Wmtnreceive service Access denied error TN46


Created a user A0001, using B2B Admin console. Included this
user A0001 to TNPartners group and ofcourse this TNPartners group belongs to TNPartners ACL.

When tried to invoke wm.tn:receive service using this userid A0001 and valid password to submit document, it says access denied.

When this user is included to TNAdministrators group, and invoked wm.tn:receive service to submit document, it went through.

Ofcourse, I did create a partner profile (Partner type is Other/Unknown) using TN Console4.6, with External ID types, DUNS as A0001 and User Defined 1 as A0001

Where am I wrong?

Thanks and Regards

If a user has a TNPartner access only, you cannot access the TN Console. For those who have TNPartner access can only access the WebManager which is http://localhost:port/WmTNWeb then enter the username which in your case is A0001. This Web Manager is a read only browser which is like web based of TNConsole but the user can only view his profile and transactions, etc.


Thanks. I do not want this user to access TNConsole.
All I want is user A0001 to invoke wm.tn:receive service to submit a business XML document (eg. PO, INVOICE) using HTTP. For this wm.tn:receive service, I have even granted TNPartners ACL (under Settings tab for the service using B2B Developer) and tried but returns Access Denied error with 403 HTTP error code.
This I tried with B2B Developer pub.client:http service as well as using web browser http://localhost:80/invoke/wm.tn/receive

When the user is granted TNAdministrator ACL, able to submit documents.

Since it works when you put A0001 in the TNAdministrators group, it sounds like this user does not match the sender in the document. What document type are you using for the document you’re submitting and how is the senderId extracted? This senderId (DUNS) must match the user invoking the flow (A0001).


Say, I use Purchase Order document to submit.
As you said, the sender id within the document is not the same as that of the user invoking the flow.
Becoz, for a company we have given only one userid for authentication but within the same company there are many departments, eg
ABC International - Engineering (sender id - ABCENG),
ABC International - Support (sender id - ABCSUP),
ABC International - Technology (sender id - ABCTECH),
ABC International - Systems (sender id - ABCSYS),

and senderid within the document is different.

Will, as you said, if userid, senderid within doc and dunsid are same, then it works just with TNPartners group.

Is there any workaround?


You basically have to write your own wm.tn:receive method. See the ezine article for more background: http://www.wmusers.com/ezine/2002oct1_schauhan_1.shtml

You can use the wm.tn.doc.xml:routeXml which doesn’t do a security check. Any changes to the normal behavior have security implications - is it a concern that the person logged in can submit a document acting as a different user/company? Maybe you could set something up where each user can submit to only certain companies using a property file or database. We’ve put a couple users so far in the TNAdministrators group but this is a short term hack.


Thanks Will and Faith for your suggestions.
Let me try some work around with your suggestions.