktom.html
Your scenario looks exactly as the case for "further restrict access to data"
Regards
Peter
Similar Messages
-
View access denied to Subject Reset on Policy
Hi, there.
I created a custom workflow so that anonymous user can launch the workflow, then start creating an account.
During the workflow activity, the first form is asking user to enter the accountID of his/her choice, and the form has a validation logic to catch any conflict with the accountId policy. (for example, the accountID must be at least 4 character long)
<Rule name='Validate String With AccountId Policy'>
<Description>returns "true" if validation succeeded. returns error message if validation failed.
</Description>
<RuleArgument name='string'/>
<block trace="true">
<invoke name='checkStringQualityPolicy' class = 'com.waveset.ui.FormUtil'>
<rule name='getCallerSession'/>
<s>AccountId Policy</s>
<ref>string</ref>
<null/>
<null/>
<s>user</s>
</invoke>
</block>
</Rule>
The validation rule specified above works well if the form is used by the existing IDM admin user, however, this throws an exception when the form is used by the anonymous user.
XPRESS <invoke> exception:
com.waveset.util.WavesetException: Can't call method checkStringQualityPolicy on class com.waveset.ui.FormUtil
==> com.waveset.util.WSAuthorizationException: View access denied to Subject Reset on Policy: AccountId Policy.
It seems like the anonymous user does not have any access right to Policy objects.
Does anyone know how to get around this problem?
In worst case, I can create another rule that is checking the string length, but I really wish I can take advantage of the built-in policy checking routine.
Thanks for reading my post. :)Can you use the <RunAsUser> functionality within your rule?
To use it you add this inside the <Rule>
<RunAsUser>
<ObjectRef type='User' name='Configurator'/>
</RunAsUser>
More information can be found in IDM FAQ.
HTH.. -
JNDI NIS object access problem
JNDI NIS object access problem:
Hi all,
After long fight, i'm now able to connect to my NIS server on my network. the initial context factory is 'com.sun.jndi.nis.NISCtxFactory' and provider url are given and i obtain namingennumeration of items in the NIS directory.
purpose of my project:
using ypcat command we can view the services,passwd,host... objects in unix.
my project requirement is that i shd open this 'services' object in java (using JNDI probably) and shd access its content.
i'm able to obtain the object and the type of this object is 'NISCtxServices' defined in 'com.sun.jndi.nis.NISCtxFactory' package, but all the classes and methods except some are not public and so im not able to use almost all the methods in this class 'NISCtxServices' .
Can any one help me in accessing the information inside this object.
Thanks in advance! and i'm waiting!It's because JFrame does not have a public progessbar variable, only your subclass has that.
//change this
JFrame frame = new ProgressBarDemo();
//to this
ProgressBarDemo frame = new ProgressBarDemo(); -
Hi All,
I am trying to call a workflow from idm user interface (from login.jsp itself). I followed the following steps:
1. Created a link in user/login.jsp
<p class='subtitle'><a href="<%=p.encodeRedirectURL(user/anonProcessLaunch.jsp?id=Sample+Workflow1")%">">Recover Password</A></p>
2. Created a workflow "Sample Workflow1".
3. In Repository I put Authorization Type as "EndUserTask" and Organization as "End User". I also tried with Organization as "All".
4. Registered the workflow in "Anonymous User Tasks".
<Extension>
<List>
<List>
<String>End User Anonymous Enrollment</String>
<String>Request an Identity Manager account.</String>
<String>Sample Workflow1</String>
</List>
</List>
</Extension>
5. Commented
/*if (anonUser == null) {
String url = "user/anonlogin.jsp?next=user/anonProcessLaunch.jsp&id=" +
request.getParameter("id");
LoginHelper.redirect(req, out, url);
return;
in anonProcessLaunch.jsp because before that I was getting a login page after clicking on the link.
But when I click the link, I am getting error "View access denied to Reset on process Sample Workflow1".
Please advice.
Thanks,
Gaurav</a>It got resolved. The problem was with the syntax in Anonymous User Tasks. It should be in the following format:
<Extension>
<List>
<List>
<String>End User Anonymous Enrollment</String>
<String>Request an Identity Manager account.</String>
</List>
<List>
<String>Sample Workflow1</String>
<String>Sample Workflow1</String>
</List>
</List>
</Extension>
Thanks,
Gaurav -
View access denied to Subject on a Rule error: - what does it mean?
I get this red error message when I attempt to validate a field on a form.
I am logged in as mailadmin and I am using his default form. When I edit and save a user, I want to ensure that the mail username is unique.
I wrote a rule which compares the username entered on the form against all present IdM accountIds (queriable attribute 'name'). The rule has a <RunAsUser> section and the rule runs as id 'Configurator'
What is the trick here to allow mailadmin View access?
I want an admin (not Configurator) to be able to list all IdM objects so I can apply the Attribute condition startswith for all present IdM accountIds. I believe it should be possible.
Any hints gratefully acceptedI've had problems with a rule that was unaccessible to end users. here is what I had to change in the rule :
<Rule authType='EndUserRule'
<ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
now it works -
Fix many web access problems with IFS 9.0.1 on Solaris (and other OS's)...
When the installation is done according to the documentation,
web access does not work because the scripts that add entries to
the jserv.properties file add duplicate references to
wrapper.env and wrapper.classpath. Look at the jserv.properties
file below and look at the remarked-out (#) lines of the
duplicate references. For example, look at the references to the
wrapper.env=LD_LIBRARY_PATH
Oracle, please note this bug so the web access problems are
minimized when the product is intstalled.
Thank you,
William T.
# Apache JServ Configuration
File #
################################ W A R N I N G
# Unlike normal Java properties, JServ configurations have some
important
# extensions:
# 1) commas are used as token separators
# 2) multiple definitions of the same key are concatenated in
a
# comma separated list.
# Execution parameters
# The Java Virtual Machine interpreter.
# Syntax: wrapper.bin=[filename] (String)
# Note: specify a full path if the interpreter is not visible in
your path.
wrapper.bin=/d3/Apache/jdk/bin/java
# Arguments passed to Java interpreter (optional)
# Syntax: wrapper.bin.parameters=[parameters] (String)
# Default: NONE
wrapper.bin.parameters=-Xms64m
wrapper.bin.parameters=-Xmx128m
# Apache JServ entry point class (should not be changed)
# Syntax: wrapper.class=[classname] (String)
# Default: "org.apache.jserv.JServ"
# Arguments passed to main class after the properties filename
(not used)
# Syntax: wrapper.class.parameters=[parameters] (String)
# Default: NONE
# Note: currently not used
# PATH environment value passed to the JVM
# Syntax: wrapper.path=[path] (String)
# Default: "/bin:/usr/bin:/usr/local/bin" for Unix systems
# "c:\(windows-dir);c:\(windows-system-dir)" for Win32
systems
# Notes: if more than one line is supplied these will be
concatenated using
# ":" or ";" (depending wether Unix or Win32) characters
# Under Win32 (windows-dir) and (windows-system-dir) will
be
# automatically evaluated to match your system
requirements
# CLASSPATH environment value passed to the JVM
# Syntax: wrapper.classpath=[path] (String)
# Default: NONE (Sun's JDK/JRE already have a default classpath)
# Note: if more than one line is supplied these will be
concatenated using
# ":" or ";" (depending wether Unix or Win32) characters.
JVM must be
# able to find JSDK and JServ classes and any utility
classes used by
# your servlets.
# Note: the classes you want to be automatically reloaded upon
modification
# MUST NOT be in this classpath or the classpath of the
shell
# you start the Apache from.
wrapper.classpath=/d3/Apache/jdk/lib/tools.jar
wrapper.classpath=/d3/Apache/Jserv/libexec/ApacheJServ.jar
wrapper.classpath=/d3/Apache/Jsdk/lib/jsdk.jar
# An environment name with value passed to the JVM
# Syntax: wrapper.env=[name]=[value] (String)
# Default: NONE on Unix Systems
# SystemDrive and SystemRoot with appropriate values on
Win32 systems
wrapper.env=PATH=/d3/bin
# An environment name with value copied from caller to Java
Virtual Machine
# Syntax: wrapper.env.copy=[name] (String)
# Default: NONE
# Uncomment the following lines to set the default locale and
NLS_LANG
# setting based on the environment variables.
# wrapper.env.copy=LANG
# wrapper.env.copy=NLS_LANG
# Copies all environment from caller to Java Virtual Machine
# Syntax: wrapper.env.copyall=true (boolean)
# Default: false
# Protocol used for signal handling
# Syntax: wrapper.protocol=[name] (String)
# Default: ajpv12
# General parameters
# Set the default IP address or hostname Apache JServ binds (or
listens) to.
# If you have a machine with multiple IP addresses, this address
# will be the one used. If you set the value to localhost, it
# will be resolved to the IP address configured for the locahost
# on your system (generally this is 127.0.0.1). This feature is
so
# that one can have multiple instances of Apache JServ listening
on
# the same port number, but different IP addresses on the same
machine.
# Use bindaddress=* only if you know exactly what you are doing
here,
# as it could let JServ wide open to the internet.
# You must understand that JServ has to answer only to Apache,
and should not
# be reachable by nobody but mod_jserv. So localhost is usually a
# good option. The second best choice would be an internal
network address
# (protected by a firewall) if JServ is running on another
machine than Apache.
# Ask your network admin.
# "*" may be used on boxes where some of the clients get
connected using
# "localhost"and others using another IP addr.
# Syntax: bindaddress=[ipaddress] or [localhost] or [*]
# Default: localhost
bindaddress=localhost
# Set the port Apache JServ listens to.
# Syntax: port=[1024,65535] (int)
# Default: 8007
port=8007
# Servlet Zones parameters
# List of servlet zones Apache JServ manages
# Syntax: zones=[servlet zone],[servlet zone]... (Comma
separated list of String)
# Default: NONE
zones=root
# Configuration file for each servlet zone (one per servlet zone)
# Syntax: [servlet zone name as on the zones list].properties=
[full path to configFile]
(String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
root.properties=/d3/Apache/Jserv/etc/zone.properties
# Thread Pool parameters
# Enables or disables the use of the thread pool.
# Syntax: pool=true (boolean)
# Default: false
# WARNING: the pool has not been extensively tested and may
generate
deadlocks.
# For this reason, we advise against using this code in
production environments.
pool=false
# Indicates the number of idle threads that the pool may contain.
# Syntax: pool.capacity=(int)>0
# Default: 10
# NOTE: depending on your system load, this number should be low
for contantly
# loaded servers and should be increased depending on load
bursts.
pool.capacity=10
# Indicates the pool controller that should be used to control
the
# level of the recycled threads.
# Syntax: pool.controller=[full class of controller] (String)
# Default: org.apache.java.recycle.DefaultController
# NOTE: it is safe to leave this unchanged unless special
recycle behavior
# is needed. Look at the "org.apache.java.recycle" package
javadocs for more
# info on other pool controllers and their behavior.
pool.controller=org.apache.java.recycle.DefaultController
# Security parameters
# Enable/disable the execution of org.apache.jserv.JServ as a
servlet.
# This is disabled by default because it may give informations
that should
# be restricted.
# Note that the execution of Apache JServ as a servlet is
filtered by the web
# server modules by default so that both sides should be enabled
to let this
# service work.
# This service is useful for installation and configuration
since it gives
# feedback about the exact configurations Apache JServ is using,
but it should
# be disabled when both installation and configuration processes
are done.
# Syntax: security.selfservlet=true (boolean)
# Default: false
# WARNING: disable this in a production environment since may
give reserved
# information to untrusted users.
security.selfservlet=true
# Set the maximum number of socket connections Apache JServ may
handle
# simultaneously. Make sure your operating environment has
enough file
# descriptors to allow this number.
# Syntax: security.maxConnections=(int)>1
# Default: 50
security.maxConnections=50
# Backlog setting for very fine performance tunning of JServ.
# Unless you are familiar to sockets leave this value commented
out.
# security.backlog=5
# List of IP addresses allowed to connect to Apache JServ. This
is a first
# security filtering to reject possibly unsecure connections and
avoid the
# overhead of connection authentication.
# <warning>
# (please don't use the following one unless you know what you
are doing :
# security.allowedAddresses=DISABLED
# allows connections on JServ'port from entire internet.)
# You do need only to allow YOUR Apache to talk to JServ.
# </warning>
# Default: 127.0.0.1
# Syntax: security.allowedAddresses=[IP address],[IP Address]...
(Comma
separated list of IP addresses)
#security.allowedAddresses=127.0.0.1
# Enable/disable connection authentication.
# NOTE: unauthenticated connections are a little faster since
authentication
# handshake is not performed at connection creation.
# WARNING: authentication is disabled by default because we
believe that
# connection restriction from all IP addresses but localhost
reduces your
# time to get Apache JServ to run. If you allow other addresses
to connect and
# you don't trust it, you should enable authentication to
prevent untrusted
# execution of your servlets. Beware: if authentication is
disabled and the
# IP address is allowed, everyone on that machine can execute
your servlets!
# Syntax: security.authentication=[true,false] (boolean)
# Default: true
security.authentication=false
# Authentication secret key.
# The secret key is passed as a file that must be kept secure
and must
# be exactly the same of those used by clients to authenticate
themselves.
# Syntax: security.secretKey=[secret key path and filename]
(String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
#security.secretKey=./etc/jserv.secret.key
# Length of the randomly generated challenge string (in bytes)
used to
# authenticate connections. 5 is the lowest possible choice to
force a safe
# level of security and reduce connection creation overhead.
# Syntax: security.challengeSize=(int)>5
# Default: 5
#security.challengeSize=5
# Logging parameters
# Enable/disable Apache JServ logging.
# WARNING: logging is a very expensive operation in terms of
performance. You
# should reduced the generated log to a minumum or even disable
it if fast
# execution is an issue. Note that if all log channels (see
below) are
# enabled, the log may become really big since each servlet
request may
# generate many Kb of log. Some log channels are mainly for
debugging
# purposes and should be disabled in a production environment.
# Syntax: log=[true,false] (boolean)
# Default: true
log=true
# Set the name of the trace/log file. To avoid possible
confusion about
# the location of this file, an absolute pathname is recommended.
# This log file is different than the log file that is in the
# jserv.conf file. This is the log file for the Java portion of
Apache
# JServ.
# On Unix, this file must have write permissions by the owner of
the JVM
# process. In other words, if you are running Apache JServ in
manual mode
# and Apache is running as user nobody, then the file must have
its
# permissions set so that that user can write to it.
# Syntax: log.file=[log path and filename] (String)
# Default: NONE
# Note: if the file could not be opened, try using absolute
paths.
log.file=/d3/Apache/Jserv/logs/jserv.log
# Enable the timestamp before the log message
# Syntax: log.timestamp=[true,false] (boolean)
# Default: true
log.timestamp=true
# Use the given string as a data format
# (see java.text.SimpleDateFormat for the list of options)
# Syntax: log.dateFormat=(String)
# Default: [dd/MM/yyyy HH:mm:ss:SSS zz]
log.dateFormat=[dd/MM/yyyy HH:mm:ss:SSS zz]
# Since all the messages logged are processed by a thread
running with
# minimum priority, it's of vital importance that this thread
gets a chance
# to run once in a while. If it doesn't, the log queue overflow
occurs,
# usually resulting in the OutOfMemoryError.
# To prevent this from happening, two parameters are used:
log.queue.maxage
# and log.queue.maxsize. The former defines the maximum time for
the logged
# message to stay in the queue, the latter defines maximum
number of
# messages in the queue.
# If one of those conditions becomes true (age > maxage || size
maxsize),# the log message stating that fact is generated and the log
queue is
# flushed in the separate thread.
# If you ever see such a message, either your system doesn't
live up to its
# expectations or you have a runaway loop (probably, but not
necessarily,
# generating a lot of log messages).
# WARNING: Default values are lousy, you probably want to tweak
them and
# report the results back to the development team.
# Syntax: log.queue.maxage = [milliseconds]
# Default: 5000
log.queue.maxage = 5000
# Syntax: log.queue.maxsize = [integer]
# Default: 1000
log.queue.maxsize = 1000
# Enable/disable logging the channel name
# Default: false
# log.channel=false
# Enable/disable channels, each logging different actions.
# Syntax: log.channel.[channel name]=[true,false] (boolean)
# Default: false
# Info channel - quite a lot of informational messages
# hopefully you don't need them under normal circumstances
# log.channel.info=true
# Servlets exception, i.e. exception caught during
# servlet.service() processing are monitored here
# you probably want to have this one switched on
log.channel.servletException=true
# JServ exception, caught internally in jserv
# we suggest to leave it on
log.channel.jservException=true
# Warning channel, it catches all the important
# messages that don't cause JServ to stop, leave it on
log.channel.warning=true
# Servlet log
# All messages logged by servlets. Probably you want
# this one to be switched on.
log.channel.servletLog=true
# Critical errors
# Messages produced by critical events causing jserv to stop
log.channel.critical=true
# Debug channel
# Only for internal debugging purposes
# log.channel.debug=true
#wrapper.classpath=/d3/ord/jlib/ordim.zip
#wrapper.classpath=/d3/ord/jlib/ordhttp.zip
# Oracle XSQL Servlet
wrapper.classpath=/d3/lib/oraclexsql.jar
# Oracle JDBC
wrapper.classpath=/d3/jdbc/lib/classes12.zip
# Oracle XML Parser V2 (with XSLT Engine)
wrapper.classpath=/d3/lib/xmlparserv2.jar
# Oracle XML SQL Components for Java
wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
# XSQLConfig.xml File location
wrapper.classpath=/d3/xdk/admin
# Oracle BC4J
wrapper.classpath=/d3/ord/jlib/ordim.zip
wrapper.classpath=/d3/ord/jlib/ordvir.zip
wrapper.classpath=/d3/ord/jlib/ordhttp.zip
wrapper.classpath=/d3/BC4J/lib/jndi.jar
wrapper.classpath=/d3/BC4J/lib/jbomt.zip
wrapper.classpath=/d3/BC4J/lib/javax_ejb.zip
wrapper.classpath=/d3/BC4J/lib/jdev-rt.jar
wrapper.classpath=/d3/BC4J/lib/jbohtml.zip
wrapper.classpath=/d3/BC4J/lib/jboremote.zip
wrapper.classpath=/d3/BC4J/lib/jdev-cm.jar
wrapper.classpath=/d3/BC4J/lib/jbodomorcl.zip
wrapper.classpath=/d3/BC4J/lib/jboimdomains.zip
wrapper.classpath=/d3/BC4J/lib/collections.jar
wrapper.classpath=/d3/Apache/Apache/htdocs/onlineorders_html
#wrapper.classpath=/d3/Apache/Apache/htdocs/OnlineOrders_html/Onl
ineOrders.jar
# The following classpath entries are necessary for EJBs to run
in IAS or DB when
present
wrapper.classpath=/d3/lib/aurora_client.jar
wrapper.classpath=/d3/lib/vbjorb.jar
wrapper.classpath=/d3/lib/vbjapp.jar
# Oracle Servlet
wrapper.classpath=/d3/lib/servlet.jar
# Oracle Java Server Pages
wrapper.classpath=/d3/jsp/lib/ojsp.jar
# Oracle Util
wrapper.classpath=/d3/jsp/lib/ojsputil.jar
# Oracle Java SQL
wrapper.classpath=/d3/sqlj/lib/translator.zip
# Oracle JDBC
#wrapper.classpath=/d3/jdbc/lib/classes12.zip
# SQLJ runtime
wrapper.classpath=/d3/sqlj/lib/runtime12.zip
# Oracle Messaging
wrapper.classpath=/d3/rdbms/jlib/aqapi.jar
wrapper.classpath=/d3/rdbms/jlib/jmscommon.jar
# OJSP environment settings
#wrapper.env=ORACLE_HOME=/d3
# The next line should be modified to reflect the value of the
SID for your
webserver.
#wrapper.env=ORACLE_SID=cmpdb
#wrapper.env=LD_LIBRARY_PATH=/d3/lib
## Enable the flag below if you are using jdk 1.2.2_05a or above
#wrapper.env=JAVA_COMPILER=NONE
# Advanced Queuing - AQXML
wrapper.classpath=/d3/rdbms/jlib/aqxml.jar
#wrapper.classpath=/d3/rdbms/jlib/xsu12.jar
#wrapper.classpath=/d3/lib/xmlparserv2.jar
wrapper.classpath=/d3/lib/xschema.jar
#wrapper.classpath=/d3/jlib/jndi.jar
wrapper.classpath=/d3/jlib/jta.jar
oemreporting.properties=/d3/Apache/Jserv/oemreporting/oemreportin
g.properties
zones = root, oemreporting
wrapper.classpath=/d3/jlib/share-opt-1_1_9.zip
wrapper.classpath=/d3/jlib/caboshare-opt-1_0_3.zip
wrapper.classpath=/d3/jlib/marlin-opt-1_0_7.zip
wrapper.classpath=/d3/jlib/tecate-opt-1_0_4.zip
wrapper.classpath=/d3/jlib/ocelot-opt-1_0_2.zip
wrapper.classpath=/d3/jlib/regexp.jar
wrapper.classpath=/d3/jlib/sax2.jar
#wrapper.classpath=/d3/jlib/servlet.jar
wrapper.bin.parameters= -DORACLE_HOME=/d3
#wrapper.env=LD_LIBRARY_PATH=/d3/lib32
wrapper.env.copy=DISPLAY
wrapper.bin.parameters=-DORACLE_HOME=/d3
#wrapper.classpath=/d3/lib/vbjorb.jar
#wrapper.classpath=/d3/lib/vbjapp.jar
wrapper.classpath=/d3/classes/classesFromIDLVisi
wrapper.classpath=/d3/jlib/swingall-1_1_1.jar
wrapper.classpath=/d3/jlib/ewtcompat3_3_15.jar
wrapper.classpath=/d3/jlib/ewt-3_3_18.jar
wrapper.classpath=/d3/jlib/share-1_1_9.jar
wrapper.classpath=/d3/jlib/help-3_2_9.jar
wrapper.classpath=/d3/jlib/ice-5_06_3.jar
wrapper.classpath=/d3/jdbc/lib/classes111.zip
wrapper.classpath=/d3/classes
wrapper.classpath=/d3/jlib/oembase-9_0_1.jar
wrapper.classpath=/d3/jlib/oemtools-9_0_1.jar
wrapper.classpath=/d3/jlib
wrapper.classpath=/d3/jlib/javax-ssl-1_1.jar
wrapper.classpath=/d3/jlib/jssl-1_1.jar
wrapper.classpath=/d3/jlib/netcfg.jar
wrapper.classpath=/d3/jlib/dbui-2_1_2.jar
#wrapper.classpath=/d3/lib/aurora_client.jar
#wrapper.classpath=/d3/lib/xmlparserv2.jar
wrapper.classpath=/d3/network/jlib/netmgrm.jar
wrapper.classpath=/d3/network/jlib/netmgr.jar
wrapper.classpath=/d3/network/tools
wrapper.classpath=/d3/jlib/kodiak-1_2_1.jar
wrapper.classpath=/d3/sysman/jlib/netchart360.jar
wrapper.classpath=/d3/jlib/pfjbean.jar
wrapper.env=SHLIB_PATH=/d3/lib32
wrapper.env=LIBPATH=/d3/lib32
wrapper.classpath=/d3/ultrasearch/lib/isearch_midtier.jar
wrapper.classpath=/d3/ultrasearch/lib/isearch_query.jar
wrapper.classpath=/d3/ultrasearch/lib/jgl3.1.0.jar
wrapper.classpath=/d3/lib/mail.jar
wrapper.classpath=/d3/lib/activation.jar
wrapper.classpath=/d3/ultrasearch/jsp/admin/config
# Additions for iFS
## DO NOT REMOVE OR ALTER THE FOLLOWING LINE ....
# iFS true
# Uncomment if you want to use the same Jserv as other
applications
wrapper.classpath=/d3/9ifs/custom_classes
wrapper.classpath=/d3/9ifs/settings
wrapper.classpath=/d3/9ifs/lib/adk.jar
wrapper.classpath=/d3/9ifs/lib/email.jar
wrapper.classpath=/d3/9ifs/lib/http.jar
wrapper.classpath=/d3/9ifs/lib/release.jar
wrapper.classpath=/d3/9ifs/lib/repos.jar
wrapper.classpath=/d3/9ifs/lib/utils.jar
wrapper.classpath=/d3/9ifs/lib/webui.jar
wrapper.classpath=/d3/9ifs/lib/provider.jar
wrapper.classpath=/d3/jlib/javax-ssl-1_2.jar
wrapper.classpath=/d3/jlib/jssl-1_2.jar
wrapper.env=ORACLE_HOME=/d3
wrapper.env=ORACLE_SID=cmpdb
wrapper.env=LD_LIBRARY_PATH=/d3/lib:/d3/ctx/lib:/d3/lib32
wrapper.env=NLS_LANG=.US7ASCII
## Additions for the iFS zone
# Uncomment if you want to use the same Jserv as other
applications
zones=ifs
ifs.properties=/d3/Apache/Jserv/etc/ifs.properties
# End iFS sectionAbout your home page; Manually set up Firefox with the window(s) and tab(s)
the way you want them to be. Then;
'''''Firefox Options > General > Homepage'''''.
Press the button labeled ''''Use Current'''.'
=====================================
Open a new window or tab. In the address bar, type '''''about:config'''''.
If a warning screen comes up, press the '''''Be Careful''''' button.
This is where Firefox finds information it needs to run.
At the top of the screen is a search bar. Enter '''''browser.newtab.url'''''
and press enter. '''''browser.newtab.url'''''
tells Firefox what to show when a new tab is opened.
If you want, right click and select '''''Modify'''''. You can change the
setting to;<BR><BR>about:home (Firefox default home page),<BR>
about:newtab (shows the sites most visited),<BR>
about:blank (a blank page),<BR>
or you can enter any web page you want.<BR><BR>
The same instructions are used for the new window setting, listed as
'''''browser.startup.homepage'''''. -
View access denied to Reset on task definition
Hi,
We are facing a weird issue. We have an end user task which we trigger directly from a web page of a different application. The URL for task launch is something like this : https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi.
If we open a new browser window and copy paste this URL and hit enter, it takes to /user/login.jsp. We input the user credentials and submit, it triggers the task.
But the behavior is different if we do the following:
1. Open a browser window, access anonmain.jsp (https://mycomany.com/idmcs/user/anonmain.jsp)
2. It routes to anonlogin.jsp (https://mycomany.com/idmcs/user/anonlogin.jsp) and asks for anononymous user name
3. We input some junk user name submit. It takes to anonmain.jsp.
4. Now in the same browser window if we copy past the processLaunch URL (https://mycomany.com/idmcs/user/processLaunch.jsp?id=Self+Service+Password+Reset+Registration&op_appid=csi) and click submit, it ideally should route to login.jsp.
Instead it throws the view access denied error : "View access denied to Reset on process Self Service Password Reset Registration"
Any idea what the issue might be?
Thanks,
kIDMan.Hi
Normally when this happens you need to add the process "Self Service Password Reset Registration" to the End User Tasks list and Anonymous User Tasks list configuration objects.
I dont know if this will help in your situation.
-Mocx -
Cannot open/view/access interactive pdf form on iMac after updating Adobe Reader to 11.0.06.70
Cannot open/view/access interactive pdf form on iMac after updating Adobe Reader to 11.0.06.70. Please help!
Here is what it says:
Please wait...
If this message is not eventually replaced by the proper contents of the document, your PDF viewer may not be able to display this type of document.
You can upgrade to the latest version of Adobe Reader for Windows®, Mac, or Linux® by visiting http://www.adobe.com/products/acrobat/readstep2.html.
For more assistance with Adobe Reader visit http://www.adobe.com/support/products/ acrreader.html. -
End User Rule View Access Denied
Hi,
This has been discussed here, but after trying all possible options it still doesn't seem to be working.
I am using a rule in a end user task, which throws "View Access Denied to Subject on Rule" error.
I've set the rule authType to "EndUserRule" and
<ObjectRef type='ObjectGroup' id='#ID#All' name='All'/>
for MemberObjectGroups.
Still it would keep throwing same error. I even used:
<RunAsUser>
<ObjectRef type='User' id='#ID#Configurator' name='Configurator'/>
</RunAsUser>
Still not success.....??? Any idea what could be wrong?
I am using IdM Version 5.5
-ThanksHmmm...
Seems to be working now...all I did was a restarted the application server??? Tried the same steps again in a different environment, and worked without a restart. Must be something odd with one particular environment.
-Thanks though for the reply!
-\ -
Hierarchical view access in worklist
Good Day!
exists BPM application with roles to grant access to users
The organisation has Hierarchical structure and user must have access in worklist only to task in his view area
Is it possible to separate view not only by roles, for example by Hierarchical structure ??
Ths!HI!
No
Example
We have next Organization structure
1. Company Tester
1.1Department Socks
1.1.1 SubDepartment One
1.1.2 SubDepartment second
1.1.3 SubDepartment third
1.2Department T-short
1.2.1. SubDep T-short One
1.2.2. SubDep T-short 2
1.2.3. SubDep T-short 3
1.3department Smile
For example employee Emp works in 1.1.1 - and he has view access only to 1.1.1 task in BPM Workslist (of course BPM roles must be granted)
Next the employee Boss works in 1.1 and he has access to 1.1 + 1,1,1 + 1,1,2 + 1,1,2task in BPM Workslist
The CEO works at 1. and has access to all tree -
Fact sheet access problem in EP7.0
Hi,
We have moved our content from EP6.0 System to EP7.0 System. We are on CRM 4.0 AND BW3.5. After we installed the Business package on EP7.0 System we moved the content. Every thing is working fine except Fact Sheet. We are facing access problem for Fact sheet. I have checked all the items which are given for Default services even then we are getting authorization problem. Kindly guide me in this regard.
Thanks
NaveenResolved
-
RE: Database (SQL-SERVER) access problem
Have you used NT Control Panel/ ODBC to set up the ODBC data source name?
You have to define the data source (database) SecTrade as well as the
driver to be used (SQL Server). This can be done by selecting the Add
button on the Data Sources screen in Control Panel/ ODBC.
Hope this helps.
Sanjay Murthi
Indus Consultancy Services, Inc.
From: Administrator
Sent: Wednesday, August 13, 1997 6:49 PM
To: "'[email protected]'"
Cc: murthis; thyagarajm; thyagarm; vasasm; chandraa
Subject: Database (SQL-SERVER) access problems
MCI Mail date/time: Mon Aug 11, 1997 10:28 pm EST
Source date/time: Mon, 11 Aug 1997 19:25:34 +0530
Hi Forte-Users,
We have a setup a Sql-Server database on a NT server. In the Forte
EConsole,
we have
setup a ODBC-type Resource for this server, named SERVER2_ODBC. This NT
server
is configured as a Client Node in the active Forte environment. Note
that
Server2 is not
the Forte server, but has Forte installed. There is another NT server
which
acts as the
Forte server. NODEMGR and Sql-Server are running on SERVER2.
In our application, we have a DBSession SO with the database source
as SERVER2_ODBC, Userid=ForteInstructor. When running the application,
Forte
throws an exception, the gist of it being as follows:
USER ERROR: (This error was converted)
Failed to connect to database: SecTrade, username: ForteInstructor.
[Microsoft][ODBC Driver Manager] Data source name not found and no
default
driver specified
We have tried
1) Installing ODBC drivers on the NT server (Server2)
2) Accessing local databases from Forte clients which works fine
3) Accessing the Sql-Server database through Isqlw (Sql-Server Client
s/w) -
It works.
Could someone suggest what we should try to get rid of this problem?
Thanks for any help,
Kishore PuvvadaRajsarawat wrote:
Dear sir/mam,
I have installed sql server 2005 (server) and on another computer installed client. It installed successfully but on client side it does not seen, from where should i start it. so please send me procedure to install sql server 2005 on both side(client and server).You have to turn on network (external to your computer) access.
Under programs->sql server look for "surface" -
Hi all,
I created a custom workflow, with form and logic. I link to this custom workflow from the home page in the admin interface. I want to create my own capability for accessing this workflow. I added the capability using the admin UI, then set the the AuthType in the workflow to match this value. However, I still get 'view access denied' errors. Is there something else I need to do here? I did this once before but this time it doesn't seem to be working.... What else do I need to do?
Thanks!
JimThis is actually only partially working. The workflow I have does a checkout and check in of a user view, and modifies some data. So it is requiring that the user executing the workflow have the Update User capability as well as my custom capability. I don't really want it to have this capability. How can I get around it? I just want them to be able to run my workflow, but not edit a general user view...
-
View access denied to Subject .. on ProvisioningTask: Worflow
Good Morning!
I am using Identity Manager 8.1, I am creating a Workflow for end users but I have the next error when I am ejecuting the work flow, "View access denied to Subject .. on ProvisioningTask: Worflow".
The next is the activity:
<Activity id='1' name='Get Requester View'>
<Action id='0' application='com.waveset.session.WorkflowServices'>
<Argument name='op' value='getView'/>
<Argument name='type' value='User'/>
<Argument name='id'>
<ref>accountId</ref>
</Argument>
<Argument name='authorized' value='true'/>
<Argument name='options'>
<Map>
<MapEntry key='noFetch' value='true'/>
</Map>
</Argument>
<Variable name='view'/>
<Return from='view' to='user'/>
</Action>
<Transition to='Is Requestor a Manager'/>
<WorkflowEditor x='62' y='21'/>
</Activity>
Any body can help me? Where is the error?.
ATTE: Felipe ForeroHave you added you new workflow to end user tasks ?
-
View access denied to configurator
hi all,
I have created a workflow which contains just one activity other then start and end.This activity is calling a form.Whenever i try to run the workflow from end user menu i get the error "view access denied to configurator".However when i add this workflow name to configuration object's end user tasks the error disappears and i am able to execute the workflow.Can some one explain me why is it so?
tiaThis is because the end user doesn't have enough rights to execute the workflow. You can add your workflow to "EndUserTasks.xml".
Get the "EndUserTasks.xml" configuration object from debug/session and add your work flow.
eg:
<Extension>
<List>
<List>
<String>ur workflow</String>
<String>ur workflow</String>
</List>
</List>
</Extension>
Maybe you are looking for
-
I have a Windows Vista computer. When I am in iTunes store and try to purchase music I get the error 42408
-
Upgrade Oracle 9i on Solaris to Oracle 10g (Oracle 10.2.0.1) Red Hat Linux
At present we are maintaining a J2EE application running on a UNIX Platform with the following environment configuration: o Web Server (Apache 2.0.52) o Application Server (WebLogic Server 9.0) o Database Server (Oracle 9i RAC) The current requiremen
-
Regarding status in Work In Progress ALV Format Report.
Dear All, I am creating ALV Report for Work In Progress for PP-module. I want to display Object Status i.e. field STAT table JEST so for doing this I am Bringing objnr (object number) from table AUFK in my ITAB (it_so) by comparing AUFK-AUFNR with my
-
Uninstalling AIM from MBP and task bar!
Hi I don't know where else to post this. I'm working on my MacBook Pro and all of the sudden I get a pop-up message from AIM (AOL Instant Messenger) that I'm logged into my account from more than 1 computer. Now that's really funny because I never lo
-
Moving Still Graphics in Motion Template: Drop Zones
I am new to this and it is probably a simple answer. I have a portrait JPG photo to add to a drop zone in a template. How do I adjust the photo only so that it will not cut off the top of the photo. I am using fit in the image properties. It works wi