| Applies To | |||
| Product(s): | Exor Core / Network Manager | ||
| Version(s): | 4300 onwards | ||
| Environment: | N/A | ||
| Area: | Login | ||
| Subarea: | N/A | ||
| Original Author: | Bentley Technical Support Group | ||
Problem
A user is unable to log on to Highways, getting the error message:
You do not have priviliges to perform this action.
In this case the first screen was set to be Locator on entry, rather than the Favourites.
Replication Steps
Just login to the application to reproduce the issue.
Solution
Log into sql*plus as the Highways owner user.
Taking NEWUSER as the user with the login problem use the following SQL
begin
nm3context.create_instantiate_user_trig(pi_new_trigger_owner => 'NEWUSER');
end;
/
This creates the missing trigger for the users with a problem.
Some users could still not log on on after doing this and still saw the error:
You do not have privileges to perform this action (when trying to log into the application - note first screen was Locator)
To test this, I created a new entry in formsweb.cfg on the application server to start with module hig1807.fmx (favourites) instead of Locator and users could all log on without any problems. However, whilst a user supposedly had access to the doc0150 (Public Enquiries) form via DOC_USER role, they didn't have privileges to select the form from the application . The module had the DOC_USER role assigned.
I deleted the 4 roles and reassigned to the sub user again through hig1832 form (Users). The problem remained accessing doc0150.
Logging into sql*plus as the failing user I tried:
select * from session_roles;
no rows returned !!
select * from session_privs;
returned rows as expected.
Repeated on a sub user without the issue.
select * from session_roles;
DOC_USER, ENQ_USER, NET_USER, HIG_USER returned.
select * from session_privs;
returned rows as expected.
I noticed that the default role was set to NO when the roles were reassigned in the Users form. All sub users with the same roles that worked had a YES here.
So I amended in the roles in TOAD, re-queried the user in TOAD and YES appeared in default role.
I believe the following would also achieve this:
as the Highways owner user in sql*plus:
alter user <username> DEFAULT ROLE hig_user;
alter user <username> DEFAULT ROLE net_user;
alter user <username> DEFAULT ROLE enq_user;
alter user <username> DEFAULT ROLE doc_user;
When the default role was YES, eveything worked ok. When logged into sql*plus as the previously failing user:
select * from session_roles;
DOC_USER, ENQ_USER, NET_USER, HIG_USER returned.
I am not sure why the default role assigned NO in the Users form instead of YES.
When I created a new user completely from scratch the default role had YES assigned for HIG_USER, ENQ_USER, DOC_USER, NET_USER.
After the change above the user could also log into Locator as default home page.
See Also
External Links
Bentley Technical Support KnowledgeBase
Comments or Corrections?
Bentley's Technical Support Group requests that you please confine any comments you have on this Wiki entry to this "Comments or Corrections?" section. THANK YOU!