Hello,
someone told me, without quoting a source, that the cap of 300 roles per user was removed in a certain SAP release.
Maybe I am blind, but I was not able to find this in any release change log.
Can someone confirm this and link me a source?
Cheers,
Peter
Hello,
There's a user called SOLMANCONFIG that keeps getting locked in my (Solution Manager) system. It's getting called by some rogue RFC (could be external - this SolMan installation is connected to 30+ systems) which does not have the correct credentials for the ID.
Turned SM19 audit log for the ID yesterday.
Id got locked today once again.
Generated the audit log for a short time period around the time of locking, in SM20.
Results as attached.
As you can see, there's nothing in the "Terminal" column! It's not there in the detailed display either.
This problem has bugged me for quite a while now. Would really appreciate any help that would let me fix this. Mind you, this could be an RFC call from a satellite system, so checking the RFC destinations maintained in my own landscape (i.e. contents of the RFCDES table) might not be enough.
EDIT : If I recall correctly, there are also some profile parameters that need to be enabled to generate detailed logs in SM19/20. Is that relevant here?
su01 - netweaver 7.4 indirect role assignments from composite are not blue
Hi Folks,
I notice in higher releases (greater than basis netweaver 7.1) that inidirect role assignments in SU01 are not blue color ?
The composite role seems to handle fine and new columns and icons are present denoting directs and indirectcs
This is standard now ?
Hi Experts,
We have a requirement to identify all roles being hardcoded, used in exit, tables etc to achieve specific functionality. I have the list of roles from Production system. Is it possible to get the where used list for Roles ?
Any help is appreciated.
Thanks in Advance.
Hi All,
I want to prevent end-users of CRM and BI, from logging in, via SAP logon pad.is there any parameter or Security policy, which can achieve this.
i think login/disable_password_logon, will also prevent a user from logging though url. However, there is no SSO, so end-users of CRM and BI use password in CRM and BI specific urls.
Regards
Plaban
Hi everyone,
I would like to ask if someone from you have already restricted access to SQ01 queries to certain users. For example, user group query CO should only be accessed by 5 users. How to do that?
Thank you so much in advance.
Regards,
Jenilyn
My organization's domain is being changed - I understand that we need to update all scripts that we use to reflect the new domain.
Apart from that , is there any SAP report to mass update all user email ids from old domain to the new domain ?
Hi Folks,
We recently had an issue with one the Authorization field (CLASS) where it being converted to Org field automatically due to the of GRC Plugin installation in the child system.
I had run the program SU24_AUTO_REPAIR to remove the incorrectly defined SAP Org Level field , but system didn't prompt to save these changes in the Transport request so that the changes can be moved to Quality and Production.
Could you please let me know how do i Transport these changes to Q and P.
BR
Rakesh
Hi Experts,
We have a requirement to restrict Create & Release of WBS Elements at t-code CJ20N level. I am unable to figure out which authorization objects should I restrict for these functionalities, can you please advise?
Thank you & Regards,
Krishna
We have one request to modify role(adding field value in auth. object) and we have added it. when transporting that role, getting error "role XXXXX type is undetermined" can any body please suggest, how to fix this issue?
Dear Friends,
Hi,
I have questions about report PRGN_COMPRESS_TIMES.
I implemented SAP notes 1416149 & 1692243 manually on a system R/3 4.7. All side-effects & prerequisites notes have been implemented too (manual activities also done)
But we have an issue when we try to install the note 1692243. We get the message "Corrections incompletely..." for the function module "PRGN_CHECK_ROLE_ASGM_IN_CUA":
We tried to find a solution w/o success. Could you help?
When we confirm the changes and get an error during the activation of report "PRGN_COMPRESS_TIMES":
We tried to find a solution w/o success. Could you help?
Thank you for your help.
Best regards,
Zobair
Hello,
Can someone help here. We have recently upgraded to EHP 7.
After upgrade, we see user buffer is not getting updated from the roles with large data. for eg, for the derived roles with more than one profile, the objects are available in the role, role is assigned to user, profiles looks generated with green status, user comparison looks good.
But objects does not appear in user buffer , hence user misses authorization for the objects and the role is not appeared when we check in SUIM.
Does anybody know any Authorization subnotes need to be implemented or any other solution?
Due to the profile generation problem in SUPC, We had already implemented sub note: 2220928. Is there any other linked subnotes?
I'm trying to make a REST call to a SharePoint system based on NTLM using either CL_HTTP_CLIENT or CL_REST_HTTP_CLIENT by authenticating via a SAML token. Does anyone know if this is possible or know of an example?
Dear Guru,
I'd like to check what is the common / best practice for SAP ID / Account naming convention:
(1) Name Base, e.g. sg_billychen
(2) Staff Number Base, e.g. sg_007
(3) Role / Task Base, e.g. FINMGR, FINADM, SG_PLANTHOD
Is it common to have SAP ID naming convention based on Role / Task (Point No. 3 above)?
Is it common to put the real name of the SAP user into ALIAS field instead of in the FIRST & LAST NAME fields?
Thanks in advance for your help and explanation.
Cheers,
JC
Hi Team,
We have a .NET application which is connecting to SAP ABAP system using .NET Connectors and JAVA connectors.
Now we are trying to implement Secure communication between .NET application and SAP.
All our SAP systems are configured with SNC with out SSO using SNC client encryption for SAP GUI -> SAP ABAP app servers.
Same way we are connecting to SAP application with the parameters, SNC_MODE, SNC_QOP, SNC_Partenr name, SNC Library.
But we are unable to connect because the SNC client encryption library file is 32 bit and our .NET application is 64 bit.
Please advice how we can connect our .NET application --> SAP server using 32 bit library files? or do we have any 64 bit library files which support above scenario( we are not looking for SSO).
Thanks,
Krishna
Hi all.
Is there a way, maybe a function, to set the master role of a single role?
Fill the "Derive from role" field.
I mean, other than a direct UPDATE AGR_DEFINE .... which works, btw
I would prefer a "lawful" method.
Any hint?
As an alternative also the creation of a new role with the master role set.
My current method is to create the roles via PRGN_RFC_CREATE_ACTIVITY_GROUP and then use SECATT to set the master and do other things.
Thank you
Hi all
Is there an alternative to PRGN_1252_SAVE_ORG_LEVELS that can be called via RFC?
Currently I'm using the function withing a SECATT but a recent test I made demostrated that the function does not perform ANY authorization check.
This means that I can't leave the script saved so that anybody with the permission to execute SECATT scripts can mess up with roles.
As an alternative, is there a way to transform the function so that it can be called via RFC?
I mean, other than to write a wrapper.
Thank you
Lorenzo
Hi Experts,
Can someone guide me through the steps we need to follow from security end when upgrading BI 7.01 to 7.4?
My guess is, it shouldn't be straightway just SU25 as in an ECC system.
Working on a BI upgrade for the first time and not finding detailed info on it.
Your guidance in this regard will be great.
Regards,
Shiwani
Hi All
Users are receiving a massage "number of failed password logon attempt" continuously even though they logged in successfully.
We tried to set new password, but still the massage is receiving. Can some have expertise how to get rid of it?
Please help resolve this error.
Thanks in Advance,
Deven Bhandarkar
Hi All,
i have a Auth. profile, which has no Evaluation path assigned. So, could you suggest, if and how it works
Regards
Plaban