cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Keystore Permission

Go to solution
Former Member

on ‎07-06-2008 5:24 PM

0 Kudos

Hi gurus,

can any one tell me how can i change keystore permission in portal.?????

becoz i could not download the certficate in portal.

it gives me a error like

"plz check the permission of keystore??"

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-08-2008 6:53 PM
0 Kudos

Hello. Try to read

Tomorrow on work i'm check also one thing, if this link doesn't help you. Also good if you read how you can add points to helpful answers on this forum like (2,6,10). Regards.

Show replies
Show replies
Former Member
‎07-08-2008 11:58 PM
0 Kudos

check my first post for administrator role . It only should help you.

search for the roles * administrator* and findout administrator role realted to java and assign that role to your userid.

Koti Reddy

Answers (4)

Answers (4)

Former Member
‎07-08-2008 5:32 PM
0 Kudos

hi Gurus,

my installtion type is JAVA...

EP 7

can any one tell me how to assign J2EE_admin role to admin its a selly question but i could not find J2EE admin role when i modify the administrator user and trying to assign role like

user administrator>search user->modify the user>asign role

now when i m search the available role then it could not see the j2ee_role in it...help

Show replies
Show replies
Former Member
‎07-08-2008 5:57 PM
0 Kudos

Hey Vipul,

Try modifying your search,

Try J2EE* or J2EE_ADMIN.

Hope this helps.

Cheers,

Sandeep Tudumu

Former Member
‎07-08-2008 6:24 PM
0 Kudos

Hi Vipul,

AS you have mentioned that you installation is JAVA< assign ur user the Administrator group and then check.

Regards

Deb

Former Member
‎07-08-2008 7:09 PM
0 Kudos

Vipul

if you search for j2ee_admin u will NEVER find it....i dont understand why you are advised to search for it ???

perhaps reading more can help...

check this link

http://help.sap.com/saphelp_nw70/helpdata/EN/23/fa1f1e5f6841cf92c64dc19d79f290/content.htm

Former Member
‎07-09-2008 5:35 AM
0 Kudos

I'm can't edit my last post, therefore i'm continue. As you can say you have AS JAVA only. The "Standard User Groups" for this http://help.sap.com/saphelp_nw70/helpdata/EN/38/116e424925c253e10000000a1550b0/frameset.htm

For AS Java database: Group Administrators --> "Contains all the users that have unrestricted administrative privileges on the AS Java." It by default,but some times need to check this.

For this try:

1) Go to Visual administrator http://help.sap.com/saphelp_nw70/helpdata/EN/23/fa1f1e5f6841cf92c64dc19d79f290/content.htm

2) Navigate :Server --> Services --> Security Provider (by default you are in "Runtime" --> "Policy Configurations" --> "Authentication" change to "Security Roles" , after check the

"KeystoreAdministrator", "KeystoreViewsCreator", "administrators" check the "Groups" by default you will see "Administrators" here (for example under "all" are "everyone"). If you cant

see try to add, or directly add your User in "Users".

3) After check are your User in UME in Group Administrators .

After changes if it not work try to restart the JAVA.

Regards.

Former Member
‎07-11-2008 10:17 AM
0 Kudos

hi Sergo Beradze,

can u explain how can i achive third step,

3)After check are your User in UME in Group Administrators .

and still i am not able to download the certificate

i assign my user to administrator group.i done all the procedure u told..but still i m not able to download it.

thanks..

Former Member
‎07-11-2008 10:25 AM
0 Kudos

Hello. What you see in "KeystoreAdministrator", "KeystoreViewsCreator", "administrators" (under Groups) in VA ?

Former Member
‎07-12-2008 12:25 PM
0 Kudos

hi,

i see keystoreadministrator s.role has administrator in group.

same KeystoreViewsCreator s.role has administrator in group.

it is allready there..even though i restrat my server..

but it still not working

my portal administrator user also assigned in administrator group.

wat is the problme??

regards

vipul a kapadia

Former Member
‎07-12-2008 6:30 PM
0 Kudos

Hello. Are you try in VA in "KeystoreAdministrator", "KeystoreViewsCreator", "administrators" directly add your users account under USER ? Also for testin try to add Superadministrator role for your user. Regards.

Former Member
‎07-14-2008 6:13 PM
0 Kudos

hello sir,

yes i directly add my user to keystoreAdministrator and keystoreviewcreator and administrators using visual composer(go.bat)... in portal i also assign superadmin role to my user...

is there any way to create j2ee_admin role in portal????

Former Member
‎07-14-2008 6:22 PM
0 Kudos

I hope you mean Visual Admin and not visual composer ....

you cannot create j2ee_admin since you have a java installation !!

Find out who installed the Portal server and ask him/her to export the portal certificate from the visual admin rather thatn going thru the keystore admin in the portal...that can help.........

Former Member
‎07-15-2008 6:45 AM
0 Kudos

Vipul,

Step 1:

Go to Visual Admin : Server->Services->security

provider->user management (tab)->group (tab) and press the search

button.

The following groups must reside:

Administrators, Anonymous Users, Authenticated Users, Everyone, Guests

If some group is missing, please create it by pressing Create group

button. You just need to specify the name.

Step 2:

Please go to Users tab and press search button. The users Administrator

and Guest must reside. If not so, please create the missing user(s).

Step 3:

Press Create User button, specify the name some initial password,

confirm it, press Search button in Groups tab, and select as follow:

For Administrator user: Administrators, Authenticated Users, Everyone

For Guest user: Anonymous Users, Everyone, Guests

Multiple select is available when pressing Ctrl button while selecting.

So now please map users/groups to j2ee roles.

Step 4:

Go to Policy Configuration (tab), select the following components, and

map the following security roles:

SAP-J2EE-Engine

KeystoreAdministrator - Security Role - Groups: Administrators

KeystoreViewsCreator - Security Role - Groups: Administrators

administrators - Security Role - Groups: Administrators

all - Security Role - Groups: Everyone

guests - Security Role - Groups: Guests

Restart J2EE cluster again.

Step 5:

Also J2EE_ADMIN must be member of KeystoreAdministrator,

KeystoreViewsCreator and administrators roles.

You can access the global roles from the root policy configuration

(SAP-J2EE-Engine) in the Security Provider service.

Also check the "browse_keystore_view" role is granted to

the necessary actions about the "entry-actions" and "view-actions"

resources for the keystore-view.TicketKeystore policy configuration. If

not,Grant "browse_keystore_view" to "ALL" actions for the

"entry-actions" and "view-actions" resources.

Step 6:

Implement SAP Note 791649.This usually should resolve your

issue.

Step 7:

Check under the following location:

[JDK J2EE uses]\jre\lib\security

whether the following files are there:

  • cacerts

  • java.policy

  • java.security

If they are missing, please use the same JDK from another system

for example, and copy those files there.

Regards,

Karthick Eswaran

balraj_giduturi
Explorer
‎01-18-2010 7:33 PM
0 Kudos

Hello Karthick,

What should be "Mappings" for Security Roles "browse_keystore_view" & "view-creator" for Security Provider - Policy Configuration 'keystore-view.TicketKeystore'

If we delete the TicketKeystore view as per Note 791649, it is recreated after restarting the Instance.

The Security Roles "browse_keystore_view" & "view-creator" are assigned to 'keystore-view.TicketKeystore' Policy configuration. But there are no mapings to these two security roles.

Can any one suggest?

Former Member
‎07-08-2008 2:34 PM
0 Kudos

Hi gurus,I need your help in solving some strange behave of the portal, really strange.

I have user Administrator in our production, Im logged in with Administrator account and when i go to irj and then go to System Administration, System Configuration>Keystore Administration>Content ...Im not able to see the drop down menu with the certificates its saying "Could not access the keystore because of missing permissions. Make sure you have been assigned to the J2EE administrator role." in the alert log of the portal i see this strange error "Full Message Text

Source: java.security.AccessControlException: Access denied (java.lang.RuntimePermission addPermission); Description: Code permissions for domainhttp://sap.com/irj/servlet_jsp/irj/root/web-i NF/portal/portalapps/com.sap.portal.usermanagement .admin/private/lib/com.sap.portal.usermanagement.a dm in_core.jar and keystore operation {GET_VIEW TicketKeystore } are not granted; Consequences: domain http://sap.com/irj/servlet_jsp/irj/root/web-inf/por tal/portalapps/com.sap.portal.usermanagement.admin /private/lib/com.sap.portal.usermanagement.admin_c or e.jar has not code permission to execute keystore operation {GET_VIEW TicketKeystore }]; Countermeasures:check log for details[". Which means that this domain is not granted in VA, which is not true because I have checked and everything is granted! On DEV and QAS this working on PROD its not working. I have try almost everything and im about to open a SAP OSS message about it but first I would like to see your opinion on this matter. So some answers like "Please export from VA", "Check if the domain is granted", "Check the groups and roles"... please dont ask me aobut this thingz because I have already done them triple! So everything seems to be in order but its not ..its still keep on saying this that i dont have permissions!! Permissions on OS level are OK!

Show replies
Show replies
Former Member
‎07-08-2008 2:55 PM
0 Kudos

Vipul,

Its very simple, as suggested in my previous post, assign yourself a J2EE_ADMIN role and your issue is resolved.

Cheers,

Sandeep Tudumu

Former Member
‎07-08-2008 3:08 PM
0 Kudos

If the installation type is JAVA only then you need to have the Administrator role permissions.

If it is a ABAP+JAVA installation only then you advice to use the J2EE_ADMIN ....

Since Vipul has not mentioned about his installation type J2EE_ADMIN would probably not help him solve the issue...

Former Member
‎07-07-2008 5:55 AM
0 Kudos

Hi Vipul,

If you are a user administrator, then assign yourself a J2EE_ADMIN role, and you can download the certificate.

Else you can ask your admin to assign himself this role and download if for you.

Hope this helps.

Cheers,

Sandeep Tudumu

Show replies
Show replies
Former Member
‎07-06-2008 11:12 PM
0 Kudos

ask your basis guy to give permission of "administrator role "

to access kaystore administration.

check the below link

http://help.sap.com/saphelp_nw04s/helpdata/en/3f/c890769c874b41b086e22aa553c565/frameset.htm

I hope this resolves your issue.

reward points if it is helpful

Koti Reddy

Show replies
Show replies
Ask a Question