Skip to Content
author's profile photo Former Member
Former Member

Creating a own delegated Userrole with permissions

Hi there,

in NWCE 7.1 i created a new own userrole.

This Useradmin have to administrate the users, assign roles to users and groups and assign groups to users.

But this useradmin may not assign the superadmin-, adminrole and the group Administrators.

So in my first step, I create a seperate role with UME Actions "Manage Groups, Manáge_Users, Manage Roles and Manage_Role_Assignments".

With these Actions I can´t assign any user to a normal UME-Group. Error in log below.

If I assign the UME-Action "JMXManageAll", the useradmin can assin all groups, incl. the admin-object that may not be allowed.

Can anyone give some hints, where I can set the right permissions?

Log:

com.sap.engine.services.jmx.exception.JmxSecurityException: Caller testadmin not authorized, required permission missing (javax.management.MBeanPermission -#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)

at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:95)

at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)

at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)

at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)

at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:2985)

at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:559)

at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:824)

at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

at $Proxy1871.modifyEntityMappings(Unknown Source)

at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1260)

at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:997)

at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

at $Proxy1872.modifyEntityMappings(Unknown Source)

at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1232)

at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:690)

at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:570)

at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:550)

at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:131)

at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:72)

at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:156)

at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:91)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:512)

at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52)

at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1549)

at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1363)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127)

at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:618)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:649)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingPortal(ApplicationSession.java:584)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:311)

at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:743)

at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:258)

at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:259)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127)

at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToDispatcherContext(ExecutionContextDispatcher.java:146)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104)

at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.dispatch(ApplicationHandle.java:275)

at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:71)

at com.sap.tc.webdynpro.portal.pb.impl.LocalApplicationProxy.sendDataAndProcessActionInternal(LocalApplicationProxy.java:962)

at com.sap.tc.webdynpro.portal.pb.impl.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java:297)

at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1638)

at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:361)

at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2062)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:220)

at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:52)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:512)

at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:52)

at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1549)

at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1363)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToApplicationDoProcessing(AbstractExecutionContextDispatcher.java:154)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForAppProcessing.doService(DispatchHandlerForAppProcessing.java:35)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127)

at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToApplicationDoProcessing(ExecutionContextDispatcher.java:114)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:80)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:618)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.dispatch(ApplicationSession.java:649)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:570)

at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:309)

at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:743)

at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:258)

at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:259)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:202)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.doService(DispatchHandlerForRequestManager.java:38)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.AbstractDispatchHandler.service(AbstractDispatchHandler.java:127)

at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:95)

at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToDispatcherContext(ExecutionContextDispatcher.java:146)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:92)

at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:104)

at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)

at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:61)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:140)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:37)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:486)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:298)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:396)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:385)

at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:48)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:76)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:243)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:78)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:43)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:42)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:428)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:247)

at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:115)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:96)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314)

Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)

at java.security.AccessController.checkPermission(AccessController.java:427)

at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)

... 124 more

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Aug 03, 2010 at 11:47 AM

    Hi

    Did you get an answer for this Query ?

    Regards

    Priyanka

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,

      I am trying to do the same thing in 7.01. We want to create a group that will host delegated admin users which will have access only to certain groups of users. Is that something that can be done? Can we use delegated_user_admin? How do we do this? Thanks

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.