Weblogic EM Users Acess
Hi ,
Is it possible to create a user for Weblogic EM and restrict the user to acess only Business Intelligence components.
for activities like upload RPD and Restart the OBIEE services.
he must not be able to change any security settings in both EM and Console.
Please help me
user12078402 wrote:
Hello,
Thanks for your reply.
I have installed OBIEE 11.1.1.6.2 on llinux.
can you please help how log in to Enterprise Manager Grid Control
when i am using URL http://hostname:7777/em ...it dosnt open any page
and http://hostname:7001/em
is taking me to weblogic Enterprise Manager.
Please help me.It is a seperate tool. Refer to this link for installation guide: http://docs.oracle.com/cd/B16240_01/doc/em.102/e10953/installing_em.htm
Similar Messages
-
Best practice standard User Acess Test for WIN2012 AD
What is the Best practice standard User Acess Test for WIN2012 AD
Hello,
as before, add a computer to the domain and log on with a domain user account to the computer.
You should be able from the client machine to open the sharedfolders on the DCseither with:
\\DCName\sysvol
\\DCName\netlogonor \\NetBiosDomainName\sysvol
\\NetBiosDomainName\netlogon
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Changing the weblogic admin user password
I have faced an issue in reseting weblogic admin user password. Following are the steps i have executed in sequence.please help to understand why it is not working this way
I have 2 managed instances running on two separate computers.
`Step 1.` shutdown the admin server instance ( i did not shutdown the node manager and other 2 manage server instances
`Step 2.` Set the environment variables
`cd $DOMAIN_HOME/bin`
. ./setDomainEnv.sh
`Step 3.` then executed the command below to create the new password
cd ../security
mv DefaultAuthenticatorInit.ldift oldDefaultAuthenticator
java weblogic.security.utils.AdminAccount weblogic new_password .
`Step 4.` backed up existing `boot.properties` file and created a new file. Also backed up data directory of admin server. created a new `boot.properties` file with following configuration
with plain text username(weblogic_admin) and password (new_password).
cd ../servers/AdminServer
mv data data_old
cd security/
mv boot.properties oldboot.properties
Step 5. Then i restarted the admin server. admin server is restarted successfully and i was able to login the admin console with my new username and password. Issue came when i try to shoutdown the admin server. when i execute sh stopWeblogicAdmin.sh , it will through following exception. But , if i kill the admin server process , then i am able to start the admin server with out any problem. and i am able to login to the server also. I am also able to stop and start manage server instances through admin console. But why it is failing only when i try to stop.could anybody help me on this
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://jipsl13t:12001 with userid weblogic_admin ...
This Exception occurred at Fri Jan 18 12:20:09 GMT-00:00 2013.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic_admin, failed to be authenticated.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:788)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:682)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:469)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:376)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:520)
at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:573)
at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:313)
at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:203)
at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:61)
at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:147)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.python.core.PyReflectedFunction.__call__(Unknown Source)
at org.python.core.PyMethod.__call__(Unknown Source)
at org.python.core.PyObject.__call__(Unknown Source)
at org.python.core.PyObject.invoke(Unknown Source)
at org.python.pycode._pyx4.connect$1(<iostream>:16)
at org.python.pycode._pyx4.call_function(<iostream>)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyFunction.__call__(Unknown Source)
at org.python.pycode._pyx15.f$0(/product/jip/jipsl11t/wls/eni132_domain/shutdown.py:6)
at org.python.pycode._pyx15.call_function(/product/tsm/jipsl11t/wls/eni132_domain/shutdown.py)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyCode.call(Unknown Source)
at org.python.core.Py.runCode(Unknown Source)
at org.python.util.PythonInterpreter.execfile(Unknown Source)
at weblogic.management.scripting.WLST.main(WLST.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.WLST.main(WLST.java:29)
Caused by: java.lang.SecurityException: User: weblogic_admin, failed to be authenticated.
at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:522)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Problem invoking WLST - Traceback (innermost last):
File "/product/jip/jipsl11t/wls/eni132_domain/shutdown.py", line 6, in ?
File "<iostream>", line 22, in connect
File "<iostream>", line 646, in raiseWLSTException
WLSTException: Error occured while performing connect : User: weblogic_admin, failed to be authenticated.
Use dumpStack() to view the full stacktrace
Done
Stopping Derby Server...
Edited by: user8643895 on Jan 18, 2013 9:28 AMHi,
This issue was occurring because stopWebLogic.sh was picking the username and password from properties user config files in user's home directory: username-WebLogicConfig.properties, username-WebLogicKey.properties.
If the credentials for weblogic server are changed then new user config files should be created, if these are not created then stopWebLogic.sh will pick up the old credentials and hence fail.
Please refer the following document for information on user configuration files:
http://docs.oracle.com/cd/E21764_01/web.1111/e13813/reference.htm#WLSTC430
Connecting to the server after deleting username-WebLogicConfig.properties, username-WebLogicKey.properties resolves the issue as it forces the script to use the credentials provided by the user while running stopWebLogic.sh
There are two ways you can resolve this issue:
1) Create new user config files with the correct credentials as explained in the following document:
http://docs.oracle.com/cd/E21764_01/web.1111/e13813/reference.htm#WLSTC430
Or
2) To force the stopWeblogic.sh script to use credentials provided by the user while running the script follow these steps:
In the stopWeblogic.sh file use the following connect command:
connect(userConfigFile='',userKeyFile='', url='${ADMIN_URL}', adminServerName='${SERVER_NAME}')instead of:
connect(${userID} ${password} url='${ADMIN_URL}', adminServerName='${SERVER_NAME}')Hence in the stopWebLogic.sh script replace:
echo "import os" >"shutdown.py"
echo "if os.environ.has_key('wlsUserID'):" >>"shutdown.py"
echo " wlsUserID = os.environ['wlsUserID']" >>"shutdown.py"
echo "if os.environ.has_key('wlsPassword'):" >>"shutdown.py"
echo " wlsPassword = os.environ['wlsPassword']" >>"shutdown.py"
echo "connect(${userID} ${password} url='${ADMIN_URL}', adminServerName='${SERVER_NAME}')" >>"shutdown.py"
echo "shutdown('${SERVER_NAME}','Server')" >>"shutdown.py"
echo "exit()" >>"shutdown.py"with:
echo "import os" >"shutdown.py"
echo "if os.environ.has_key('wlsUserID'):" >>"shutdown.py"
echo " wlsUserID = os.environ['wlsUserID']" >>"shutdown.py"
echo "if os.environ.has_key('wlsPassword'):" >>"shutdown.py"
echo " wlsPassword = os.environ['wlsPassword']" >>"shutdown.py"
echo "connect(userConfigFile='',userKeyFile='', url='${ADMIN_URL}', adminServerName='${SERVER_NAME}')" >>"shutdown.py"
echo "shutdown('${SERVER_NAME}','Server')" >>"shutdown.py"
echo "exit()" >>"shutdown.py"
Regards,
Kishore -
Migrate oracle database users into weblogic application users
Hello.
I need to migrate over 1000 users with its credentials(username, password,email,etc.) from existing ORACLE database into WEBLOGIC application user.
But I was facing problem with password hashes.
I have created user marlis and set password like marlis_2013:
- in oracle db it's hash is 2CDAD21E6A769A11
- in weblogic as it's hash is {SHA-1}a7OyKYOb/mUMsda8U9cw4ofgGlo=
How canb I migrate over 1K user credentials. Pls help.I am using ADF security based on JAAS.
-
SAP Security: how can i findout any changes for user acess
hi ,
How can i check the changes in user access for some transactions?
i have tried with S_BCE_68001439 transction, but i didn't find any changes in the respective roles which were assigned to the particular user ID.
is there any other way to find out changes in user acess?
Please respond at the earliest. Thanks in advance.
Ramesh.Ramesh,
You should first look at what as changed with the user master record, you can check this by going to SU01, enter the User ID and goto Information Menu and Change Documents for users, you can then specify no start date and any other criteria you want to see changes to the user master.
Then if nothing has changed here, or as an extra check you can goto PFCG, open the Role for display and goto Utilities Menu and Display Changes. You can then do the same as before and specify no start date with other criteria to find changes to any Role the user has.
Hope this helps.
Regards
Ashley -
Weblogic admin user password change w/o disrupting existing users
Hi Folks,
As a business policy we need to change the password of the admin user in weblogic after a cycle of specific period.
Please let us now how can we do that without losing the other existing users in 'my realm.'
I understand that we can use the weblogic.utils.security.AdminAcoount utility to give the new password, which will create a new DefaultAuthenticatorInit.ldift file in +<domain-home>/security+ folder (according to Doc ID 1082299.1).
The password will change but the users in 'my realm' will be lost. (there are many users and it is a production environment so recreation is out-of- question)
Is there a way we can retain the users and still proceed with the password change?
Cheers,
JeegarHi Jeegar,
This can be doen by followin the standard procedure by login to console and navigate to :-
DOMAIN_STRUCTURE--->Security Realm--->myrealm--->Users and Groups---->User tab click on the user weblogic
--click on the password tab and put the new password there and save (password is changed for the user here)
---Logout from the console and login to the console again using the new password
But when the server starts it do not read the password for the user directly from the realm rather it picked the same from the $DOMAIN_HOME/servers/AdminServer/security/boot.properties
Now in order to make this change available when the server starts change the values for the username and password in boot.properties and specify them in plain-text and save the same.
Now next time whenever the server will start it will pick up the new values from the boot.properties and once the same had been accepted those will be encrypted again.
You might have to make the change for the boot.properties for all the Managed Server if you have the Managed Servers in the domain which will be located at the location $DOMAIN_HOME/servers/<<Managed Server Name>>/data/nodemanager/boot.properties
You can test the steps on some lower environment first and try the same in Critical environment once the testing goes successful.
Regards,
Vijay
Edited by: V Kumar on Oct 25, 2012 3:06 PM -
Hi all, first post.
We are having a rather difficult time with Oracle Support around here, and we have finally decided to support our installation by ourselves.
Last week he had an issue where our Web catalog was corrupt (BI Presentation didn't start, showing us an HTTP 500 error). We stopped the platform, moved the catalog directory and re-started the platform, so that it could automatically be recreated. We then copied the users and catalog directory back to their original position, and everything seemed to be fine.
Unfortunately, this was not to be. For some reason, our Weblogic (administrator) password cannot log in to the OBIEE front end anymore. We can still manage the platform via EM using this user, though.
The main issue here is that some users created dashboards and reports with the Weblogic user, so they can't modify them now. Also, they are having several issues displaying the results, specifically with the styles. Apparently, styles were lost when we copied the directory, and have no clue as to how to get them back.
So, my question would be - how can we fix this issue?
Thanks for any help!
Edited by: user1118975 on Apr 3, 2012 5:28 PMHi,
I assume you are talking about OBIEE dashboard screen , when you mentioned about the OBIEE front end screen.
So, I would like to ask you what error does not throw when you say the weblogic user cannot login to OBIEE? Does it say Invalid Username/password or An error occurred during authenticatio system?
If its the latter, try restarting the services through OPMN and see if you can log back in.
I do not think this might be valid, but you may want to refresh the user GUID's once more. Change the <upgradeandexit> tag in instanceconfig.xml to true and REFRESH_GUID to YES in NQSConfig.ini and restart the BI Services. Once again, revert the parameters and start once more and check.
Hope this helps.
Thank you,
Dhar -
OBIEE 11G weblogic admin user cannot create new Analysis
Hi,
I have deployed a new RPD and can log into the Presentation services using the weblogic Administrator account. I can see the dashboards and reports.
When I attempt to go to Answers (expecting a link for New -> Analysis), I don't see that link. Seems like this user does not have permissions to create new Analysis.
Checking on WLS, I found that my weblogic user is entered under the following three groups:
Administrators
BIAdministrators
BIAuthors
What am I missing ?
Tx,
SushantaHi,
Can you try this?
1. Login to obiee and append the URL with Managegroups ( http://localhost:9704/analytics/saw.dll?Managegroups)
2. Select the "Presentation Server Administrators" group
3. Edit -> search user and add it to this group.
4. Login with the user added and check if he can "Administrator --> mange catalog and permission".
Rgds,
Dpka -
Export & import weblogic 7 users
Hey,
I'm currently migrating a Weblogic 7.0.1 installation from
a Windows 2000-system to a RedHat-Linux 7.3-system.
I've been successfull at doing the installation on Linux and
installing all the applications.
Now 1 small problem still remains. On my current Weblogic installation (W2K) I've
got currently about 80 users created and a couple of roles. Now I have to create
all those users again on the Linux-installation.
Instead of recreating every user again, I was hoping there was a way to export
the users to a file and import them on the linux-installation.
Can anybody help me find a way to tackle this small issue ???
Thanks in advance.
Bart LaeremansHi Martin
Here's another possible approach (I haven't tested it though)
1. Export the DEV workspace(s) before the clone
2. Comment out the wwv_flow_fnd_user_api.create_company statement and any groups/users that already exist in prod e.g. ADMIN
3. After the clone Run the export.sql files from the SQL*PLUS command line, which hopefully will just create your users
There's a few manual steps modifying the files, and it's probably not supported but it might be the simplest/quickest way (if it works)
Cheers
Matt -
All,
Is there a way that we can grant the select acess on oracle 9i table to the user with column(s) restriction?
I have to restict the sensitive data access from some users. Please advice.Prior to 10g, you cannot hide individual columns using VPD. Assuming you are stuck on 9i (note that specifying the actual version rather than the marketing label may help because there may be differences between 9.0.1.x and 9.2.0.x), your only realistic option would be views.
I'm not sure what you mean when you say
"If i create a view with out thse columns that doesn't get updated by my daily imports.in order to do that , i need to do lot of scripting changes which is a big pain"
Your batch loads should be able to continue to write directly to the base table and should, presumably, be able to see all the columns. It is only users that need to query the data and see a subset of columns that would need to run their queries through a view. And setting up appropriate synonyms may limit or eliminate the need to make code changes, assuming your code doesn't hard-code schema names.
Justin -
What is the difference between WebLogic Server users and Portal users
Hi All
What is the difference between users created in the WebLogic server and those
created from the webLogic Portal Admin console.
- leoHi Leo,
The WebLogic server console allows you to create users in the File realm (
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1057106 , "Defining
Users" ).
The WebLogic Portal Admin console creates Portal users in the alternate security
realm that was written to store user/password in the Portal schema. This realm is
com.bea.p13n.security.realm.RDBMSRealm. See the javadoc for RDBMSRealm at (
http://edocs.bea.com/wlp/docs40/javadoc/wlp/com/bea/p13n/security/realm/RDBMSRealm.html
For information on alternate security realms see
http://e-docs.bea.com/wls/docs61/security/prog.html#1041025 , "Writing a Custom
Security Realm".
For information on the File realm see
http://e-docs.bea.com/wls/docs61/ConsoleHelp/security.html , "Security" and also
search the WLS 6.1 docs for "File realm" for lots of other references.
Leo wrote:
Hi All
What is the difference between users created in the WebLogic server and those
created from the webLogic Portal Admin console.
- leo--
Ture Hoefner
BEA Systems, Inc.
2590 Pearl St.
Suite 110
Boulder, CO 80302
www.bea.com -
Weblogic myrealm user not allowed with name "viewer"
Hi,
I am trying to create a user(from weblogic console) in myrealm with name "viewer" and I see that I am not allowed but I don't get any error.
When I am creating it programatically from a java program and assign it to a role called "Viewer", when connecting to my application using this "viewer" username the only rolse detected by my application are authenticated-role and anonymous-role. The "Viewer" role is not seen.
Are there any restricted words that can be used for a user in weblogic myrealm?
Thanks
Regards CorneliuHi,
Regarding Transactions , the following link can helpful to you .
Regards,
Prasanna Yalam -
Hii,
I made PS 8.49 accessible to PS developer(they can access PIA from anywhere in the world)..but here I am getting max.user/session 5 limiting issue
"The Server is not able to service this request: [Server:002621]Connection rejected, the server license allows connections from only 5 unique IP addresses."
How to resolve this?
Thanks in AdvanceI usually don't do that. If you want help, please give more details here (Weblogic version, where has it been downloaded from...), or hire a consultant.
Have you read the note that I mentioned above ? It's not just running the script, I was given the main step, but more has to be done (I won't copy&paste the note over here).
You could also read my installation guide : http://gasparotto.blogspot.nl/2008/01/on-peoplesoft-road-weblogic-92.html
Moreover, your issue has already been reported in your other thread :
Peoplecode not executing
Nicolas. -
Oracle Retail Allocations - User Acess
Hi,
I'm having trouble finding information about the diference between a Administrator User or a User User (you can define a user as being Administrator (A) or User (U)).
I've search in all the documentation about Orallocs and the only thing that I found was that DAS controls the definition of this users, and the privileges that each have, but only for the DAS application.
Can you help me with this issue? What's the difference for the Orallocs aplication when you are a defined as a 'A' or 'U' user. (This definition appears in the ALC_USERS table).
Regards,This is a Documaker community forum. Perhaps you should be posting your question in one of the retail application forums. You can search for Oracle community forums as shown below.
-
hello ...
I've made wls installation under root credentials by my ignorance.
So, at the end installation and config story I found, that everything is running in root context. And its realy not good idea .
It's RHEL 5.6 environment , Wls is in production mode, domain is created and configured. All settings are done.
so what's safe way to switch running user from root to non-privileged user ?
I cannost find documentation or recomended solution to safe switch.
My first idea is:
chown -R user:group /wlsInstallationDir
reconfigure post-Bind UID post-Bind GID in machine configuration
Is this safe way to switch running users ?
Last way is full reinstallation and configuration of WLS with proper user context, but I would like avoid this.
Thank for any advice.Can you mention from where the user is trying to change the password. If it is through a custom UI then the API instance should be created from XELSYSADM credentials.
Maybe you are looking for
-
Mavericks upgrade doesn't continue after restart.
I've downloaded the Mavericks upgrade and clicked to install it. It prompts me to accept the EULA, then says a restart is required. I restart, but when the machine reboots I'm greeted by my PGP disk encryption screen, then a logon screen. At no point
-
***
-
Error in L_TO_CREATE_MULTIPLE
Hi Experts, I'm using FM-- L_TO_CREATE_MULTIPLE to create the Transfer order for multiple items, i need to pass I_BETYP and I_BENUM values while creating transfer order. What values we need to pass in these parameters and from where we get these valu
-
Illustrator 6 Perspective Question
I am creating a door hanger in Illustrator and would like to place a company logo on to a perspective plane. It is a .eps file that I've placed on the artboard and then used the perspective tool to see a perspective grid across my document and made o
-
Hi All i'm using forms6 and want to send email to any address ,for exaample [email protected] with an attachment for example test.txt. plz do help me regarding this, i will be very thankful to u. i need code best regards! softdesire