I have started work on JasperServer community edition for my client.
The problem I face is
After creating a new role eg
"TEST_ROLE"
Creating a new user "LADY_GAGA" and
assigning the user role as
"TEST_ROLE"
I am getting an error that states
"You do not have permission to view
this page.
Please contact your system
administrator or log in as a user with
permission."
Please help. I have also assigned the role "TEST_ROLE" its properties such as read, write, delete, access. Am I doing something wrong while assigning or creating a role. You help would be greatly appreciated.
Thank you
Figured this one out !
Every user must be assigned a minimal role of "ROLE_USER" and then any other role created and defined by you.
I had the same problem, in http://www.jaspersoft.com/how-set-role-based-jasperserver-home-pages no explain assigned ROLE_USER .
That means that the management of permissions for the TEST_ROL are immune to ROL_USER, which means you can not have a personal ROLE
First of all set No Access permission to the ROLE_USER for all the folders and sub folders.
Now ROLE_USER is a role with no permission at all, but keep in mind that ROLE_USER should be assign to all users (new and old) for login purpose.
Create NEW_USER with NEW_ROLE but ROLE_USER also should be assigned to NEW_USER.
Give permission to NEW_ROLE as per your requirement. It will surely work.
However you will have to give Execute Only permission on all your data sources and input data types for NEW_ROLE to avoid Access is denied error. Please check and let me know.
Related
I am new to openidm and trying to explore options to remove roles from user once user status changes to terminated.
Is there any out of box feature available in Forgerock to do this ? Can you please help how to implement this solution
You can write a JavaScript that you can add to postUpdate (or onUpdate, but this will block the patch call during the removal) of the managed object. If you detect the change of the user status to the terminated state, you can query the roles the user is in and then loop over those to delete the user from each.
Some resources that might help you with listing roles and removing them:
Query a user's roles: https://backstage.forgerock.com/docs/idcloud-idm/latest/objects-guide/roles-over-rest.html#querying-user-roles
Delete user's roles:
https://backstage.forgerock.com/docs/idcloud-idm/latest/objects-guide/roles-over-rest.html#_over_rest
Scripts in managed object triggers:
https://backstage.forgerock.com/docs/idcloud-idm/latest/scripting-guide/script-triggers-managedConfig.html
How to use resources in IDM scripts:
https://backstage.forgerock.com/docs/idcloud-idm/latest/scripting-guide/scripting-func-ref.html
In my case, I want to create a new administration user who has full privileges, such as add/modify/delete entities and properties, on in a certain DN (and maybe its sub). According to the document, in the table of "Directory Data Administration", it seems that I can create it who can "Access to read and write to others' entries", but I don't know how to. Could anyone help please?
I found the solution is related to ACI. Thus, I can create a new admin entity in subtree of cn=config, and then add some aci properties to the certain DN which I want limit the admin to. It seems work to my case.
does anyone know which "Profile / Role" user allows changing the validity of lots/products when using MIGO tcode?
How can I denied specific users from doing it without the user-exit?
best regards
SOLVED. I have created a specific role and whoever has that role I use user-exit exit_sapmm07m_001 that display (e) message. Thanks, everyone
I'm using the intranet workflow to manage a site and I've created folders that are "internally published". One of our users has the owner role even though they are a member.
When I visit {mysite}/myfolder/the_item/manage_reportUserPermissions?user={USERID}
their roles in the context of a private object are reported as:
Authenticated
Member
*Owner*
Reader
The Owner role is concerning here and I need guidance on how to troubleshoot this issue, I'm not sure why this users is inheriting or acquiring this role.
Other users with the Member role are fine, meaning they have the the following roles in the same context mentioned above:
Authenticated
Member
Reader
Assumingly from what you describe, the user has created the item.
As default behaviour creators are set to be the owner of an item.
If the assumption is right, you have nothing to worry about.
Adding permissions to a role enables the given permission to all users in that role by default; this is something I want to avoid.
I want to be able to set permissions like "Booking: View own Bookings" at user level and not the role level.
Is there a module that already does this, or can someone give me some possible approaches or pseudo code of some kind?
Yes, there's the User Permissions module.
User Permissions provides an interface for giving additional permissions to individual users without the need to assign them to a special role. When this module is enabled, users with the 'administer permissions' permission can access the 'User Permissions' tab on each user's account.