Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

User not authorized exception on starting GP via API

Hi all!

I'm struggling starting a GP using the GP api. By using Administrator for both initiator and action user it works. I want a normal user to be initiator of the process rather than an admin, with another john doe being the processor of the first action of the GP. Default roles are set accordingly.

The exception I get when trying to start the GP is:

[code]

ApprovalAndTranslationService GPInvocationException on invoking process: com.sap.caf.eu.gp.exception.api.GPInvocationException: Your are not authorized to start the given process.

at com.sap.caf.eu.gp.exception.impl.ExceptionUtil.convertTo(ExceptionUtil.java:102)

at com.sap.caf.eu.gp.process.rt.impl.GPRuntimeManager.startProcess(GPRuntimeManager.java:150)

at com.xxx.util.ManageGP.startGP(ManageGP.java:94)

at com.xxx.ApprovalAndTranslation.startApproval(ApprovalAndTranslation.java:219)

at com.xxx.ApprovalAndTranslation.received(ApprovalAndTranslation.java:175)

at com.sapportals.wcm.util.events.EventSenderThread.run(EventSenderThread.java:85)

[/code]

The user in question has both the roles GP User and GP Runtime WC.

Strange thing is: When I'm trying to start the GP manually through the GP runtime with this user, its template doesn't even show up. The example timeoff process template does. If I add the GP Super User role to the User's role list, the template appears and the process can be started. Since I couldn't find a single difference between the time off process' template settings and mine, I'm clueless.

Nevertheless, the start via API fails with the above exception even with GP Super User.

Here's the code I'm using:

[code]

private void startApproval(IResource resource)

throws AccessDeniedException, ResourceException, NotSupportedException, UMException {

// Get logged in user. He is the initiator of the approval workflow

IAuthentication authentication = UMFactory.getAuthenticator();

// Initiator of process

IUser initiatorUser = authentication.getLoggedInUser();

IUser approvalUser = UMFactory.getUserFactory().getUserByLogonID("Administrator");

// First check if approval is necessary for publishing

IProperty approvalRequired =

resource.getProperty(

new PropertyName(

"http://www.xxx.com/xmlns/xxx",

"prp_approval_required"));

if (approvalRequired != null && approvalRequired.getBooleanValue()) {

logger.info(

TYPE + " - Approval required, starting workflow (GP)... ");

if (ManageGP

.startGP(

ApprovalAndTranslation.APPROVALGPID,

initiatorUser,

approvalUser,

"Approve article",

"Please approve the changed article.",

ApprovalAndTranslation.DOCROOT + resource.getAccessRID().toString())) {

logger.info(TYPE + " - workflow started. Check user's inbox.");

} else {

logger.warning(

TYPE + " - approval workflow start failed. Check logs.");

}

} else {

logger.warning(TYPE + " - Approval flag either not set or false.");

}

}

[/code]

and for ManageGP.startGP():

[code]

public static boolean startGP(

String processid,

IUser initiator,

IUser destinator,

String name,

String description,

String uri) {

try {

logger.info(

ApprovalAndTranslation.TYPE

+ "Input parameter of startGP are: \n"

+ " process ID: " + processid

+ " GP initiator: " + initiator

+ " GP destinator: " + destinator

+ " GP name: " + name

+ " GP desc: " + description

+ " Resource URI: " + uri

);

// Do I need an GP Admin or Business Export to get to the template?

IGPUserContext userContext =

GPContextFactory.getContextManager().createUserContext(

destinator);

// obtain the process template

IGPProcess process =

GPProcessFactory.getDesigntimeManager().getActiveTemplate(

processid,

userContext);

// retrieve the Runtime Manager

IGPRuntimeManager rtm = GPProcessFactory.getRuntimeManager();

// create an empty role assignment list

IGPProcessRoleInstanceList roles =

rtm.createProcessRoleInstanceList();

// get the process role number

int rolenum = process.getRoleInfoCount();

IGPStructure params =

GPStructureFactory.getStructure(process.getInputParameters());

if (process.getID().equals(ApprovalAndTranslation.APPROVALGPID)){

params.setAttributeValue("url", uri);

}

logger.info(

ApprovalAndTranslation.TYPE

+ " Initiating process instance...");

// initiate the process template by passing the process template

IGPProcessInstance prInstance = rtm.startProcess(

process,

// a name,

name,

// a description,

description,

// initiator

initiator,

// the role assignments,

roles,

// the input parameters

params,

// and the user actually executing this action

destinator);

logger.info(

ApprovalAndTranslation.TYPE

+ " Guided Procedure started: ID = "

+ process.getID()

+ ", "

+ process.getTitle());

} catch (GPInvocationException e) {

logger.severe(

ApprovalAndTranslation.TYPE

+ " GPInvocationException on invoking process: "

+ e.getStackTraceString());

return false;

} catch (GPEngineException e) {

logger.severe(

ApprovalAndTranslation.TYPE

+ " GPEngine-Exception thrown: "

+ e.getStackTraceString());

return false;

}

return true;

}

[/code]

The GP has two custom roles: <i>Chefredaktion</i> is set by default role and <i>Anforderer</i> as Initiator.

I tried setting permissions on the process template but without success. Curently set is Administrator FULL CONTROL and Authenticated Users INITIATE.

The parameters for startGP are as follows:

[code]

Date : 10/07/2007

Time : 14:54:55:468

Message : ApprovalAndTranslationServiceInput parameter of startGP are:

process ID: E6A20F7065C711DCA096000C2973BF29 GP initiator: Transient data:

No transient data set.

Persistent data:

***************************************************************************

  • com.sap.security.core.persistence.imp.PrincipalDatabag Sun Oct 07 14:54:55 CEST 2007

  • UniqueID: USER.PRIVATE_DATASOURCE.un:eeditor

  • Type: USER

  • Home data source: PRIVATE_DATASOURCE

  • Private id part: un:eeditor

*

  • Principal exists.

*

  • Direct parents:

  • GRUP: GRUP.PRIVATE_DATASOURCE.un:EASYWCM_SITE_ADMINS

  • GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE

  • GRUP.PRIVATE_DATASOURCE.un:EASYWCM_SITE_CREATORS

  • GRUP.PRIVATE_DATASOURCE.un:SITE_com.xxx.Brueckenmaut_ADMINS

  • GRUP.PRIVATE_DATASOURCE.un:EASYWCM_STRUCTURE_EDITORS

  • GRUP.SUPER_GROUPS_DATASOURCE.AUTHENTICATED_USERS

  • ROLE: ROLE.PCD_ROLE_PERSISTENCE.vZKylJ82NqeU1jfIi3fqR2LGnS0=

  • ROLE.PCD_ROLE_PERSISTENCE.BzJ3y5sdwPbElwd6htBicFD6VD8=

  • ROLE.PCD_ROLE_PERSISTENCE.3YkTQO9iTgg759SvEJB3n5sHO1w=

  • ROLE.PCD_ROLE_PERSISTENCE.v7ZCJcKbXShp4ZutczWpPy7AZHs=

  • ROLE.PCD_ROLE_PERSISTENCE.55edQyAiHuvuuJ+a0YFZhJsf8qE=

  • ROLE.PCD_ROLE_PERSISTENCE.s0p1mj1tVC/ZV76DGgpXvYoeoag=

  • ROLE.PCD_ROLE_PERSISTENCE.cn336ye+LKtZVoEkw17jdslcFq8=

  • ROLE.PCD_ROLE_PERSISTENCE.512LrRIne1KQwLbT7Cvbf7UkGlg=

  • ROLE.PCD_ROLE_PERSISTENCE.djgwuIRZREpqOahoZeoRFNHicKc=

  • ROLE.PCD_ROLE_PERSISTENCE.ZYwugJesRX+ozSQC/qhtBzm3Arg=

  • ROLE.PCD_ROLE_PERSISTENCE.JmMG22C6aOdxrJFWO1LT7llQOlg=

  • ROLE.PCD_ROLE_PERSISTENCE.g1Zt76403uYl52jobgOy1r/pzgA=

  • ROLE.PCD_ROLE_PERSISTENCE.1pZ0e75EvBY+dMA/YNqDGABO6H0=

  • ROLE.PCD_ROLE_PERSISTENCE.xeCEqPIkZAxm3zPFuE4RbT+5AzQ=

  • ROLE.PCD_ROLE_PERSISTENCE.Gg5NfmOZunGgA/t5NVgCjG2Lrkw=

  • ROLE.PCD_ROLE_PERSISTENCE.6MTMcIhEZnarUD94bAbAscmFHng=

  • "com.sap.security.core.usermanagement"|->"accessibilitylevel" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"unlockdate" (no time limit)="Oct 2, 2007 2:27:37 PM","en"

  • "com.sap.security.core.usermanagement"|->"uniquename" (no time limit)="eeditor"

  • "com.sap.security.core.usermanagement"|->"lockmessage" (no time limit)="Test asdasfa"

  • "com.sap.security.core.usermanagement"|->"lockperson" (no time limit)="USER.PRIVATE_DATASOURCE.un:Administrator"

  • "com.sap.security.core.usermanagement"|->"salutation" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"displayname" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"CREATED_BY" (no time limit)="Administrator"

  • "com.sap.security.core.usermanagement"|->"APPROVAL_REQUEST_COMPANYID" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"company" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"lastname" (no time limit)="Editor"

  • "com.sap.security.core.usermanagement"|->"locale" (no time limit)="de"

  • "com.sap.security.core.usermanagement"|->"unlockperson" (no time limit)="USER.PRIVATE_DATASOURCE.un:Administrator"

  • "com.sap.security.core.usermanagement"|->"PRINCIPAL_CREATION_DATE" (no time limit)="0001185455168304"

  • "com.sap.security.core.usermanagement"|->"unlockmessage" (no time limit)="test 2342342343"

  • "com.sap.security.core.usermanagement"|->"PRINCIPAL_MODIFY_DATE" (no time limit)="0001191328057593"

  • "com.sap.security.core.usermanagement"|->"firstname" (no time limit)="Karl"

  • "com.sap.security.core.usermanagement"|->"email" (no time limit)="juergen.wahlmann@mt-ag.com"

  • "com.sap.security.core.usermanagement"|->"lockReason" (no time limit)="0"

  • "$serviceUser$"|->"SERVICEUSER_ATTRIBUTE" (no time limit)=

  • "http://sapportals.com/xmlns/cm"|->"ClipboardRID" (no time limit)=

  • "http://sapportals.com/xmlns/cm"|->"PortalFavoritesInHEri2g/LTFtHDEm/VbPwYIVIo=" (no time limit)=

  • "com.sap.portal.dsm"|->"DebugControlFlag" (no time limit)=

  • "com.sap.tc.webdynpro"|->"debugParameters" (no time limit)=

  • "$usermapping$"|->"ep6_sl_alias:0c1acb277c028199c3d54b1547d0da5e" (no time limit)=

  • "$usermapping$"|->"ep6_sl_alias:7541329a70a4fb801958a10f1ab739f0" (no time limit)=

  • "com.sapportals.portal.navigation"|->"uipmode" (no time limit)=

  • "com.sap.portal.aidebug"|->"AppIntegratorDebugMode" (no time limit)=

***************************************************************************

GP destinator: Transient data:

No transient data set.

Persistent data:

***************************************************************************

  • com.sap.security.core.persistence.imp.PrincipalDatabag Sun Oct 07 14:54:55 CEST 2007

  • UniqueID: USER.PRIVATE_DATASOURCE.un:Administrator

  • Type: USER

  • Home data source: PRIVATE_DATASOURCE

  • Private id part: un:Administrator

*

  • Principal exists.

*

  • Direct parents:

  • GRUP: GRUP.PRIVATE_DATASOURCE.un:Chief Editor Group

  • GRUP.SUPER_GROUPS_DATASOURCE.EVERYONE

  • GRUP.PRIVATE_DATASOURCE.un:Administrators

  • GRUP.SUPER_GROUPS_DATASOURCE.AUTHENTICATED_USERS

  • ROLE: ROLE.PCD_ROLE_PERSISTENCE.VvlvkEGjiW9zPFaxR/4pd2/bX5Q=

  • ROLE.PCD_ROLE_PERSISTENCE.7qcAojLhLwjMz0hk0by9lhmRTTM=

  • ROLE.PCD_ROLE_PERSISTENCE.CIyjgBIbXiaFqtNWuDcIHcOWFwQ=

  • ROLE.PCD_ROLE_PERSISTENCE.ZYwugJesRX+ozSQC/qhtBzm3Arg=

  • ROLE.PCD_ROLE_PERSISTENCE.BzJ3y5sdwPbElwd6htBicFD6VD8=

  • ROLE.PCD_ROLE_PERSISTENCE.Tebd/Lyt41NnxNHxM5zp9TyR6j4=

  • ROLE.PCD_ROLE_PERSISTENCE.g1Zt76403uYl52jobgOy1r/pzgA=

  • ROLE.PCD_ROLE_PERSISTENCE.s0p1mj1tVC/ZV76DGgpXvYoeoag=

  • ROLE.PCD_ROLE_PERSISTENCE.512LrRIne1KQwLbT7Cvbf7UkGlg=

  • "com.sap.security.core.usermanagement"|->"accessibilitylevel" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"uniquename" (no time limit)="Administrator"

  • "com.sap.security.core.usermanagement"|->"lockperson" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"salutation" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"displayname" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"CREATED_BY" (no time limit)="<systemuser>"

  • "com.sap.security.core.usermanagement"|->"company" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"APPROVAL_REQUEST_COMPANYID" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"locale" (no time limit)="en"

  • "com.sap.security.core.usermanagement"|->"lastname" (no time limit)="Administrator"

  • "com.sap.security.core.usermanagement"|->"unlockperson" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"PRINCIPAL_CREATION_DATE" (no time limit)="0001182856169625"

  • "com.sap.security.core.usermanagement"|->"PRINCIPAL_MODIFY_DATE" (no time limit)="0001190991126968"

  • "com.sap.security.core.usermanagement"|->"firstname" (no time limit)=

  • "com.sap.security.core.usermanagement"|->"email" (no time limit)="juergen.wahlmann@mt-ag.com"

  • "$serviceUser$"|->"SERVICEUSER_ATTRIBUTE" (no time limit)=

  • "http://sapportals.com/xmlns/cm"|->"PortalFavoritestH90zpQXu8M9/O7OZG+UO8iYi90=" (no time limit)=

  • "com.sap.portal.dsm"|->"DebugControlFlag" (no time limit)=

  • "com.sap.tc.webdynpro"|->"debugParameters" (no time limit)=

  • "$usermapping$"|->"ep6_sl_alias:0c1acb277c028199c3d54b1547d0da5e" (no time limit)=

  • "$usermapping$"|->"ep6_sl_alias:7541329a70a4fb801958a10f1ab739f0" (no time limit)=

  • "com.sapportals.portal.navigation"|->"uipmode" (no time limit)=

  • "com.sap.portal.aidebug"|->"AppIntegratorDebugMode" (no time limit)=

***************************************************************************

GP name: Approve article GP desc: Please approve the changed article. Resource URI: xxx

Severity : Info

Category :

Location : com.sap.portal.portal

Application : sap.com/irj

Thread : Thread[KM RF Event Sender: com.xxx.ApprovalAndTranslation,5,SAPEngine_Application_Thread[impl:3]_Group]

Datasource : 5390450:C:\usr\sap\MTE\JC00\j2ee\cluster\server0\log\defaultTrace.trc

Message ID : 000C2973BF2900900000001600000A6800043BE6A47F9A6C

Source Name : com.sap.portal.portal

Argument Objs :

Arguments :

Dsr Component : 192.168.136.130_MTE_5390450

Dsr Transaction : 4a15384074cb11dca147000c2973bf29

Dsr User : eeditor

Indent : 0

Level : 0

Message Code :

Message Type : 0

Relatives :

Resource Bundlename :

Session : 146

Source : com.sap.portal.portal

ThreadObject : Thread[KM RF Event Sender: com.xxx.ApprovalAndTranslation,5,SAPEngine_Application_Thread[impl:3]_Group]

Transaction :

User : eeditor

[/code]

I missed something for sure since it seems to be a permissions problem. Any idea what it might be?

Cheers,

Ju00FCrgen

Message was edited by:

Juergen Wahlmann

Former Member
Not what you were looking for? View more on this topic or Ask a question