When I logged in with the user who has non-admin security role the dashboard is not loading and browser will get hanged. But when I logged in with user who had Admin role its working good. So, whats the issue in this scenario..?
It seems a security issue. You will have to check the permissions for the role that the non-admin user has and check if there are limitations on the entity that is being displayed in the dashboard.
maybe this link will help you: http://www.dynamicscrmtrickbag.com/2011/07/15/dynamics-crm-2011-charts-and-dashboards-who-can-see-what/
Hope this will be helpfull
EDIT: Maybe another role conflicts with the one of system admin that might also be possible
Related
I have opensearch running and keycloak as oidc provider and I get this 403 error after login to opensearch:
{"statusCode":403,"error":"Forbidden","message":"no permissions for [indices:data/read/search] and User [name=demo.demo, backend_roles=[kibana_second], requestedTenant=null]: security_exception"}
As default we have "kibana_user" role which has "kibanauser" as backend role. If my oidc user "demo.demo" has "kibanauser" role attached to it, everything works fine and this user has permission to see dashboards, discover and index patterns.
User [name=demo.demo, backend_roles=[kibanauser]..]
But this role is dangerous to assign to every user because the user can delete an index pattern or change the global setting. I want to have the a role only to view dashboard and discover. At the first step, also i duplicated "kibana_user" role with the new name "kibana_user_copy" and mapped it to the new backend role created by me "kibana_second". The backend role was also attached it to my user in oidc provider. Means:
User [name=demo.demo, backend_roles=[kibana_second]..]
So far good, now as you see the error, my "demo.demo" user has new backend role and it has all permissions that "kibana_user" would have. (because "kibana_user_copy" is a duplicate of "kibana_user". What I'm wondering, all permissions are the same, only backend role is not predefined "kibanauser". But It doesn't work and I see only blank pages for dashboard and discover (403).
Has anyone an idea, what is missing here?
Thanks in advance
Issue was solved by adding tenancy to this duplicated role
Error:
This account is not authorized to access this site. To gain access to
the system, you will need to login with an account authorized to
access this site. For additional questions, please contact your system
administrator.
Oracle says "The user does not have any roles on the site".
Link:
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=469675110594161&id=1991585.1&displayIndex=2&_afrWindowMode=0&_adf.ctrl-state=tecmcxrrr_423#SYMPTOM
fwadmin was the only user which I had to access. Since I had shared my creds, someone might had changed roles.
When I checked userpublication table as mentioned in the link, it looks fine. Help me how to proceed.
As mentioned in the link, GeneralAdmin ACL for fwadmin was missing in the DB. Inserted a new row and restarted the managed server. Solved.
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=469675110594161&id=1991585.1&displayIndex=2&_afrWindowMode=0&_adf.ctrl-state=tecmcxrrr_423#SYMPTOM
We are using Sonhrqube 4.5 that is integrated into Google's oAuth sign-on. There are no issues with logging in (Authentication). Certain users have been provisioned with sonar-administrators role. But for some reason, the admin role keeps dropping for some users (leaves the user with sonar-users role). We have tried granting them admin access again, but it keeps happening. Also tried creating a brand new group and assigning that group to the user, but still same thing happens. Any thoughts? If you need any other information, let me know.
Just additional info, not sure if it matters - We are using the sonar-oauth-plugin from JCERTIFLab for integration with Google's signon/oauth. This plugin automatically creates users with default role - sonar-users.
Thanks in advance!
It turned out to be an issue with the Sonar plugin used for integration with google's Oauth. Every time a user is authenticated, permissions get overwritten. To overcome the problem temporarily, we predefined a list of users with admin access in the properties file.
Question is regarding the Dynamics CRM 2011. Let suppose for User 'A' we change the security role from 'SR1' to 'SR2'. But, when I login with User 'A', it still show all the access and priviliges of 'SR1'.
If after changing the security role from 'SR1' to 'SR2', then do 'IISReset' and login with User 'A'. Now User 'A' can have an access and priviliges of 'SR2'.
Why it is not working w/o 'IISReset'? Any idea.
Thanks in advance.
Have you tried clearing the browser cache after you switch the roles?
HI friends
i develop a application in ENSEMBLE [2009], in that i restrict some user to access all links except "Ensemble Management Portal" i done this by changing roles for that particular user as Home->securitymanagement->Users->Editusers->roles. But when i logged in in to the system managenet portal and change the namespace it's logged out , Again i try to login means i got the Error Access Denied , Please help me to find the solution
Thansk in advance
I think you just don't have enough privileges to access specific namespace. Just remove $NAMESPACE=something from URL when you try to login again.