Warning: EJB referenced an unknown security role?

Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to access the
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>

You should not reference the role link in you code.The role link is used to
connect the role name in you code to the
role name in your deployment descripment. Only if this link is set up as you
have done below, will the isCallerInRole return true.
- Sri
Alf wrote:
I reviewed older postings and found indications of what appears to be a bug
in WL: that isCallerInRole always return false for role names but returns
correct values if the role names are linked with a reference in
<security-role-ref>. So, according to the DTD at
http://edocs.bea.com/wle/dd/ddref.htm#1038338 I added the following in
ejb-jar.xml:
<ejb-jar>
<enterprise-beans>
<session>
<security-role-ref>
<role-name>ConspiratorRole</role-name>
<role-link>ConspiratorRoleLink</role-link>
</security-role-ref>
and added 2 lines in the bean to test the both the role and the reference
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
if (ctx.isCallerInRole("ConspiratorRoleLink"))
System.out.println ("the user is in the ConspiratorRoleLink
role");
The unexpected result was a NullPointerException at
weblogic.ejb.internal.BaseEJBContext.isCallerInRole(BaseEJBContext.java:665)
Can anyone shed some light? Thanks.
"Alf" <alf> wrote in message news:[email protected]...
Hello,
I get a weird error from WL 5.1 (SP6), using the default WLPropertyRealm.
In the EJB I have the following check:
if (ctx.isCallerInRole("ConspiratorRole"))
System.out.println ("the user is in the ConspiratorRole role");
At run time, I get the following warning in the WL window:
Fri Nov 10 12:56:58 EST 2000:
<EJB JAR deployment D:/weblogic/myserver/myBean.jar>
Warning: EJB "unu" referenced an unknown security role
However:
- the role IS defined (see ejb-jar.xml)
- has an associated principal (see weblogic-ejb-jar.xml)
- there is a principal defined in weblogic.properties
- this principal (and this role) is actually used in practice to accessthe
bean. Which works.
So why the warning?
Any hint appreciated,
Thanks.
ejb-jar.xml:
<assembly-descriptor>
<security-role>
<description>description of the ConspiratorRole</description>
<role-name>ConspiratorRole</role-name>
</security-role>
</assembly-descriptor>
weblogic-ejb-jar.xml:
<weblogic-ejb-jar>
<security-role-assignment>
<role-name>ConspiratorRole</role-name>
<principal-name>Conspirator</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>

Similar Messages

Ejb security role & bea implementation

A role has been defined in ejb-jar as following:
<security-role>
<description><![CDATA[Deployer User]]></description>
<role-name>deployer</role-name>
</security-role>
<method-permission>
<description><![CDATA[Deployer Method Permission]]></description>
<role-name>deployer</role-name>
<method>
<description><![CDATA[All method for CCPStateBean]]></description>
<ejb-name>CCPStateBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
If the principal is included in the weblogic-ejb-jar as below, and the jndi lookup
includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>jzhu</principal-name>
</security-role-assignment>
The problem comes when the principal is not included as above weblogic-ejb-jar
instead a role "deployer" is defined in WLS's, The user ("jzhu") is defined in
the deployer group. And the deployer group belongs to deployer role. The defaultRoleMapper
is enabled. In this scenario, the access failed due to insufficient permission.
Can ejb-jar's role relates to WLS's role. Please advise. THX.
-John

Thanks for the information. It works. I wish bea monitor this newsgroup since this
is not in their document. By the way, the following links clarifies the relationship
between DD and admin console security configuration.
http://edocs.bea.com/wls/docs70/security/cli_apps.html#1090734
-John
"Arjuna Chala" <[email protected]> wrote:
I don't know about "defaultRoleMapper", but this works
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>deployer</principal-name>
</security-role-assignment>
where <role-name> maps to a ejb-jar role and <principal-name> maps to
a
weblogic group (in this case).
"john" <[email protected]> wrote in message
news:[email protected]..
A role has been defined in ejb-jar as following:
<security-role>
<description><![CDATA[Deployer User]]></description>
<role-name>deployer</role-name>
</security-role>
<method-permission>
<description><![CDATA[Deployer Method Permission]]></description>
<role-name>deployer</role-name>
<method>
<description><![CDATA[All method for CCPStateBean]]></description>
<ejb-name>CCPStateBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
If the principal is included in the weblogic-ejb-jar as below, andthe
jndi lookup
includes the SECURITY_PRINCIPAL (e.g., jzhu), the code works fine.
<security-role-assignment>
<role-name>deployer</role-name>
<principal-name>jzhu</principal-name>
</security-role-assignment>
The problem comes when the principal is not included as aboveweblogic-ejb-jar
instead a role "deployer" is defined in WLS's, The user ("jzhu") isdefined in
the deployer group. And the deployer group belongs to deployer role.The
defaultRoleMapper
is enabled. In this scenario, the access failed due to insufficientpermission.
Can ejb-jar's role relates to WLS's role. Please advise. THX.
-John

Problem mapping LoginModule roles to ejb security roles

I have "successfully" managed to implement the DBSystemLoginModule. When I run my application I successfully authenticate to the database, the login module successfully retrieves the users roles from the database and adds them to the subject:
PassiveCallbackHandler cbh = new PassiveCallbackHandler(username, password);
LoginContext lc = new LoginContext("current-workspace-app", cbh);
lc.login();
I then perform a lookup on a bean using the same user:
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "oracle.j2ee.rmi.RMIInitialContextFactory");
env.put("java.naming.security.principal",username);
env.put("java.naming.security.credentials",password);
env.put("java.naming.provider.url", "ormi://localhost:23891/current-workspace-app");
Context ic = new InitialContext(env);
final SessionEJBHome sessionEJBHome =
(SessionEJBHome) PortableRemoteObject.narrow( ic.lookup( "SessionEJB" ), SessionEJBHome.class );
Finally, I create an instance of the bean and call a method of this bean.
SessionEJB sessionEJB;
sessionEJB = sessionEJBHome.create( );
sessionEJB.testMe( );
I am expecting (hoping) that the roles retrieved from the database by the login module may be used to authenticate the ejb methods. i.e. if (in ejb-jar.xml) the method "testMe" has a method-permission with role-name of "ABC" then this method may only be accessed if the user is a member of the "ABC" role retrieved from the database by the login module. However I get the message:
"username is not allowed to call this EJB method"
When I add a security-role-mapping in orion-ejb-jar.xml mapping the role "ABC" to the group "ABC" (and impliesALL="true") then the method is called successfully. However, if I add a security-role-mapping mapping the role "DEF" to the group "DEF" (which the user is not a member of) the ejb method is (wrongly) called successfully (with implies all="false" the method always fails). In other words there seems to be no mapping of the roles retrieved by the login module to the ejb security roles.
Can anyone please enlighten me on how I can achieve the mapping of the ejb security roles to the roles obtained from the login module.
Thanks
PS I have this problem with JDeveloper 10.1.3 (Developer Preview 10.1.3.0.2.223 and Early Access 10.1.3.0.3.3412)

Hi Sebastian,
yes, it is possible to do such mapping. And here how it works:
1. define security roles in the ejb-jar.xml within the <security-role>. For example:
<security-role>
 <role-name>test</role-name>
</security-role>
2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
<security-permission>
 <security-role-map>
 <role-name>test</role-name>
 <server-role-name>myUMErole</server-role-name>
 </security-role-map>
</security-permission>
the myUMErole must be defined in the UME!
Does this answer your question?

Configure security-role and method permission for EJB 3.0 using Jdev 11g

The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
For example,
<assembly-descriptor>
<security-role>
<role-name>managers</role-name>
</security-role>
<method-permission>
<role-name>managers</role-name>
<method>
<ejb-name>Employees</ejb-name>
<method-name>setSalary</method-name>
<method-params>
<method-param>java.lang.Long</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>

user516954,
By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
--Ric

Retrieve ejb security roles list

Hi,
in a EJB stateless session bean is it possible to retrieve, by EJB context, the list of configured roles related to the current user?
Thanks in advance.
bye
Rob

Based on the link given here is the xml. This XML already exists in the application and has such structure
<security-permission>
 <security-role-map>
 <role-name>developer</role-name>
 <server-role-name>role1</server-role-name>
 <server-role-name>role2</server-role-name>
 <server-role-name>role3</server-role-name>
 <server-role-name>role4</server-role-name>
 <server-role-name>role5</server-role-name>
 </security-role-map>
</security-permission>
My question is, which of the following annotation will work:
@RolesAllowed(value=)
or
@RolesAllowed(value=) //currently I am using this.
Edited by: Arpit Goyal on Feb 27, 2009 4:39 AM

EJB security roles

Hello,
I am using JDeveloper 3.2.2 to deploy EJBs to an 8.1.7 DB. Could someone point me in the direction of some documentation that would explain the concept of security roles and users for EJB methods? Do the users have to map to real users in the DB or how are they handled etc.
Thanks in advance,
- Nik

Based on the link given here is the xml. This XML already exists in the application and has such structure
<security-permission>
 <security-role-map>
 <role-name>developer</role-name>
 <server-role-name>role1</server-role-name>
 <server-role-name>role2</server-role-name>
 <server-role-name>role3</server-role-name>
 <server-role-name>role4</server-role-name>
 <server-role-name>role5</server-role-name>
 </security-role-map>
</security-permission>
My question is, which of the following annotation will work:
@RolesAllowed(value=)
or
@RolesAllowed(value=) //currently I am using this.
Edited by: Arpit Goyal on Feb 27, 2009 4:39 AM

EJB 3.0 Preview - Security

I was trying to use standard JDK annotations for securing EJB methods.
At the time of compiling my EJB using weblogic.appc, I am getting the following error.Please let me know if anybody has a solution to this.
Error processing annotations: java.lang.NullPointerException
The complete stack trace is:
java.lang.NullPointerException
[java] at weblogic.ejb.container.dd.xml.EjbAnnotationProcessor.processMethodPermissions(EjbAnnotationProcessor.java:968)
[java] at weblogic.ejb.container.dd.xml.EjbAnnotationProcessor.processAssemblyDescriptor(EjbAnnotationProcessor.java:631)
[java] at weblogic.ejb.container.dd.xml.EjbAnnotationProcessor.processSessionAnnotations(EjbAnnotationProcessor.java:579)
[java] at weblogic.ejb.container.dd.xml.EjbAnnotationProcessor.processAnnotations(EjbAnnotationProcessor.java:239)
[java] at weblogic.ejb.container.dd.xml.EjbAnnotationProcessor.processAnnotations(EjbAnnotationProcessor.java:143)
[java] at weblogic.ejb.container.dd.xml.EjbDescriptorReaderImpl.processStandardAnnotations(EjbDescriptorReaderImpl.java:215)
[java] at weblogic.ejb.container.dd.xml.EjbDescriptorReaderImpl.createReadOnlyDescriptorFromJarFile(EjbDescriptorReaderImpl.java:175)
[java] at weblogic.ejb.spi.EjbDescriptorFactory.createReadOnlyDescriptorFromJarFile(EjbDescriptorFactory.java:93)
[java] at weblogic.ejb.container.ejbc.EJBCompiler.parseDescriptors(EJBCompiler.java:1370)
[java] at weblogic.ejb.container.ejbc.EJBCompiler.compileEJB(EJBCompiler.java:434)
[java] at weblogic.application.compiler.AppcUtils.compileEJB(AppcUtils.java:297)
[java] at weblogic.application.compiler.EJBCompiler.compile(EJBCompiler.java:95)
[java] at weblogic.application.compiler.flow.AppCompilerFlow.compileInput(AppCompilerFlow.java:118)
[java] at weblogic.application.compiler.flow.AppCompilerFlow.compile(AppCompilerFlow.java:43)
[java] at weblogic.application.compiler.FlowDriver$FlowStateChange.next(FlowDriver.java:69)
[java] at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:26)
[java] at weblogic.application.compiler.FlowDriver.nextState(FlowDriver.java:36)
[java] at weblogic.application.compiler.FlowDriver.run(FlowDriver.java:26)
[java] at weblogic.application.compiler.Appc.runBody(Appc.java:163)
[java] at weblogic.utils.compiler.Tool.run(Tool.java:158)
[java] at weblogic.utils.compiler.Tool.run(Tool.java:115)
[java] at weblogic.application.compiler.Appc.main(Appc.java:174)
[java] at weblogic.appc.main(appc.java:14)
[java] <Aug 18, 2006 3:28:57 PM MDT> <Error> <J2EE> <BEA-160187> <weblogic.appc failed to compile your application. Recompile with the -verbose option for more details. Please see the error message(s) below.>
[java] Error processing annotations: java.lang.NullPointerException
I have given the source code of the ejb below.
Business Interface:
package examples
import java.util.Collection;
public interface Database {
 public Employee getEmployee(int empNo);
 public Collection<Employee> getEmployees();
 public Address getAddress(int empNo);
 public void createEmployee(Employee emp);
 public void updateEmployee(Employee emp);
 public void deleteEmployee(int empNo);
Bean Class: I removed the code inside the method not to be cluttery.I assumed this class causes two logical security roles created "Admin" and "User"
which needs to be mapped to the physical roles in weblogic-ejb-jar.xml.
The weblogic-ejb-jar.xml is also given below.I do not have any entry in ejb-jar.xml corresponding to this bean.
package examples
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Vector;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.RunAs;
import javax.ejb.Remote;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.sql.DataSource;
@Stateless
@Remote(Database.class)
@DeclareRoles({"Admin","User"})
@RunAs("Admin")
public class DatabaseBean implements Database{
 @PermitAll
 public Employee getEmployee(int empNo) {
 return null;
 @RolesAllowed("Admin")
 public Collection<Employee> getEmployees(){
 return null;
 @PermitAll
 public Address getAddress(int empNo){
 return null;
 @RolesAllowed("Admin")
 public void createEmployee(Employee emp){
 return null;
 @PermitAll
 public void updateEmployee(Employee emp){
 @DenyAll
 public void deleteEmployee(int empNo){
weblogic-ejb-jar.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/90" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-ejb-jar.xsd">
 <weblogic-enterprise-bean>
 <ejb-name>DatabaseBean</ejb-name>
 <security-role-assignment>
 <role-name>Admin</role-name>
 <principal-name>AdminRole</principal-name>
 </security-role-assignment>
 <security-role-assignment>
 <role-name>User</role-name>
 <principal-name>UserRole</principal-name>
 </security-role-assignment>
 </weblogic-enterprise-bean>
</weblogic-ejb-jar>

I'm a little bit confused about the different
versions:
OC4J (OAS) 10.0.2 ==> J2EE 1.3: releaded.
Yes, correct.
OC4J 10.1.3 ==> J2EE 1.4: release date
maybe summer 2005?
Correct. But it will contain an usable, supportable implementation of the EJB 3.0 specification. So it's basically J2EE 1.4 + EJB 3.0.
By default it won't run with EJB 3.0 enabled.
You will need to specifically enable EJB 3.0 when you start the container.
Oc4J with EJB 3.0 features ==>> J2EE 1.5 ??, planned
release date?
There's no such beast planned yet.
Since we're actively working on an EJB 3.0 implementation, we thought we'd release it for you all to try out. It's based off the 10.1.3 code base. Since the timing was a bit out, we just put it out as a separate distro for the time being.
Our next 10.1.3 Developer Preview will reconcile this, and will be both OC4J 10.1.3 + EJB 3.0 in one package.
Hope that helps and not hinders your understanding!
cheers
-steve-

Invalid Security role-name error in Web Project

Hi All,
I have imported a J2EE application project built in JBOSS into NWDS 7.1.
While building the project i get the following error
CHKJ3020E:Invalid Security role-name error: PEHNTAHO_ADMIN
This error directs me to the following code in web.xml
<security-constraint>
 <display-name>Default JSP Security Constraints</display-name>
 <web-resource-collection>
 <web-resource-name>Portlet Directory</web-resource-name>
 <url-pattern>/jsp/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>PEHNTAHO_ADMIN</role-name>
 </auth-constraint>
 <user-data-constraint>
 <transport-guarantee>NONE</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
I have tried out the following things to resolve this issue :
1) Remove the role manually(as suggested by various people in other J2EE forums), but then some other error came in to picture
2)Then I added the following code in web.xml
<security-role>
 <role-name>PEHNTAHO_ADMIN</role-name>
 </security-role>
Then the above mentioned build error gets resolved, but then I get the following error while deploying the application.
Dec 3, 2007 12:59:21 AM /userOut/daView_category (eclipse.UserOutLocation) [Thread[Deploy Thread,5,main]] ERROR: Deploy Exception.An error occurred while deploying the deployment item 'sap.com_AnalyticsApp2EAR'.; nested exception is:
 java.rmi.RemoteException: class com.sap.engine.services.dc.gd.DeliveryException: An error occurred during deployment of sdu id: sap.com_AnalyticsApp2EAR
sdu file path: D:\usr\sap\CE1\J01\j2ee\cluster\server0\temp\tcbldeploy_controller\archives\191\AnalyticsApp2EAR.ear
version status: HIGHER
deployment status: Admitted
description:
 1. Error:
Cannot update application sap.com/AnalyticsApp2EAR. Reason: The application sap.com/AnalyticsApp2EAR will not be update, because its validation failed. Reason:
ERRORS:
Web Model Builder: com.sap.engine.frame.core.configuration.NameNotFoundException: The parameter/s in String "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
 
</web-app>
" is/are not defined and could not be substituted., file: AnalyticsApp2.war#WEB-INF/web.xml, column 0, line 0, severity: error
WARNINGS:
Web Model Builder: Following tests could not be executed because of failed precondition test "Web Model Builder" : Implicit Constraints Test, JSF Application Test, Mapping Test, Web File Existence Test, Web Class Existence Test, Security Role Test, file: AnalyticsApp2.war, column -1, line -1, severity: warning
3) I had also added the following code in web-j2ee-engine.xml
<security-role-map>
 <role-name>PEHNTAHO_ADMIN</role-name>
 <server-role-name>all</server-role-name>
 </security-role-map>
but still i get the same deployment error.
Please help me in resolving this problem.
Can anybody tell me the use of role "PEHNTAHO_ADMIN"?
Thanks and Regards,
Sruti

Hi Malathy,
Once the users are created in Authentication Provider, and once the roles are created in Weblogic Server, You just have to map users to roles in Jazn-data.xml.
Could you please let us know you created a roles named users in WLS ?
Thanks & Regards,
Murali.
============

Security-role and security-role-assignment not working in WL7.0

Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

Below are the screen shots for PFCG:

Redirecting user to acustom page depending on security role after glassfish

Hi,
I have a JSF application using glassfish authentication mechanism. I'm planning to use a jdbc realm and form based authentication (I'm using a jsp page to get username and password) . I have 3 different user roles (student, admin and staff)
However I cannot find how to redirect a user to a different page (Ex: staff report page if the logged in user is in the security role staff). I have configured sun-web.xml and web.xml to map the roles and groups. The problem is after authentication the user is always redirected back to the home page, which is the login page. I understand this is how the glassfish authentication works by default. But is there a way to navigate the user to a different page depending on his role.
I'm new to EJB security. Please help me on this subject. Thanks a lot in advance.

Check this blog post, which provides an alternate solution (You can choose the best possible solution based on your use-case).
http://andrejusb.blogspot.com/2007/10/security-in-oracle-adf-and-automatic.html
Thanks,
Navaneeth

Security role with alias KeystoreAdministrator does not exist.

i have a error trying to start the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
the next log is about the std_server0.out
i do not how to create the alias because i can not connect using Visual Administrator because the server not start
stdout/stderr redirect
node name : server0
pid : 995354
system name : SMS
system nr. : 00
started at : Wed Aug 13 18:26:36 2008
[Thr 1] Wed Aug 13 18:26:37 2008
[Thr 1] MtxInit: -2 0 0
<?xml version="1.0" ?>
<verbosegc version="200708_30">
SAP J2EE Engine Version 7.00 PatchLevel 108458.44 is starting...
Loading: LogManager ... 2643 ms.
Loading: PoolManager ... 2 ms.
Loading: ApplicationThreadManager ... 837 ms.
Loading: ThreadManager ... 54 ms.
Loading: IpVerificationManager ... 12 ms.
Loading: ClassLoaderManager ... 14 ms.
Loading: ClusterManager ... 226 ms.
Loading: LockingManager ... 68 ms.
Loading: ConfigurationManager ... 86617 ms.
Loading: LicensingManager ... 28 ms.
Loading: CacheManager ... 159 ms.
Loading: ServiceManager ...
Loading services.:
Service cross started. (75 ms).
Service memory started. (98 ms).
Service runtimeinfo started. (115 ms).
Service trex.service started. (87 ms).
Service file started. (156 ms).
Service timeout started. (159 ms).
Service userstore started. (19 ms).
Service jmx_notification started. (78431 ms).
Service p4 started. (188119 ms).
Service classpath_resolver started. (63 ms).
<af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
<minimum requested_bytes="48" />
<time exclusiveaccessms="1.635" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="1" totalid="1" intervalms="0.000">
 <flipped objectcount="253990" bytes="19242624" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="644" weak="1" phantom="0" />
 <finalization objectsqueued="1363" />
 <scavenger tiltratio="50" />
 <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
 <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="107.395" />
</gc>
<nursery freebytes="190328376" totalbytes="209715200" percent="90" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="110.754" />
</af>
Service deploy started. (4055 ms).
Service bimmrdeployer started. (7 ms).
Service MigrationService started. (70 ms).
Service log_configurator started. (194277 ms).
Service locking started. (8 ms).
Service http started. (295 ms).
Service naming started. (626 ms).
Service failover started. (112 ms).
Service appclient started. (140 ms).
Service javamail started. (218 ms).
Service ts started. (220 ms).
Service jmsconnector started. (207 ms).
Service licensing started. (22 ms).
Service connector started. (212 ms).
Service configuration started. (32 ms).
Service iiop started. (316 ms).
Service webservices started. (706 ms).
Service dbpool started. (25283 ms).
<af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
<minimum requested_bytes="768" />
<time exclusiveaccessms="0.302" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
 <flipped objectcount="353647" bytes="28752016" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="1056" weak="0" phantom="0" />
 <finalization objectsqueued="2858" />
 <scavenger tiltratio="50" />
 <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
 <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="90.892" />
</gc>
<nursery freebytes="180514624" totalbytes="209715200" percent="86" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="92.831" />
</af>
Service com.sap.security.core.ume.service started. (64165 ms).
Service tcdisdic~srv started. (815 ms).
Service security started. (911 ms).
Service classload started. (43 ms).
Service applocking started. (132 ms).
Service shell started. (216 ms).
Service tceCATTPingservice started. (21 ms).
Service telnet started. (60 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
Service webdynpro started. (699 ms).
Service keystore started. (952 ms).
Service ssl started. (56 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
Service ejb started. (1367 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service tcseccertrevoc~service started. (286 ms).
Service tcsecsecurestorage~service started. (379 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service servlet_jsp started. (1783 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Timed out services:
Service com.adobe~DataManagerService > hard reference to service jmx.
Service com.adobe~TrustManagerService > hard reference to service jmx.
Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
Service com.adobe~PDFManipulation > hard reference to service jmx.
Service adminadapter > hard reference to service jmx.
Service pmi > hard reference to service tcsecdestinations~service.
Service jms_provider > hard reference to service jmx.
Service sld > service sld start method invoked.
Service jmx > service jmx start method invoked.
Service rfcengine > hard reference to service jmx.
Service tcsecsaml~service > hard reference to service adminadapter.
Service com.adobe~LicenseService > hard reference to service basicadmin.
Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
Service tcsmdserver~service > hard reference to service jmx.
Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
Service cafummetadataimp > service cafummetadataimp start method invoked.
Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
Service dsr > hard reference to service security.
Service monitor > hard reference to service jmx.
Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
Service tclmctcconfsservice_sda > hard reference to service jmx.
Service CUL > hard reference to service jmx.
Service tc.monitoring.logviewer > hard reference to service jmx.
Service apptracing > hard reference to service jmx.
Service com.adobe~XMLFormService > hard reference to service jmx.
Service tcsecwssecservice > service tcsecwssecservice start method invoked.
Service com.adobe~FontManagerService > hard reference to service jmx.
Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
Service basicadmin > hard reference to service jmx.
[Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
Aug 13, 2008 6:33:53 PM com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
</verbosegc>

i have a error trying to start the java engine of a Solution Manager 4.0 SR2 on AIX with ibm jdk SR9
the next log is about the std_server0.out
i do not how to create the alias because i can not connect using Visual Administrator because the server not start
stdout/stderr redirect
node name : server0
pid : 995354
system name : SMS
system nr. : 00
started at : Wed Aug 13 18:26:36 2008
[Thr 1] Wed Aug 13 18:26:37 2008
[Thr 1] MtxInit: -2 0 0
<?xml version="1.0" ?>
<verbosegc version="200708_30">
SAP J2EE Engine Version 7.00 PatchLevel 108458.44 is starting...
Loading: LogManager ... 2643 ms.
Loading: PoolManager ... 2 ms.
Loading: ApplicationThreadManager ... 837 ms.
Loading: ThreadManager ... 54 ms.
Loading: IpVerificationManager ... 12 ms.
Loading: ClassLoaderManager ... 14 ms.
Loading: ClusterManager ... 226 ms.
Loading: LockingManager ... 68 ms.
Loading: ConfigurationManager ... 86617 ms.
Loading: LicensingManager ... 28 ms.
Loading: CacheManager ... 159 ms.
Loading: ServiceManager ...
Loading services.:
Service cross started. (75 ms).
Service memory started. (98 ms).
Service runtimeinfo started. (115 ms).
Service trex.service started. (87 ms).
Service file started. (156 ms).
Service timeout started. (159 ms).
Service userstore started. (19 ms).
Service jmx_notification started. (78431 ms).
Service p4 started. (188119 ms).
Service classpath_resolver started. (63 ms).
<af type="nursery" id="1" timestamp="Wed Aug 13 18:32:05 2008" intervalms="0.000">
<minimum requested_bytes="48" />
<time exclusiveaccessms="1.635" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="1" totalid="1" intervalms="0.000">
 <flipped objectcount="253990" bytes="19242624" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="644" weak="1" phantom="0" />
 <finalization objectsqueued="1363" />
 <scavenger tiltratio="50" />
 <nursery freebytes="190330424" totalbytes="209715200" percent="90" tenureage="10" />
 <tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="107.395" />
</gc>
<nursery freebytes="190328376" totalbytes="209715200" percent="90" />
<tenured freebytes="1724342296" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637940248" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="110.754" />
</af>
Service deploy started. (4055 ms).
Service bimmrdeployer started. (7 ms).
Service MigrationService started. (70 ms).
Service log_configurator started. (194277 ms).
Service locking started. (8 ms).
Service http started. (295 ms).
Service naming started. (626 ms).
Service failover started. (112 ms).
Service appclient started. (140 ms).
Service javamail started. (218 ms).
Service ts started. (220 ms).
Service jmsconnector started. (207 ms).
Service licensing started. (22 ms).
Service connector started. (212 ms).
Service configuration started. (32 ms).
Service iiop started. (316 ms).
Service webservices started. (706 ms).
Service dbpool started. (25283 ms).
<af type="nursery" id="2" timestamp="Wed Aug 13 18:33:36 2008" intervalms="91291.585">
<minimum requested_bytes="768" />
<time exclusiveaccessms="0.302" />
<nursery freebytes="0" totalbytes="209715200" percent="0" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<gc type="scavenger" id="2" totalid="2" intervalms="91293.279">
 <flipped objectcount="353647" bytes="28752016" />
 <tenured objectcount="0" bytes="0" />
 <refs_cleared soft="1056" weak="0" phantom="0" />
 <finalization objectsqueued="2858" />
 <scavenger tiltratio="50" />
 <nursery freebytes="180516672" totalbytes="209715200" percent="86" tenureage="11" />
 <tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
 </tenured>
 <time totalms="90.892" />
</gc>
<nursery freebytes="180514624" totalbytes="209715200" percent="86" />
<tenured freebytes="1723791376" totalbytes="1728053248" percent="99" >
 <soa freebytes="1637389328" totalbytes="1641651200" percent="99" />
 <loa freebytes="86402048" totalbytes="86402048" percent="100" />
</tenured>
<time totalms="92.831" />
</af>
Service com.sap.security.core.ume.service started. (64165 ms).
Service tcdisdic~srv started. (815 ms).
Service security started. (911 ms).
Service classload started. (43 ms).
Service applocking started. (132 ms).
Service shell started. (216 ms).
Service tceCATTPingservice started. (21 ms).
Service telnet started. (60 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [service_ssl] and user [null] not generated; Consequences: keystore view [service_ssl] is not created for user [null]; Countermeasures:see log for details
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TrustedCAs] and user [null] not generated; Consequences: keystore view [TrustedCAs] is not created for user [null]; Countermeasures:see log for details
Service webdynpro started. (699 ms).
Service keystore started. (952 ms).
Service ssl started. (56 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [TicketKeystore] and user [null] not generated; Consequences: keystore view [TicketKeystore] is not created for user [null]; Countermeasures:see log for details
Service ejb started. (1367 ms).
Aug 13, 2008 6:33:40 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service tcseccertrevoc~service started. (286 ms).
Service tcsecsecurestorage~service started. (379 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Service servlet_jsp started. (1783 ms).
Aug 13, 2008 6:33:41 PM com.sap.engine.services.keystore [Thread[_keystore_managed_system_thread_,10,SAPEngine_System_Thread[impl:5]_Group]] Fatal: Source: com.sap.engine.services.security.exceptions.BaseSecurityException: Security role with alias KeystoreAdministrator does not exist.; Description: system user based security support for view [securestorage] and user [null] not generated; Consequences: keystore view [securestorage] is not created for user [null]; Countermeasures:see log for details
Timed out services:
Service com.adobe~DataManagerService > hard reference to service jmx.
Service com.adobe~TrustManagerService > hard reference to service jmx.
Service cafumrelgroupsimp > hard reference to service cafummetadataimp.
Service com.adobe~PDFManipulation > hard reference to service jmx.
Service adminadapter > hard reference to service jmx.
Service pmi > hard reference to service tcsecdestinations~service.
Service jms_provider > hard reference to service jmx.
Service sld > service sld start method invoked.
Service jmx > service jmx start method invoked.
Service rfcengine > hard reference to service jmx.
Service tcsecsaml~service > hard reference to service adminadapter.
Service com.adobe~LicenseService > hard reference to service basicadmin.
Service com.adobe~DocumentServicesConfiguration > hard reference to service basicadmin.
Service tcsmdserver~service > hard reference to service jmx.
Service com.adobe~DocumentServicesDestProtoService > hard reference to service jmx.
Service cafummetadataimp > service cafummetadataimp start method invoked.
Service tcsecvsiservice > hard reference to service tcsecdestinationsservice.
Service tcsecdestinationsservice > service tcsecdestinationsservice start method invoked.
Service dsr > hard reference to service security.
Service monitor > hard reference to service jmx.
Service cafruntimeconnectivityimpl > service cafruntimeconnectivityimpl start method invoked.
Service tclmctcconfsservice_sda > hard reference to service jmx.
Service CUL > hard reference to service jmx.
Service tc.monitoring.logviewer > hard reference to service jmx.
Service apptracing > hard reference to service jmx.
Service com.adobe~XMLFormService > hard reference to service jmx.
Service tcsecwssecservice > service tcsecwssecservice start method invoked.
Service com.adobe~FontManagerService > hard reference to service jmx.
Service com.adobe~DocumentServicesLicenseSupportService > hard reference to service jmx.
Service com.adobe~DocumentServicesBinaries2 > hard reference to service jmx.
Service basicadmin > hard reference to service jmx.
[Framework -> criticalShutdown] 3 core services have timed out [adminadapter; jmx; basicadmin].
Aug 13, 2008 6:33:53 PM com.sap.engine.core.Framework [Thread[Thread-1,5,main]] Fatal: Critical shutdown was invoked. Reason is: 3 core services have timed out [adminadapter; jmx; basicadmin].
</verbosegc>

Mapping UME Roles to J2EE Engine Security Roles

Hi all,
is there a way to map the roles defined in UME which are used in a Web Dynpro application to those declared as part of an EJB descriptor?
Any help is highly appreciated.
Regards,
Sebastian

Hi Sebastian,
yes, it is possible to do such mapping. And here how it works:
1. define security roles in the ejb-jar.xml within the <security-role>. For example:
<security-role>
 <role-name>test</role-name>
</security-role>
2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
<security-permission>
 <security-role-map>
 <role-name>test</role-name>
 <server-role-name>myUMErole</server-role-name>
 </security-role-map>
</security-permission>
the myUMErole must be defined in the UME!
Does this answer your question?

Mapping security roles to other roles

I found the security newsgroup and posted the question there under the same topic. Kindly respond there.
Message was edited by:
jheinone

Hi Sebastian,
yes, it is possible to do such mapping. And here how it works:
1. define security roles in the ejb-jar.xml within the <security-role>. For example:
<security-role>
 <role-name>test</role-name>
</security-role>
2. then you map the roles those roles to server security roles using the <security-role-map> tag of the ejb-j2ee-engine.xml descriptor.
<security-permission>
 <security-role-map>
 <role-name>test</role-name>
 <server-role-name>myUMErole</server-role-name>
 </security-role-map>
</security-permission>
the myUMErole must be defined in the UME!
Does this answer your question?

How to list principals in the security role?

Does anybody know how to list principals assigned to a security role programmatically?
The role assigment is specified in weblogic.xml files for web applications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret

I think it's not possible. However, what you can do is to assign a role to a
group (this relationship being statically defined in weblogic.xml) and then
manipulate the group membership in order to assign users to the role on the
fly.
"Margaret Oberc" <[email protected]> wrote in message
news:3b127763$[email protected]..
>
Does anybody know how to list principals assigned to a security roleprogrammatically?
The role assigment is specified in weblogic.xml files for webapplications and
weblogic-ejb-jar.xml files for EJBs.
Any help would be much appreciated,
Margaret

How do I map declared security role to an actual operational one?

Hello,
Suppose I have created few security roles at the ejb-jar.xml file of my J2EE application using:
<security-role>
<role-name> managers <role-name>
</security-role>
Our portal is connected to our LDAP server so the WAS contains all the groups it has over there.
My question is: How do I actualy map the security role I declared at the deployment descriptor (manager) to an actual group in our organization?

Hi Roy,
Are you familiar with thishttp://help.sap.com/saphelp_nw04/helpdata/en/1a/733e401b21e801e10000000a155106/frameset.htm ?
Best regards, Maksim Rashchynski.

Warning: EJB referenced an unknown security role?

Similar Messages

Maybe you are looking for