User not set as Active.User is not granted connect privileges. | IFS Community
Question

User not set as Active.User is not granted connect privileges.

  • 24 January 2022
  • 20 replies
  • 225 views

Userlevel 1
Badge +3

Getting below error

 

User IFSADMIN is not allowed access. Most likely causes: * User not set as Active. * User is not granted connect privileges. Contact your system administrator if this condition persists.

Authentication method is used as  database. FND_ENDUSER is given via FND_ADMIN user but not specifically. Can someone assists to trouble shoot this issue 


20 replies

Userlevel 6
Badge +13

Hello @Jayanidu 

I am trying to understand your issue.

Who has the issue a regular user or IFSADMIN?

If your question is about a regular user. It looks like the person is not active.

1- access create a user page

2- Right click on the header and select “Active User”

3- Check the box - Active user

4- Save your change

5- After you save - the user should be active

I hope this help!.

Thanks,

JL

Userlevel 1
Badge +3

Hi,

Thanks for the detailed  reply on this .

Issue is with only IFSADMIN user. User is active and from database end using sql plus we can connect to the database using the IFSADMIN user.

Userlevel 6
Badge +13

Hello @Jayanidu ,

It will be good if you provide a screenshot to see the message you are getting when you try to connect to IFS.

I wonder if you have the permission set  EU_ENDUSER enable? 

Thanks,

JL

Userlevel 1
Badge +3

Hi,

We have granted FND_ENDUSER permission. It has been granted via grantee roles FND_ADMIN,FND_TRANS_MAN,IFS_ALL and RU_TEST. Attached permission sets are given to IFSADMIN user.

 

Thanks and Regards

Jayanidu

Userlevel 6
Badge +13

Hi @Jayanidu  Did you refresh security cache?

 

Userlevel 1
Badge +3

Hi,

Yes security cache refresh several times. EU_ENDUSER is not listed under permission sets. May I know what grants should *_ENDUSER roles should posses?

 

Thanks and Regards

Jayanidu 

Userlevel 6
Badge +13

My IFS for FND_ENDUSER has similar set up like your.

  • You said using Oracle you can log in.  if that is true you can log in to SQLPLUS, and you wrote “You are able to use SQL plus” if you run the following query it will show you “ENABLED”

SELECT username,
       CASE WHEN account_status = 'OPEN' THEN 'ENABLED' ELSE 'DISABLED' END AS "ACCOUNT_STATUS"
FROM ORACLE_ACCOUNT 
where USERNAME = 'IFSADMIN'  

 

  • You have FND_ENDUSER enable. I saw the screenshot.

My last shot  => what about cleaning the 2.0 folder in your computer.

The one located  C:\Users\%username%\AppData\Local\Apps\2.0

I will not delete them. I will back them in some place in your computer just for backup purpose or plan B.

restart your computer and try to log in to IFS

 

Thanks,

JL

 

Userlevel 1
Badge +3

IFSADMIN user is enabled. Do we need to clear the 2.0 each time permission sets are been modified ?

 

SQL> SELECT username, CASE WHEN account_status = 'OPEN' THEN 'ENABLED' ELSE 'DISABLED' END AS "ACCOUNT_STATUS" FROM ORACLE_ACCOUNT where USERNAME = 'IFSADMIN' ;

USERNAME
--------------------------------------------------------------------------------
ACCOUNT_
--------
IFSADMIN
ENABLED

Badge +1

Hi, I am trying to understand your issue. You have granted FND_CONNECT role? 

You are able to login user via sql but not in IFS. FND_CONNECT role is required for user.

I hope this help.

Userlevel 6
Badge +13

Hello @Jayanidu 

No, you do not need to clean the 2.0 when you change a permission set. However, when I have users failing to authenticate, sometimes cleaning the 2.0 folder work. 
Did the 2.0 clean work for you?

Userlevel 1
Badge +3

yes FND_CONNECT is granted

Userlevel 6
Badge +13

@Jayanidu  => what about FND_WEBCONFIG ? I am trying to compare my set up with your and it looks like you do not have FND_WEBCONFIG => Role for IFS Web Client Config User

Userlevel 1
Badge +3

FND_WEBCONFIG is not listed in all permission sets. Could you please check and let me know what are the roles assign to it?

Userlevel 6
Badge +13

 

Userlevel 1
Badge +3

FND_ADMIN and FND_RUNTIME are granted from other roles such as IFS_ALL .

Userlevel 7
Badge +16

Hi @Jayanidu,

Do you get any results for the below query when running it in the SQL Plus after connecting to the database.

select grantee,

granted_role,

default_role

from dba_role_privs

where default_role = 'NO'

 

I think the default_role is always ‘YES’, but I had one situation that one of our customers had a login issue with one user, and it was found one of the required role has “NO” flag for default role, due to some reason. It was resolved after changing it to YES from database end.

 

Just remembered, so thought to share with you, if the same would have occurred here as well.

 

Thanks,

 

Userlevel 1
Badge +3

SQL> select grantee,granted_role,default_role from dba_role_privs where default_role = 'NO';

no rows selected

SQL>

Userlevel 1
Badge +3

@ThushAsanka  thanks for the reply on this . I have executed the query but no result came.

Userlevel 7
Badge +15

@Jayanidu since this is an old post, I am curious to know how this was fixed? We had the same issue today reported by a few users. Then again, restarting IFS helped them. Hence I am not really able to recreate it. Do you or anyone else have any idea what might be causing this? @ThushAsanka ? 

Userlevel 1
Badge +3

Hi @Asela Munasinghe ,

 

In my case it was IP not whitelisted from reverse proxy settings. It was nothing to do with permission sets . Sometimes the error handling is not giving the correct message. 

 

Regards

Jayanidu

Reply