on 07-06-2008 5:24 PM
Hi gurus,
can any one tell me how can i change keystore permission in portal.?????
becoz i could not download the certficate in portal.
it gives me a error like
"plz check the permission of keystore??"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Gurus,
my installtion type is JAVA...
EP 7
can any one tell me how to assign J2EE_admin role to admin its a selly question but i could not find J2EE admin role when i modify the administrator user and trying to assign role like
user administrator>search user->modify the user>asign role
now when i m search the available role then it could not see the j2ee_role in it...help
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Vipul
if you search for j2ee_admin u will NEVER find it....i dont understand why you are advised to search for it ???
perhaps reading more can help...
check this link
http://help.sap.com/saphelp_nw70/helpdata/EN/23/fa1f1e5f6841cf92c64dc19d79f290/content.htm
I'm can't edit my last post, therefore i'm continue. As you can say you have AS JAVA only. The "Standard User Groups" for this http://help.sap.com/saphelp_nw70/helpdata/EN/38/116e424925c253e10000000a1550b0/frameset.htm
For AS Java database: Group Administrators --> "Contains all the users that have unrestricted administrative privileges on the AS Java." It by default,but some times need to check this.
For this try:
1) Go to Visual administrator http://help.sap.com/saphelp_nw70/helpdata/EN/23/fa1f1e5f6841cf92c64dc19d79f290/content.htm
2) Navigate :Server --> Services --> Security Provider (by default you are in "Runtime" --> "Policy Configurations" --> "Authentication" change to "Security Roles" , after check the
"KeystoreAdministrator", "KeystoreViewsCreator", "administrators" check the "Groups" by default you will see "Administrators" here (for example under "all" are "everyone"). If you cant
see try to add, or directly add your User in "Users".
3) After check are your User in UME in Group Administrators .
After changes if it not work try to restart the JAVA.
Regards.
hi,
i see keystoreadministrator s.role has administrator in group.
same KeystoreViewsCreator s.role has administrator in group.
it is allready there..even though i restrat my server..
but it still not working
my portal administrator user also assigned in administrator group.
wat is the problme??
regards
vipul a kapadia
I hope you mean Visual Admin and not visual composer ....
you cannot create j2ee_admin since you have a java installation !!
Find out who installed the Portal server and ask him/her to export the portal certificate from the visual admin rather thatn going thru the keystore admin in the portal...that can help.........
Vipul,
Step 1:
Go to Visual Admin : Server->Services->security
provider->user management (tab)->group (tab) and press the search
button.
The following groups must reside:
Administrators, Anonymous Users, Authenticated Users, Everyone, Guests
If some group is missing, please create it by pressing Create group
button. You just need to specify the name.
Step 2:
Please go to Users tab and press search button. The users Administrator
and Guest must reside. If not so, please create the missing user(s).
Step 3:
Press Create User button, specify the name some initial password,
confirm it, press Search button in Groups tab, and select as follow:
For Administrator user: Administrators, Authenticated Users, Everyone
For Guest user: Anonymous Users, Everyone, Guests
Multiple select is available when pressing Ctrl button while selecting.
So now please map users/groups to j2ee roles.
Step 4:
Go to Policy Configuration (tab), select the following components, and
map the following security roles:
SAP-J2EE-Engine
KeystoreAdministrator - Security Role - Groups: Administrators
KeystoreViewsCreator - Security Role - Groups: Administrators
administrators - Security Role - Groups: Administrators
all - Security Role - Groups: Everyone
guests - Security Role - Groups: Guests
Restart J2EE cluster again.
Step 5:
Also J2EE_ADMIN must be member of KeystoreAdministrator,
KeystoreViewsCreator and administrators roles.
You can access the global roles from the root policy configuration
(SAP-J2EE-Engine) in the Security Provider service.
Also check the "browse_keystore_view" role is granted to
the necessary actions about the "entry-actions" and "view-actions"
resources for the keystore-view.TicketKeystore policy configuration. If
not,Grant "browse_keystore_view" to "ALL" actions for the
"entry-actions" and "view-actions" resources.
Step 6:
Implement SAP Note 791649.This usually should resolve your
issue.
Step 7:
Check under the following location:
[JDK J2EE uses]\jre\lib\security
whether the following files are there:
cacerts
java.policy
java.security
If they are missing, please use the same JDK from another system
for example, and copy those files there.
Regards,
Karthick Eswaran
Hello Karthick,
What should be "Mappings" for Security Roles "browse_keystore_view" & "view-creator" for Security Provider - Policy Configuration 'keystore-view.TicketKeystore'
If we delete the TicketKeystore view as per Note 791649, it is recreated after restarting the Instance.
The Security Roles "browse_keystore_view" & "view-creator" are assigned to 'keystore-view.TicketKeystore' Policy configuration. But there are no mapings to these two security roles.
Can any one suggest?
Hi gurus,I need your help in solving some strange behave of the portal, really strange.
I have user Administrator in our production, Im logged in with Administrator account and when i go to irj and then go to System Administration, System Configuration>Keystore Administration>Content ...Im not able to see the drop down menu with the certificates its saying "Could not access the keystore because of missing permissions. Make sure you have been assigned to the J2EE administrator role." in the alert log of the portal i see this strange error "Full Message Text
Source: java.security.AccessControlException: Access denied (java.lang.RuntimePermission addPermission); Description: Code permissions for domainhttp://sap.com/irj/servlet_jsp/irj/root/web-i NF/portal/portalapps/com.sap.portal.usermanagement .admin/private/lib/com.sap.portal.usermanagement.a dm in_core.jar and keystore operation {GET_VIEW TicketKeystore } are not granted; Consequences: domain http://sap.com/irj/servlet_jsp/irj/root/web-inf/por tal/portalapps/com.sap.portal.usermanagement.admin /private/lib/com.sap.portal.usermanagement.admin_c or e.jar has not code permission to execute keystore operation {GET_VIEW TicketKeystore }]; Countermeasures:check log for details[". Which means that this domain is not granted in VA, which is not true because I have checked and everything is granted! On DEV and QAS this working on PROD its not working. I have try almost everything and im about to open a SAP OSS message about it but first I would like to see your opinion on this matter. So some answers like "Please export from VA", "Check if the domain is granted", "Check the groups and roles"... please dont ask me aobut this thingz because I have already done them triple! So everything seems to be in order but its not ..its still keep on saying this that i dont have permissions!! Permissions on OS level are OK!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vipul,
If you are a user administrator, then assign yourself a J2EE_ADMIN role, and you can download the certificate.
Else you can ask your admin to assign himself this role and download if for you.
Hope this helps.
Cheers,
Sandeep Tudumu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
ask your basis guy to give permission of "administrator role "
to access kaystore administration.
check the below link
http://help.sap.com/saphelp_nw04s/helpdata/en/3f/c890769c874b41b086e22aa553c565/frameset.htm
I hope this resolves your issue.
reward points if it is helpful
Koti Reddy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.