Anonymous_User Absent Member.
Absent Member.
1333 views

UserApp 402: userapp account permission issues


I am setting up a new install of UserApp 402 application and driver as
well as the RBPM driver and components. I can log into the application
with my userapp2 account, the account I configured to be the admin
during the configupdate.sh, and when I navigate to Administration > RBPM
Provisioning and Security, on the left hand side I do not see the
Assignments and Permissions > Administrator Assignments button and when
I go to Administration > RBPM Provisioning and Security > Navigation
Access Permissions and try to change anything, I get "-An error occurred
processing the request. (User cn=USERAPP2,ou=IDM,ou=SVS,o=<commentedout>
has no rights to modify navigation item:
cn=WorkDashBoard,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=User_App,cn=ENTERPRISE,ou=IDM,ou=SVS,o=<commentedout>.-)

When I go to Roles and Resources and try to add a user to any of the
Roles, I get -Error: You are unauthorized for this operation-

After I log in with a non admin account, I get the message
-Provisioning application error:
Action: Application action
Error Message:
You do not have access rights to [menu-item] with id = [Work
Dashboard].-

And in the server log it shows -13:40:47,499 INFO [STDOUT] ERROR [RBPM]
[com.novell.srvprv.apwa.tag.StackTraceTag:doEndTag] You do not have
access rights to [menu-item] with id = [Work Dashboard].-

I have attempted to do as the docs suggest and re-run the
configupdate.sh and confirmed that my adminaccount of userapp2 is
selected for the admin for all of the roles, but I am obviously still
doing something wrong. Anyone have any ideas, either I have chosen
something wrong in the installation or I am missing on how to configure
the app. I have spent several days on this and cannot figure these
errors out. Thank you all in advance.


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

Labels (1)
0 Likes
9 Replies
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Some additional info, I was looking in my UserApp today and logged in
with my admin account under Work Dashboard> Request Status there are 9
requests that are running for my admin account.....requesting access to
all of the roles listed under Roles and Resources with the exception of
the Role Manager. Hope that sheds some more light on what is going on.
Thanks!


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Another update, I attempted to make the changes to the xmlData on my
admin account via console one and I kept getting an error when trying to
apply the modified XML, and account properties and re-opening....all of
my xmlData would be gone. I ended up performing the same steps using
iManager and everything worked fine. So......now there are 18 requests
under Work Dashboard> Request Status for my admin account 9 with the
date I first brought the driver online and then 9 with today's date
after making the xml change. I am still getting the permission messages
with my admin account as listed earlier; however I am no longer getting
the -You do not have access rights to [menu-item] with id = [Work
Dashboard]- message when logging in with a non-admin account. So some
progress has been made, just still don't know what to do to straighten
out my other issues as noted above with my admin account access. Thank
you in advance


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues

On 11/14/2013 03:17 PM, wferguson wrote:
>
> Another update, I attempted to make the changes to the xmlData on my
> admin account via console one and I kept getting an error when trying to
> apply the modified XML, and account properties and re-opening....all of
> my xmlData would be gone. I ended up performing the same steps using
> iManager and everything worked fine. So......now there are 18 requests
> under Work Dashboard> Request Status for my admin account 9 with the
> date I first brought the driver online and then 9 with today's date
> after making the xml change. I am still getting the permission messages
> with my admin account as listed earlier; however I am no longer getting
> the -You do not have access rights to [menu-item] with id = [Work
> Dashboard]- message when logging in with a non-admin account. So some
> progress has been made, just still don't know what to do to straighten
> out my other issues as noted above with my admin account access. Thank
> you in advance
>
>

Greetings,

1) In your RRSD there is a field for the User/Group container DN. If
that does not "cover" where your User App Admin is, that is why the
Roles were never assigned. This kind of configuration issue has been
covered a lot

2) If the time is off between the User Application and eDirectory the
Assignments will not happen.

3) If the RRSD is not running, then the Roles can not be assigned.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Thank you for the reply Steve,

In my RRSD configuration, my "User-Group base container DN" = [ROOT] and
then "User Application Identity" =
CN=USERAPP2,OU=IDM,OU=SVS,O=<OurTreeName>

So my admin account is not in the same container by no means, but my
admin container is under my user-group container as described in the
above sentence. Will this not work?


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues

On 11/19/2013 04:14 PM, wferguson wrote:
>
> Thank you for the reply Steve,
>
> In my RRSD configuration, my "User-Group base container DN" = [ROOT] and
> then "User Application Identity" =
> CN=USERAPP2,OU=IDM,OU=SVS,O=<OurTreeName>
>
> So my admin account is not in the same container by no means, but my
> admin container is under my user-group container as described in the
> above sentence. Will this not work?
>
>

Greetings,

1) If you User & Groups are under OU=SVS,O=<OurTreeName>

2) If the UserApp Admin is CN=USERAPP2,OU=IDM,OU=SVS,O=<OurTreeName>

If the above 2 points are correct, then the RRSD should be set to look
at OU=SVS,O=<OurTreeName>



--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Awesome!! Thank you very much Steve, I changed my RR driver config to
point to OU=SVS,O=<OurTreeName>, deployed that change and went through
the procedure below. Then I logged into userapp with my admin account
and all of my admin role assignments were completed. Thanks again
Steve!

1. Stop everything
* User Application
* User Application Driver
* Role and Resource Service Driver
2. Edit the User Application driver using iManager
* Find the object appconfig -> appdefs -> configuration
o xmldata attribute content is what is needed
3. Copy the text from the xmldata attribute into a text editor
4. Find the property com.novell.idm.security.domain-admin.initialized
* Delete the entire property, everything between the property
element tags
5. Paste the changed text back into the attribute data
6. If there are requests that have no completed, delete these objects
under the User Application driver
7. Start everything, in this order
1. User Application
2. User Application driver
3. Role and Resource Service driver


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Tacking something onto the end of this thread....all was fine until I
started modifying the Container Pages....I have now modified my Admin
Container Page to the point where I can no longer see any of the tabs
under Administration....such as Page Admin, RBPM Provisioning Admin.

Is there a way to fix this?

Thank you,


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues

On 11/20/2013 04:18 PM, wferguson wrote:
>
> Tacking something onto the end of this thread....all was fine until I
> started modifying the Container Pages....I have now modified my Admin
> Container Page to the point where I can no longer see any of the tabs
> under Administration....such as Page Admin, RBPM Provisioning Admin.
>
> Is there a way to fix this?
>
> Thank you,
>
>

Greetings,
The quick fix is to:

1) Stop JBoss
2) Connect into the database server you are using and delete the
idmuserappdb
3) recreate the database idmuserappdb
4) Start JBoss
The tables will be recreated during start-up.

There is a section in the Administration Guide about re-creating your
database tables.



--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: UserApp 402: userapp account permission issues


Worked perfectly Steve, you are very helpful! I redeployed my UserApp
and RR driver before I made this post in hopes of that fixing my
problem, but all along I needed to recreate the database. Thanks again
and now all of my tabs are present.:D


--
wferguson
------------------------------------------------------------------------
wferguson's Profile: https://forums.netiq.com/member.php?userid=360
View this thread: https://forums.netiq.com/showthread.php?t=49218

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.