Hi,
i have the username and password for the client 230(suppose) but i have to login into the 210 cllient. i don't know the password for client 210. i know only the username. Please suggest that how to login into 210 client.
Thanks,
Pankaj
↧
how to reset the password of user of different client
↧
Code inspector or test cockpit
Hi all,
I'm having some problems in the company that work. Always compare the current development version with the previous (0010 to 0009 for example) and evaluate only the changes and not the whole. In Cockpit inspector or test code can do this? Another question is whether there is a rule that validates whether the program is new or not. Sorry for English, but I'm using the google translator.
Regards,
Erlon Lourenço
↧
↧
How to unlock Users in client from a different client
Hi All,
We have multiple clients in our SAP system. Users which are in one client are not created in other client.
The issue is that one of the user has locked his account due to incorrect login attempts. We dont have any other user in the same client with which we can login and unlock the account. We have access to some other user in some other client of the same system.
Is there a way to unlock the user in that client from some other client.
Thanks,
Tirth
↧
Drop Down is not Visible
Hi All,
We have encountered an issue after Upgrade. We have an BSP application in out portal(7.0). Through that HR persons are handling their activity.
We have upgraded ECC to EHP7 SP4 and UAT is going on. In UAT user is facing the issue.
One HR Manager is synching his id with another user id and then going to the Proxy link to change the employee information for the another user as a proxy manager. Here The user is not able see the drop down to select and Action item to complete job.
User is able to do the same in production. We have checked user's role and Structural profiles in both UAT and production environment and Both are same.
Can anybody please suggest what is the issue?
↧
UJE* tables not getting updated
Hello security experts,
We are currently on BI 7.4 version and have BPC 10 (CPM 801 SP 005) implemented, we are facing issues with the creation of New Teams and Member access profiles in the system.
Ideally when a new team/ Task or Member access profile gets created the respective UJE* tables must also get updated.
We created 3 new Teams and Member access profiles in the BPC front end, while checking the backend tables we found that not all UJE* tables are getting updated as expected.
Tables that got updated are :
UJE_MEMACCESS
UJE_TEAM_AGR
UJE_TEAM_MULTAGR
Tables that didnot get updated:
UJE_TEAM
UJE_PROFILE
UJE_PROFILE_ASIN
UJE_PROFILET
UJE_TEAMT
UJE_USER_TEAM ( we assigned users to the team via front end as well)
Ideally these tables must get updated for every new Team; Member access profile created. Am I missing some configuration which should update these tables?
Thanks & Regards
Veena
↧
↧
Is Data Between SAP GUI and Server Encrypted
Hello expert,
In default, the data between SAP GUI and SAP application server is not encrypted, is that?
If we want to encrypt the data between GUI and AP, we should enable the following setting in GUI side (and any other settings, like SNC library path and so on)?
Thanks & Best Regards,
Tong Ning
↧
Adding T-code to Role Area Menu which doesn't exist in box
Hello,
We are using a SAP system called QIM which has "jumplink" functionality, which is a web based linked (NWBC) which will launch you into a ERP system transaction when clicked. For example, in QIM we will display a outbound delivery, and if we click on the link it launches VL03N from the ERP system and displays as web UI.
In PFCG under area menu, this transaction code appears under the menu, but VL03N doesn't actually existing in the system... The issue is we created a custom object for inbound delivery and we need ot add it under this area, but when we attempt to add a transaction code under the Role Area, the system says the t-code doesn't exist... Even when we try this with an existing t-code showing in the menu (Vl03N) it says it doesnt exist. Same if we look at the authorization object S_TCODE. These t-codes exist in here, but when you try to readd them they system says it doesn't exist.
Please find the attachments with some screen shots... Any idea how we can do this?
↧
Need to give REVOKE CLOSE option in CO02 only for selective users
Hello,
Need to Restrict Revoke Close Option in Tcode CO02 (Under Functions - Restrict Processing - Revoke Close) through Role/Object Level. Can any one suggest how to control this . Need to give access for CO02 for 5 Users , but only 2 Users can able to do Revoke Close Option , other 3 Users should not able to do this activity.
BR,
Murali
↧
How to kill process/Actavity in SAP ?
How to kill process/Actavity in SAP ?
↧
↧
Personalization Dialog “DIA_LO_SRS”.
Hi Gurus,
We have below requirement from our client:
For each Store specific role or each user, Personalization Value with corresponding Site Value , needs to be maintained via Role or via Transaction “FPB_MAINTAIN_PERS_S” for Personalization Dialog “DIA_LO_SRS”.
I am not sure if this is something Security need to maintain or HR guys.
Your advice is highly appreciated on the same.
Thanks
Peeyush
↧
Structural Authorization in HR Standard Reports
Hi Experts,
Structural authorization applied works as intended in standard transactions (e.g. PA20, PA30, PP01 etc.) but it does not work in standard report (e.g. Date Monitoring). User able to extract information for employee that he/she does not authorised to.
Is this normal Structural Authorization behaviour ? Is there anything that need to be done to enable the restriction as intended ? Appreciate your help to look into this matter and advise the way forward.
Best Regards.
↧
Blocking issue after replacing a SSL certificate ok with a new SSL EV (Extended Validation) one
Dear Security Experts,
I need your kind help in case you can support about a problem which is preventing us to use a quite critical (UK HMRC Gov site) web service based application which use to work like a charm till before replacing SSL certificate downloaded from web service application host.
What we see changed is that:
WITH PREVIOUS SSL CERTIFICATE NO PROBLEM:
at expiry (as required by certificate+host owner) we used to download new certificate from ‘https://emcs.ws.hmrc.gov.uk’ and after importing it in SAP with STRUST and testing it we had no problem absolutely and we noticed that Target Host here under was matching website URL indicated for using the webservice we needed
WITH NEW SSL EV (Extended Validation) WE ARE BLOCKED INSTEAD:
after downloading new certificate from ‘https://emcs.ws.hmrc.gov.uk’ and importing it in SAP as always we cannot work anymore and notice two following problems:
a) Target Host hereunder does not match anymore the website URL ‘https://emcs.ws.hmrc.gov.uk’ we used to know and from where we download the new certificate itself:
and when our app calls the webservice normally expected to know URL emcs.ws... the new Target Host dispalys instead (it has a page for human manual login...)
b) application fails with different kinds of errors reported in SMICM logs (SSL_ERROR_SSL, SSSLERR_SSL_CONNECT related to icxxconn.c): in the logs we can see details of SSL NI-sock parameters from our local=IP:PORT(normally high>50000) and web service host that we need to call at peer=23.223.63.18:443
Web service providers states that issue that the endpoints we need to submit to are unchanged and remain as detailed on page 1 of the ‘EMCS Guide to Web Services’ document published at http://www.hmrc.gov.uk/softwaredevelopers/emcs/emcs-guide.pdf. For example, if we still send a message to WS https://emcs.ws.hmrc.gov.uk/EMCS/SubmitDraftMovement/3. However, the relevant certificate authentication is at ‘emcs.ws.hmrc.gov.uk’ level.
Thank you in advance for kind indications about what would you check at our SAP side in order to recover web service communication with new certificate installed and diagnostics given (for a.m. I apologize as I am no SAP Security expert but only local project demand manager).
Kind regards,
Aldo
↧
Encryption and Decryption critical fields using 3rd party tools
We are looking at a use case scenario to encrypt certain personnel data (for e.g. Social Security Number or Bank Account No) using AES algorithm. We would like to encrypt and decrypt the personnel data so that unauthorized user won't be able to see the critical data. I know SAP has limitations and it is not straight forward mechanism.
Are there any third party vendors/tools or partners who can provide solution to encrypt/decrypt critical fields. I found one such service provider called "Dolphin" who is SAP Partner too. similarly are there any more such service providers. Please provide the information.
Thanks
Vik
↧
↧
SAP BI analysis authorization combination is not working
Hi Folks,
I recently encountered one scenario in our BI system landscape during the maintenance.
There is BI report Z_test_query has made on info provider Z_test_provider and it has multiple authorization relevant info objects associated with it.
User has access to Info provider(0TCAIPROV) through analysis authorization( ex : object 1) and one of the authorization relevant info object 0COMP_CODE is present in different analysis authorization( ex: Object 2) . With this set up , if user runs the query he is getting error "you do not have authorization for any char . values for char 0COMP_CODE".
whereas he is not getting any error , if 0COMP_CODE is added to analysis authorization Object 1. As per my understanding BI auth relevant info objects need not be in same analysis authorization to be able to execute the query. The scenario what i faced is contradictory , can some one assist me with this?
↧
Timestamp in OM and structural Authorization
Hey Guy's, I've got a question 
In our Organisation there are movements from Org1 to Org2.
Org1 is old and in OM it's been validated from 01.01.2010 - 31.08.2014
Org2 is new and is valid from 01.09.2014 - 31.12.9999
Below of Org1 there are Org-Units (Org1.1, Org1.2, ...) which are valid from 01.01.2010 - 31.12.9999.
Now the "under Org-Units" are moved from Org1 to Org2 and the P-Objects, which decided to leave our Organisation 
till 31.08.2014 aren't anymore in access.
Only the Persons which only have for example Org1.1 in access (no superordinate Org2 or something like that), has access to the P-Objects.
The persons which has Org2 in access, doesn't see via O-S-P the person for the period of time 01.01.2010 - 31.08.2014
It seems like SAP is looking for the timestamp of the 1001 connection between Org1.1 to Org2 (01.09.2014 - 31.12.9999) and not of the P-Object to Org1.1
I have to say, that we are working with an custom table, where we can switch the O-object individually to every person via function block.
We also have the RHBAUS00 with Index listings in use.
Do you understand what I'm trying to explain?
Is it normal for those cases, where an manager decide to create an new Orgunit with an better name, or something like that, and move any "under Org-Units" to the new one, that no person has access anymore?
Is there an switch in T77S0 which I can set or should I try to ask SAP via OSS-Note?
Thanks in advance for your answers
Lars
↧
Security Requirements for OCI in MM
What are the security requirements for building OCI in MM
thank you
↧
Demoting an org-level - what to transport and when to do so
Dear gurus,
I am confronted with a question where it seems there is no answer except trying, so thought it best to see if anyone has done this before...
Background is SAP notes 323817 and 727536 regarding demoting customer org.level fields.
Someone promoted 28 fields to org.levels in a system here. PFCG_ORGFIELD_CREATE has a transport connection, so at the time the USORG and USVAR table entries were also transported through the landscape.
Now I have degraded to the fields to normal fields again using PFCG_ORGFIELD_DELETE, which converts the SU24 and PFCG data and the USORG and USVAR tables, but it does not ask for a transport request...
New roles which include the now "normal fields" can be imported successfully into QAS and PROD systems, and the old roles will clear themselves out and are being completely replaced anyway.
So my question is: should I transport the USORG and USVAR tables through the landscape as well? If yes, then before the roles are transported would seem correct to me, but there is no dialog I can find to add these to a transport request, so I suspect that maybe SAP's intension was simply to leave the data there as "dead wood" in QAS and PROD. The only way I can think of is to manually insert the tables as "table contents" into a workbench transport and send that through - but that seems a bit suspect to me...
Has anyone done this before? Did you sync the tables in QAS and PROD or just leave them as inconsistent in the landscape?
Cheers,
Julius
↧
↧
Password Check toward Active Directory with NW ABAP 740 at WinServer 2008+
I look for an option to use at the Password check procedure from Active Directory password instead USR02 password.
What is up to date the mostsimple and with BC740 at Win2008 or 2012 option to replace PW check at ABAP with AD PW check to for Business Uses. Are there Standard functions, Customer Exits or methods available to implement
an easy solution.
I found many discussions around the topic at SSO, IDM,GRC but once with much new functionality I do not request
at moment or discussions based on older releases.
What function can be used within BC 740 / ECC 617 running SAP at MS Win Server?
Details:
We started to implement Standard SSO (with Kerberos / SPNEGO for Portal and GUI User) but we have still lots of tickets from users not staying inside our central AD domain with their PC-Client.
We are a “small” organization but have facilities in 150 countries with also local AD domains. So often the uses are logged on with in the regional AD Domain and would like to access one of our new centralized SAP services via Portal or sapgui. Our Business Users have 2 accounts, first within AD for regional IT Services, second for all centralized IT services.
I asked, based on These conditions, our SAP-Basis Team how we can get a solution to check on NW ABAP
Stack server side the password with our central AD domain.
We run five productive functional different SAP instances and expect no benefit on centralized Role and User
administration within this organization. Only the different password per SAP-system-client
causes problems.
Our security team requires at systems with personal employee data a logon procedure with entering a password
(proposal is using AD PW) and for technical support stuff a higher frequent PW
change. All these could be done just by PW check against AD.
↧
How to restrict FBL1N only to display access
Hi,
I need some help in restricting access for FBL1N. The requirement is the user should be able to only display the vendor items for the given opcos. I created a test role for this tcode and maintained the activity for all the auth objects to 03. But still user is able to change the vendor details. When ran trace, it was showing the access to Tcode FB02. but not sure how the test user is getting this access as the test role does not contain FB02 and user does not have any other role. Please advise
Regards
Kavitha
↧
Depreciation report S_ALR_8701194 not working
Hi,
I am tring to execute the Depreciation report and getting the message no data selected and while assigning SAP_ALL i am able to get the data. I have anaylze the ST01 trace but everything is 0 and SU53 is also successful then what could be the reason.
11:14:29:189 AUTH - - - S_TCODE RC=0 TCD=S_ALR_87011994;
Client: 600 User: TEST Transaction START_REPORT 4B863B2D753F26F1E1000000AC190055
Work Process 0 PID Date: 26.02.2010 Start:11:14:29:200.231Finish:11:14:29:215.790
First Block of Dialog Step Last Block in Dialog Step
Block Version: 1512 No. of Records: 5 File Version: 1
hh:mm:ss:ms Type Lasts(us) Object Text
11:14:29:200 AUTH - - - S_PROGRAM RC=0 P_GROUP=AM10;P_ACTION=VARIANT;
11:14:29:201 AUTH - - - S_PROGRAM RC=0 P_GROUP=AM10;P_ACTION=SUBMIT;
11:14:29:203 AUTH - - - A_A_VIEW RC=0 VIEW=' ';
11:14:29:203 AUTH - - - A_A_VIEW RC=0 VIEW=1;
11:14:29:206 AUTH - - - S_PROGRAM RC=0 P_GROUP=AM10;P_ACTION=SUBMIT;
Client: 600 User: TEST Transaction START_REPORT 4B863B2D753F26F1E1000000AC190055
Work Process 0 PID Date: 26.02.2010 Start:11:14:59:25.577Finish:11:14:59:32.662
First Block of Dialog Step Last Block in Dialog Step
Block Version: 712 No. of Records: 2 File Version: 1
hh:mm:ss:ms Type Lasts(us) Object Text
11:14:59:26 AUTH - - - A_A_VIEW RC=0 VIEW=' ';
11:14:59:26 AUTH - - - A_A_VIEW RC=0 VIEW=1;
Regards,
Subhash
↧