Skip to Content

com.sapportals.portal.pcd.gl.PermissionControlException: Access denied

Hi guys,

Problem:

our basis team has recently swapped our JRE in our Development Portal with the oh-so-glorious SAP JVM4. Seeing the portal went completely haywire and nothing worked anymore, we've reverted back to JRE. Now there's a strange permission error persisting which I can't get rid of and don't understand what it's originating from.

The error occurs when I access any JAVA iView which has FPMs with a Test user having only Enduser permissions. With my Super-Admin user, it all works out. Here are the relevant snippets from the nwa error log (before this error, two more fatal errors are thrown which aren't shown in default trace they apparently cannot be handled; Message is "n/a"):

null 
[EXCEPTION]
 com.sap.xss.config.FPMConfigurationException: Read of object with ID portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.de/com.sap.pct.erp.srvconfig.bank/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.per_bank_de failed.
	at com.sap.xss.config.pcd.PcdObjectBroker.retrieveObjectInternal(PcdObjectBroker.java:92)
	at com.sap.xss.config.pcd.PcdObjectBroker.retrieveObject(PcdObjectBroker.java:47)

	at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
	at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.de/com.sap.pct.erp.srvconfig.bank/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.per_bank_de)
	at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
	at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
	at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)

System Information:

Backend: ECC 6.0 EHP 4 Stacks are on 8

Portal: Netweaver 7.01 Stacks are on 9 (this one missmatch isn't problematic and irrelevant here)

BPs:

sap.com BP_ERP5ASS 1.0 SP18

sap.com BP_ERP5COM 1.41 SP8

sap.com BP_ERP5ESS 1.41 SP9

sap.com BP_ERP5MSS 1.41 SP9

XSS JAVA COmponents:

sap.com SAP_ESS 603 SP8

sap.com SAP_MSS 600 SP19

sap.com SAPPCUI_GP 603 SP8

What I tried so far:

I've compared every known relevant setting as in Portal Roles, R3-Permissions, Portal Permissions on Objects, whether Services are active or corrupted in WebDynpro Administrator, Permissions on FPMs in SelfService-Admin. Everything is equal with our Quality Management System. And there, everything works fine with the exact same user...

It obviously has to do something with Portal Permission Control but as far as I am concerning, everything is maintained correctly and the settings have not been changed for ages....

I'm grateful for any help... 😔

best regards, Lukas

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Sep 21, 2011 at 01:52 PM

    Hi Lucas,

    End user permission is good enough.

    Make sure the test user is having permission to the content. Double check the FPM apps, FPM views and the iViews, pages,worksets and roles has the end user permission.

    You said its working for Administrator,looks like for test user the permission is missing, so ur getting the error.

    Check the user groups to which this user belongs has permission or not.

    I would suggest to assign the end users permissions(readonly) to all the ESS and MSS employee user groups for the entire portalContent.

    Regards

    Yugandhar Reddy

    Add comment
    10|10000 characters needed characters exceeded

    • I could solve the issue, pretty weird one:

      The FPMs were inheriting their RO-Permission from "Content provided by SAP" the folder srvconfig, though, was lacking the RO-permission for authenticated users and it said inheritance would be suspended from here on. Still the FPMs applications had the RO-permission inherited from "Content provided by SAP"... This looked unlcean to me so I revoked the whole permission-structure for "Content provided by SAP" and below and assigned RO-Permission for end users to this folder again. Then, everything inherited everything correctly...

      Still, this whole situation is a bit unsatisfactory because I can't reconstruct how the permission tree could have been corrupted this bad..

      Thanks a lot for the assistance Yugandhar! 😊

      @Siddarth, thx for pointing out J2EE Logon procedure, wasn't relevant here but I didn't know of it yet, might come in handy 😉

      regards, Lukas

  • Sep 21, 2011 at 04:41 PM
    Add comment
    10|10000 characters needed characters exceeded