cancel
Showing results for 
Search instead for 
Did you mean: 

Search request failed! <<user>> is not allowed to perform search request

Former Member
0 Kudos

hello all,

i am trying to run initial loads on AS java database repository, the user i use in repository is and admin user for NW 7.3 and has full administrator rights.

still initial loads were not successful  from the configuration guides i came to know Spml_Write_Action role is only for NW 7.0 and below for 7.3 is not using smpl connection i believe.

this is the only warning in the job log

Search request failed! <<user>> is not allowed to perform search request.

default trace log.

UME#sap.com/tc~sec~ume~wd~kit#C0000A17206800A800000002000021A8#23640950000000004#sap.com/tc~sec~ume~wd~umeadmin#com.sap.security.core.wd.maintainuser.MaintainUserComp.public void saveModifications( )#idm_admin#11##B1AC9AC0EC9211E3C1DF00000168BB76#b9612f91ec9511e38cec00000168bb76#b9612f91ec9511e38cec00000168bb76#0#Thread[HTTP Worker [@186066399],5,Dedicated_Application_Thread]#Plain##

Error adding roles

[EXCEPTION]

com.sap.security.core.wd.exception.UmeUiSecurityException: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.handleThrowable(UmeUiFactoryCompInterface.java:2977)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1272)

  at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:1034)

  at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

  at com.sun.proxy.$Proxy780.modifyEntityMappings(Unknown Source)

  at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1334)

  at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:709)

  at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:630)

  at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:579)

  at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)

  at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)

  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)

  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

  at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)

  at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingEmbedded(ApplicationSession.java:919)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:878)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)

  at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:62)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:39)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:46)

  at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:270)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToAppContext(ExecutionContextDispatcher.java:68)

  at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:53)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:244)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callRequestManager(JavaApplicationProxy.java:1244)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callEmbeddedApplication(JavaApplicationProxy.java:1122)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$SendDataAndProcessActionCommand.doExecute(JavaApplicationProxy.java:1605)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$AbstractCommand.execute(JavaApplicationProxy.java:1488)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.execute(JavaApplicationProxy.java:1028)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.execute(JavaApplicationProxy.java:859)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.sendDataAndProcessAction(JavaApplicationProxy.java:468)

  at com.sap.tc.webdynpro.portal.pb.impl.JavaApplicationProxyAdapter.sendDataAndProcessAction(JavaApplicationProxyAdapter.java:191)

  at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1668)

  at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:366)

  at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2094)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:251)

  at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:50)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

  at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)

  at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)

  at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:89)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

  at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

  at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

  at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)

  at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)

  at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)

  at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)

  at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)

  at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)

  at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:3050)

  at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:569)

  at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:862)

  at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

  at com.sun.proxy.$Proxy779.modifyEntityMappings(Unknown Source)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1266)

  ... 97 more

Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)

  at java.security.AccessController.checkPermission(AccessController.java:549)

  at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)

  ... 108 more

Accepted Solutions (0)

Answers (1)

Answers (1)

ChrisPS
Contributor
0 Kudos

Hello,
       recheck that the user has the UME.Spml_Write_Action - SPML is still used in release 7.3. The log still indicates that there is an authorization error.

Thanks,

Chris

former_member2987
Active Contributor
0 Kudos

Chris, where does UME.Spml_Write_Action - SPML get set?

Thanks,

Matt

former_member2987
Active Contributor
0 Kudos

Just figured it out

rondv
Advisor
Advisor
0 Kudos

All,

I just ran into this as well in a new IDM 7.2 SP9 install with NetWeaver AS JAVA 7.40SR2. You need to set up the technical user with SPML permissions as described in OSS note 1647157.

I used the standard Administrator user at first for the NW AS JAVA initial load which gave me the same error. I guess you can follow the note and add the permissions to the Administrator account, but this is probably what the security people are trying to tell you not to do, by having the SPML turned off now in new NW AS JAVA deliveries, so your best approach is the new technical user as proposed in the note. Once I did this, things we working fine. If the docs on the NW AS JAVA connector don't say anything about the SPML config and OSS note yet I guess I would ask SAP to add. If I just looked right over it, well then at least now we can also find some guidance in the community

Thanks also to this note in SCN.