Quantcast
Channel: SCN : Discussion List - Security
Viewing all 2353 articles
Browse latest View live

Manage Authorization Object in BP T code

April 13, 2016, 7:26 am
$
0
0

Hi SAP Expert,

   I am new in SAP BASIS & Security , I have created a master role for finance user and give all T code related to FI module in single role for back log data entry. I am facing many issue while add t code in a role. I have added BP T code in a role and this role assign to user. i have managed all authorization object do as full authorization as discuss with functional con. I have below query-:

 

1. in BP t code below authorization object will be check or not -:

B_BUPA_ATT
B_BUPA_FDG
B_BUPA_GRP
B_BUPA_RLT
B_BUPA_BZT
B_BUPA_FDG
B_CCARD

B_USERSTAT

 

I have added BP code but i am unable to find all above object while maintain authorization object.

 

2. User give screen with SU53 , and i am unable to find in my role authorization object list.   If any authorization object & field not found can we add after click on manually or not.

 

3. I am unable to find error object in list.

 

4. How i can manage full authorization of BP t code for a account master user.

 

Please help me.

 

Thanks,

  Amit Sharma

Search

RADIO FREQUENCY LOGON

April 13, 2016, 8:42 am
$
0
0

Hi all,

 

There is an issue for entering username/password on Radio Frequency Mobile.

 

The RF Mobile are used by Warehouse users and every days it required to enter Username/passwords on RF mobile with delays, difficult, incorrect logon and reset password requests.

 

How can I facilitate the password change process?

 

I thought Single Sign On..or from customizing.

 

Could you please help me?

Thanks

Anto

FV60: Park in 1 company code; Park & Post in another

April 13, 2016, 10:43 am
$
0
0

Hi Gurus,

 

We have a scenario where we have a user, who needs to have park Vendor invoice document when she/ he is working for company code:9000 the same user to have park & post form company code 9001.

 

I like to know how to achieve this by managing the roles/ profiles / authorization object.

 

Thanks

Anand

Single Sign On: user logon trace

January 14, 2009, 12:18 am
$
0
0

Hi gurus,

 

I need to know when a user has logged in our system using SSO, or if he has used his password, but I don't find anything about.

 

Could you tell me how can I log this parameter??

 

Thank you

Pablo

Delete an already released transport request

July 6, 2007, 3:06 am
$
0
0

Hello together,

 

I have a problem in SE09/SE10 with a transport request.

 

The request is as follows:

 

Modifiable

 

    D01K939667 100   Username     /Description

 

        D01K939668   Username          Customizing Task

         

The requests itself has the status "Modifiable". The task D01K939668 within the request is already released. I have to delete the whole request now, but when trying to delete it, it says "Request D01K939668  already released". How can I delete a task within a request, that is already released?

 

Thank you for any help!

 

Best regards

Klaus Hirschegger

SAP GUI timeout session for an individual

April 14, 2016, 1:31 am
$
0
0

Morning,

 

How do I change or create an individuals SAP GUI timeout session period. I have one user in Australia, who would like his profile session to expire after 4 hours. At the moment the system is setup to timeout after 1 hour.

 

Thank You

SU01 - Authorize change only Validity date

April 14, 2016, 8:11 am
$
0
0

Hello,

 

I want to assign SU01 to role on display mode but I want to give the possiblity to change ONLY validity date.

 

How I can do this using authorization object parameter ?

 

Thanks in advance for help

 

Anwar G

Creation of role

April 14, 2016, 8:52 pm
$
0
0

Hi All,

 

 

We have requirement .Can anybody tell how can this be done.

 

 

we have a parent Parent RoleP1from which derived  role D1is created


Now we need another role D2which should be exactly likeD1but devoid of some tcode execution rights

 

How can this be done? We created a copy of D1 and created D2 but was not able to remove the unwanted tcode editing the role.

 

 

 

 

 

 

 

 

 

Regards

Mandan

Search

line items in Auth. profile, do not have Evaluation path

April 7, 2016, 2:17 am
$
0
0

Hi All,

 

There are many line items(4 out of 6) in my Auth. profile, which do not have Evaluation path. So, is there any use of these

 

Regards

Plaban

Communications user password expires

May 18, 2008, 5:13 pm
$
0
0

Hi,

 

The password of our  communications user (ZCONTRANS) always expires/deactivated.

 

How can I set tha password of this particular user not to expire? 

 

We could not chage the login/password_expiration_time parameter because we need dialog users password to expire every 90 days (for audit requirement).

 

thanks,

 

kbas

Denied message for ACCESS to registered program SLD

April 15, 2016, 1:38 am
$
0
0

Hello,

since a couple of months we are building up the reginfos for all our SAP systems in simulation mode. Now I have an issue with the program SLD on our PI system:

Everytime when a certain host tries to connect to the registered program SLD on our PI this request is denied although we eplicitely allowed the ACESS for all hosts. Currently the relevant entries in our reginfo are:

P TP=SAPSLDAPI_SID HOST=PI_hostname CANCEL=* ACCESS=*

P TP=* HOST=local,internal  CANCEL=local,internal ACCESS=local,internal

Nevertheless we get this denied message:

reginfo denied  client: TP=SAPSLDAPI_SID, ACCESS=other_hostname

Since the reginfo is loaded by the registered program only during the registration I deleted the client-connections after changing  the reginfo in SMGW to ensure that the new rules are really available in SAPSLDAPI_SID.
Has anybody an idea what's wrong with this reginfo? Maybe deleting the client Connections with SMGW does not force the registered program to reread the reginfo?

Many Thanks in advance

Michael

Download bc_snc_adapter_101.zip

June 18, 2008, 7:10 am
$
0
0

I'm installing validation with SAP, Solaris for SSO.

I've found an interesting document, but the file bc_snc_adapter_101.zip is not available in the link.

 

Anybody have this file or know where I can find it ?

 

2.2 Configuration of the external SAP SNC Adapter

-

 

1. Download bc_snc_adapter_101.zip from

 

        http://www.sap.com/partners/icc/scenarios/technology/bc-snc.aspx

 

Thank's in advanced

RHEL 6: Compilation of the SNC Adapter fails

April 15, 2016, 8:30 am
$
0
0

Dear SAP Community,

 

We’re setting up MIT Kerberos for a SAP ABAP Server, so we can use the password less logon authentication. At the moment I’m hanging with the compilation of the SNC adapter.

 

  • We have the following environment:

BW ABAP 7.4 SPS10

SAP Kernel 742 / PL120

MaxDB 7.9

RHEL 6

Microsoft AD

 

  • Used Documentation:

http://www.realtech.com/wDeutsch/pdf/consulting/Whitepaper/SAP_Singe_Sign-On_und_Secure_Connections_via_SNC_Adapter_basierend_auf_KerberosV5_de.pdf

Chapter: 3.5.1

 

 

  • ERROR:

[root@wieltcg01 sncadapt]# pwd

/Software/SNC/sncadapt

 

[root@wieltcg01 sncadapt]# make

./build."`uname -s`" make do-all

./build.Linux: line 27: export: `do-all': not a valid identifier

make: *** [all] Error 1

 

I don’t know what should be adapted and where the error could be.

 

I’d be very grateful for some help and advice!!

 

BR Manuel

How do I configure RFCs for SNC communication?

April 5, 2016, 7:46 am
$
0
0

Hello Everyone,

 

I'm an Oracle DBA / Basis Admin and am new to configuring SNC.  So far I've been able to configure SAPgui sessions to communicate with systems using SNC but am having difficulty locating documentation to tell me how to get systems to use SNC with their RFC communication.  Everything seems to assume you already have the prerequisite configuration complete and just says to go to SM59, go to the Logon & Security tab and click the SNC button.  I, however, believe I'm missing the steps where I'm guessing I need to install a certificate for the other server/system.

 

I've exported different certificates out of STRUST on one system (SBX) and imported them into SNC SAPCryptolib on the other (SD2) and vice versa, and restarted the ICM each time but the connection test failes with this error:

 

LogonCancel
Error DetailsGSS-API(maj): Miscellaneous failure GSS-API(min): A221021F:Server refuses certif
Error DetailsERROR: GSS-API(maj): Miscellaneous failure GSS-API(min): A221021F:Server refu
Error DetailsLOCATION: SAP-Server SSBX4_SBX_00 on host SSBX4 (wp 4)
Error DetailsDETAIL: SncPEstablishContext
Error DetailsCALL: gss_init_sec_context
Error DetailsCOMPONENT: SNC (Secure Network Communication)
Error DetailsCOUNTER: 43
Error DetailsMODULE: sncxxall.c
Error DetailsLINE: 3551
Error DetailsRETURN CODE: -4
Error DetailsSUBRC: 0
Error DetailsRELEASE: 721
Error DetailsTIME: Tue Apr 05 09:12:25 2016
Error DetailsVERSION: 6

 

I don't even know if the partner name specified on the Logon & Security tab for the RFC definition under the SNC button is correct.  I at least no longer get the "Unable to Determine Canonical SNC Name RC= 4-" error that I used to get but have no indication if what I do have is correct:  The format for the Partner name that I'm using is:

 

p:CN=<FQDN>, OU=<SAP Customer ID>, OU=<Long Company Name>, O=<Short Company Name>, L=<City>, SP=<State>, C=<Country>

 

This partner name matches the X.509 name used in the other system's SSL server Standard PSE in STRUST.

 

Can someone help me with this, please, either by pointing me to documentation and/or by giving me a step by step for what to do to get this working?

 

Please let me know if there's any other information you need to help with this.

 

Thanks in advance!

 

Jeff

CUA: Alternative to PRGN_COMPRESS_TIMES

November 13, 2011, 11:27 pm
$
0
0

Hello experts,

 

in a non-CUA-System, the Report PRGN_COMPRESS_TIMES allows to remove obsolete or duplicated roles out of the user master.

 

Do you know if there is a similar function in a CUA-managed system?

 

Thanks in advance!

Search

SE16 -> Settings -> User parameters Field name to Field value

April 14, 2016, 11:39 pm
$
0
0

Hello Friends,

 

In se16 once we change the parameter Field name to Field value from Settings-->User parameters, the selection screen appears with technical names(Field name) only,However the output results with field values.

 

Previously , se16 selection screen used to display the entries with Filed values once the setting is changed.But now that's not the case, the selection screen appears with filed names(Technical names) but the output is in the form of field values.

 

Here it becomes difficult for the user to identify the field name(Technical name) and produce the output.

 

Can anyone help me regarding this ?

 

Regards

Basis consultant.

Auto-Logout after 15 Minutes, but rdisp/gui_auto_logout is set to 0

October 20, 2015, 11:59 pm
$
0
0

Hi

 

everyone is logged out of our Solution Manager GUI-Session after 15 Minutes.

 

The parameter rdisp/gui_auto_logout is set to 0.

 

We tried also to set it to 7200 (2h), but the same effect... We will be logged out after 15 minutes.

 

Is there another parameter to control this ? Or what can be the cause for it ?

SSO setup with SAP portal/ ECC6

April 11, 2016, 8:19 am
$
0
0

Hello we are trying to setup SSO for .NET based application which will be accessed from iview in SAP portal and will be connecting to SAP ECC6 for data using RFCs.

we have SSO setup between SAP portal (Ticket issuing system) and SAP ECC6 EHP6 (as trusted system). Now when we login to iview which has our app URL it asks for user name and password.

we are using MYSAPSSO2 cookie to login but its not working; is there any other setting or trust relationship required between IIS and SAP portal or IIS and SAP ECC6?

We haven't done anything with respect to IIS to set up any trust relationship and we think this could be the reason we are not able to login yet using SSO logon ticket. Appreciate any help.

Do we have to configure SNC on SAP ECC6 EHP6 in order to have SSO work with .NET app?

 

Mani

RFC access denied with message: "ACCESS=localhost (127.0.0.1)"

April 20, 2016, 6:46 am
$
0
0

Hi experts,

 

currently we have a reginfo in place without specific rule for the program "LDAP_EUCE".  Now I would expect that the Default rule in the last position of the file will be applied (P TP=* HOST=local,internal CANCEL=local,internal ACCESS=local,internal) and therefore denies any access from a host which does not belong to the system. From the Gateway log we would have expected a denied message if a remote host from another SAP System tries to use this registered program via the local gateway.


Now we receive the message "reginfo denied Client:  P=LDAP_EUCE ACCESS=localhost (127.0.0.1)" but unfortunately only with "localhost" and not  any hint about the remote host which tried to use the local gateway. Has anybody an idea how we can find out which host tried to execute LDAP_EUCE?

Many thanks!

Michael

Restrict access to rows in tables using S_TABU_LIN

January 22, 2008, 2:44 am
$
0
0

Hello

 

Is it possible to use this authorization object to restrict access to rows in data tables, based on role?

Namely, a query is created for table holding financial documents data, and I would like users in charge of one company code, to only be able to see rows relating to that company code when they execute the query.

I have defined and activated an organization criteria, and included it in the role authorization data restricted to only one company code value, but the user is still able to see all rows in the table.

The system trace doesn't show a check for the S_TABU_LIN Object while the user is executing the query.

 

Can anyone tell me what I'm missing?

 

Thanks in advance

A.

Viewing all 2353 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>