cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

com.sapportals.portal.pcd.gl.PermissionControlException: Access denied

Go to solution
Lukas_Weigelt
Active Contributor

on ‎09-21-2011 2:37 PM

0 Kudos

Hi guys,

Problem:

our basis team has recently swapped our JRE in our Development Portal with the oh-so-glorious SAP JVM4. Seeing the portal went completely haywire and nothing worked anymore, we've reverted back to JRE. Now there's a strange permission error persisting which I can't get rid of and don't understand what it's originating from.

The error occurs when I access any JAVA iView which has FPMs with a Test user having only Enduser permissions. With my Super-Admin user, it all works out. Here are the relevant snippets from the nwa error log (before this error, two more fatal errors are thrown which aren't shown in default trace they apparently cannot be handled; Message is "n/a"):

null 
[EXCEPTION]
 com.sap.xss.config.FPMConfigurationException: Read of object with ID portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.de/com.sap.pct.erp.srvconfig.bank/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.per_bank_de failed.
	at com.sap.xss.config.pcd.PcdObjectBroker.retrieveObjectInternal(PcdObjectBroker.java:92)
	at com.sap.xss.config.pcd.PcdObjectBroker.retrieveObject(PcdObjectBroker.java:47)

	at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
	at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.de/com.sap.pct.erp.srvconfig.bank/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.per_bank_de)
	at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
	at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
	at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)

System Information:

Backend: ECC 6.0 EHP 4 Stacks are on 8

Portal: Netweaver 7.01 Stacks are on 9 (this one missmatch isn't problematic and irrelevant here)

BPs:

sap.com BP_ERP5ASS 1.0 SP18

sap.com BP_ERP5COM 1.41 SP8

sap.com BP_ERP5ESS 1.41 SP9

sap.com BP_ERP5MSS 1.41 SP9

XSS JAVA COmponents:

sap.com SAP_ESS 603 SP8

sap.com SAP_MSS 600 SP19

sap.com SAPPCUI_GP 603 SP8

What I tried so far:

I've compared every known relevant setting as in Portal Roles, R3-Permissions, Portal Permissions on Objects, whether Services are active or corrupted in WebDynpro Administrator, Permissions on FPMs in SelfService-Admin. Everything is equal with our Quality Management System. And there, everything works fine with the exact same user...

It obviously has to do something with Portal Permission Control but as far as I am concerning, everything is maintained correctly and the settings have not been changed for ages....

I'm grateful for any help...

best regards, Lukas

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-21-2011 2:52 PM
0 Kudos

Hi Lucas,

End user permission is good enough.

Make sure the test user is having permission to the content. Double check the FPM apps, FPM views and the iViews, pages,worksets and roles has the end user permission.

You said its working for Administrator,looks like for test user the permission is missing, so ur getting the error.

Check the user groups to which this user belongs has permission or not.

I would suggest to assign the end users permissions(readonly) to all the ESS and MSS employee user groups for the entire portalContent.

Regards

Yugandhar Reddy

Show replies
Show replies
Lukas_Weigelt
Active Contributor
‎09-21-2011 3:21 PM
0 Kudos

Hi Yugandhar,

Every user in our R3 system is an authenticated user, authenticated users is mapped in portal with pcd:portal_content/every_user/general/eu_core_role, so all users have this role.

All authenticated users have Read-Permissions on the entire "Content Provided by SAP" Folder. All folders below inherit the permissions from this folder, also the FPM-Application folder for the respective services which fail (com.sap.pct.erp.srvconfig.per_bank_de in my example log).

The same configuration is set up on our QS-System and there, with the exact same user, it works.

regards, Lukas

Former Member
‎09-21-2011 3:38 PM
0 Kudos

Looks there were changes in JRE, good that system is checking for permissions.

Check and confirm if eu_core_role is having end user permission for this or not.

portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.de/com.sap.pct.erp.srvconfig.bank/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.per_bank_de

Former Member
‎09-21-2011 3:44 PM
0 Kudos

Also temporarily add ur test user id and assign the end user permissions to the com.sap.pct.erp.srvconfig.per_bank_de.

Lets see if this error goes off.

Lukas_Weigelt
Active Contributor
‎09-22-2011 9:40 AM
0 Kudos

I could solve the issue, pretty weird one:

The FPMs were inheriting their RO-Permission from "Content provided by SAP" the folder srvconfig, though, was lacking the RO-permission for authenticated users and it said inheritance would be suspended from here on. Still the FPMs applications had the RO-permission inherited from "Content provided by SAP"... This looked unlcean to me so I revoked the whole permission-structure for "Content provided by SAP" and below and assigned RO-Permission for end users to this folder again. Then, everything inherited everything correctly...

Still, this whole situation is a bit unsatisfactory because I can't reconstruct how the permission tree could have been corrupted this bad..

Thanks a lot for the assistance Yugandhar!

@Siddarth, thx for pointing out J2EE Logon procedure, wasn't relevant here but I didn't know of it yet, might come in handy

regards, Lukas

Answers (1)

Answers (1)

siddharthrajora
Product and Topic Expert
Product and Topic Expert
‎09-21-2011 5:41 PM
0 Kudos

http://help.sap.com/saphelp_nw70ehp2/helpdata/de/5e/473d4124b08739e10000

000a1550b0/frameset.htm

Show replies
Show replies
Ask a Question