We have a number of InfoSet Queries which the users are calling from SQ00. Some of them are very old.
I would like to find out which queries are being used, so we can have the idle queries decommissioned.
How can this be done ?
Best regards,
Peter
↧
How to find out which queries are being used ?
↧
Encryption and Decryption critical fields using 3rd party tools
We are looking at a use case scenario to encrypt certain personnel data (for e.g. Social Security Number or Bank Account No) using AES algorithm. We would like to encrypt and decrypt the personnel data so that unauthorized user won't be able to see the critical data. I know SAP has limitations and it is not straight forward mechanism.
Are there any third party vendors/tools or partners who can provide solution to encrypt/decrypt critical fields. I found one such service provider called "Dolphin" who is SAP Partner too. similarly are there any more such service providers. Please provide the information.
Thanks
Vik
↧
↧
ESS + Backend access Issue
Hi Experts,
Recently I have come across a design issue for the HR roles in our system.
Our HCM system has ESS/MSS as well as other backend roles such as payroll, time admin etc.
The ESS/MSS role is categorized based on country, as such the P_ORGIN object will have full country value for PERSA etc.
The backend role such as PAYROLL ADMIN will have restrictions based on PERSA.
When we combine both, the ESS/MSS access overrides PERSA restrictions in PAYROLL Admin role & gives additional access to full country.
Is there a way to mitigate this & restrict the access without changing the ESS/MSS authorizations?
Please share your thoughts.
Nivin
↧
Archivelink Signature Public Exponent
Hi guys,
I am trying to generate a certificate for signing the URL for the Archivelink interface.
The documentation stated that the public exponent has to be equal to (2^16)+1.
Does anybody know how important that condition is? The reason I am asking is that it is easy to create an RSA key with a given exponent but it is either not possible or not that simple in case of DSA key.
I haven't explored all the possibilities for this but my preliminary attempts at it were producing invalid keys that failed during signing or verification.
Is it a requirement that the 'y' value (public key exponent) of DSA parameters must be equal to 2^16 + 1, and if so are there any inputs for the other DSA parameters like 'p', 'q', and 'g'?
kind regards
↧
Error while authenticating a user
Dear all,
Hope you all are doing well.
Production issue :
When an user tries to login with his username and password. He is getting error message "INTERNAL ERROR OCCURED".
And the standard RFC which i'm using for authenticating user is SUSR_LOGIN_CHECK_RFC
CALL FUNCTION 'SUSR_LOGIN_CHECK_RFC'
EXPORTING
bname = ip_empid
password = ip_password
EXCEPTIONS
wait = 1
user_locked = 2
user_not_active = 3
password_expired = 4
wrong_password = 5
no_check_for_this_user = 6
password_attempts_limited = 7
internal_error = 8
OTHERS = 9.
I want to know what is the meaning of this internal error ? something is going wrong with the standard RFC which I am referring to ? Some one please help me out..
Thanks in advance.
↧
↧
RFC_READ_TABLE with other user (IS this possible?)
Hi I will explain my problem
I want use RFC connection with function RFC_READ_TABLE
The problem IS I dont want use the user where they are in the red circle (inside sm59)
I want use USER and password in my ABAP CODE or in a table with password in MD5
THIS IS POSSIBLE ?
My function look like that
CALL FUNCTION 'RFC_READ_TABLE' DESTINATION 'DCRCLNT440'
EXPORTING
query_table = 'TMSBUFFER'
delimiter = ' '
no_data = ' '
rowskips = 0
rowcount = 0
TABLES
options = lv_options
fields = lv_fields
data = lv_data
EXCEPTIONS
table_not_available = 1
table_without_data = 2
option_not_valid = 3
field_not_valid = 4
not_authorized = 5
data_buffer_exceeded = 6
OTHERS
↧
Issues with Analysis Authorization checks in APO
Hi Friends,
I am facing an issue with Analysis authorization checks in APO.
We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
Resultant trace results are as below: This should not happen..
I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
Will it be possible for you to advise on what could I be missing.
↧
SAP SSO With out integrating with LDAP/Active Directory
Dear All,
Good Day.
We have following components in our landscape.
SAP ECC 6.0 EHP7 (HANA DB)
SAP BI 7.4 (HANA DB)
SAP EP 7.4 (Syabse DB)
SAP BO 4.1 (Sybase SQL anywhere)
SAP Solman 7.1 (Sybase DB)
SAP CRM 7.0 EHP2 (Sybase DB)
SAP Content server 6.5 (Max DB)
And we have plan to implement Fiori applications as well in HR,MM and FI areas. My major requiremnt is, can we acheive SAP SSO to all above SAP solutions without integrating with LDAP/Active directory.
The idea is once end user login to his PC/laptop, he should not prompt any user name/password while logging on to ABAP (ECC, BI, Solman,CRM) and EP,BO,Solman and CRM portals.
I got information that we can achieve this using SAP NW SSO 2.0, But not 100 % sure that we can achieve this without integrating with LDAP/Active directory.
Incase Active directory integration is mandatory to acheive above requirement, please confirm.
FYI, in my environment we have 4 different companies with different active directory accounts but all are going to use the same SAP landscape as mentioned above. How to proceed AD integration incase it is mandatory.
Your reccomendations/advises will be a great help for my team. Looking forward for postive replies.
Thanks in advance.
Best Regards
Praveen P
↧
Audit log of customized table.
Dear experts,
I need to trace log of some tables.
In spro transacction there is one customize transacction KEDE. This transacction is used to define derivation rules and generates entries with tables names. This records are generated in TKEDRS table. I do not need to audit this table. I need to audit some the tables recorded in field table of table TKEDRS.
K9XXXYYYNNNN.
XXX- ID SYSTEM
YYY- ID CLIENT
NNNN-Number
This custom point generates tables in dictionary. I need to trace this tables for audit log of changes. One solucion is configure SCU3 and tables in SE11.
This table do not have modification digalog. (cdhdr, cdpos, ... ) tables.
Are there other solution?
Thanks and regards.
David Sánchez.
↧
↧
SAP Business Objects Password Expiry
Can anyone please assist with this issue: We currently have a SAP BOBJ 4.1 environment which is internet facing which authenticates via our BW 7.3 which is in the LAN. The issue arises when the password expires for the users outside of the organisation (LAN) since they cannot log on to BW and change their passwords. Is there a way in which these users can reset their passwords without logging on to BW directly?
↧
remove value from f4 search based on authorization
As we have multiple company code and other configuration related to it, we want to restrict the user not to view any different company code or other values related based on role and authorization, how can we control the f4 search and its value based on roles and authorization.
↧
SAP WM Cycle counting
Hi,
We have configured Cycle counting process for Physical Inventory in WM. That is working good.
our Key users are Feeling difficulty to identify when particular material is to be Physical inventorised. They are asking that when a particular material is to be Physical inventorised they want SAP to propose them.
Thanks & regards
Murali
↧
How to find out which queries are being used ?
We have a number of InfoSet Queries which the users are calling from SQ00. Some of them are very old.
I would like to find out which queries are being used, so we can have the idle queries decommissioned.
How can this be done ?
Best regards,
Peter
↧
↧
List of Users against their Inbox documents
Hello All,
Is it possible to get list of SAP users along with their inbox count(SBWP), which means the output should display in same screen/page.
So that at the end of every month we can check this report in order to carry out deletion(on approval basis only).
I found one program RSSODLIN (63912)here in SDN which is for deletion of single user.Request you all please help in finding out the program/report to get all users with their inbox at a time.
Regds
Durga.
↧
JCo and SNC
Hi,
I want to build my own JCo client and secure it using SNC. The client can connect without SNC, so the basic setup should be good.
I do have first of all a basic question how it is supposed to work: My understanding is I need to have a cred_v2 file which is used to access the PSE file I have. Further I assume that the cred_v2 file has to be located in the directory set via SECUDIR. I do have that. The big question is now how does the system find the PSE file? I can guess it looks as well into the directory SECUDIR, but the PSE file can have any name so that guess is only half the truth. How does the system find the PSE file I have created?
I do get this error:
| ERROR | GSS-API(maj): No credentials were supplied |
| GSS-API(min): SAPCRYPTO PSEDIR directory not found: |
Anyone an idea what might be wrong? Thanks!
↧
Influence about system performance by RAL, SAL
Hi, Experts.
My team are going to use RAL(Read Access Log) and SAL(Security Audit Log)
for logging users access to sensitive data.
To meet the compliance, we have to log users' activity information
as 5W1H(WHO, WHAT, HOW, WHEN, WHERE, WHY) principle.
But I want to know that how much will system performance be affected by applying RAL and SAL.
Are there anyone who have the data or experience about that?
I understand it can be different by the level of log detail.
Best Regards.
Dongki.
↧
Controlling Authorization Object for the transaction variant created via SHD0v
Hello -
We created a new transaction variant with reference to VL03N and assigned it to a new transaction called ZVL03N. The reason for creating this new transaction was to suppress the document flow functionality on the outbound delivery.
Now is there any way to replace the Shipping point authorization object (v_likp_vst) with a new custom authorization object for the new transaction ZVL03N? Our original thought was to place a check in the delivery user exit to call the custom authorization object whenever ZVL03N is used. However, this is not possible as ZVL03N is just a mask and in the program it is actually calling the transaction VL03N.
Please let me know if there is any way to remove and replace the standard object with a custom object. The reason why we want this is to assign different set of shipping point access to VL03N and ZVL03N (without doc flow).
Thank you
Taiseer
↧
↧
User Authorization don't work in MD01.
Hi!
I created the role with transaction MD01 only.
System generated two Authorization Objects:
1. S_TCODE - Transaction Code Check at Transaction Start:
MD01
2. M_MTDI_ORG - Organizational Levels for Material Requirements Planning:
MRP Controller (Materials Plan...
Activity types in materials pl MRP: total planning
Plant Unmaint. org. level
Next, I can don't write values of "Plant" or "MRP controller" in Authorization Objects M_MTDI_ORG. I can even delete Authorization Objects M_MTDI_ORG!
But the user with this role(only this) still can not only open MD01, but successfully complete planning. For any Plant or MRP controller.
Why it don't work? What i can do? I need to limit user authorization and i don't want to create Z-transaction for it 
Thank you
Best regards,
Evgeniy
↧
SAP ABAP secure coding related training session
Hi Experts,
Do you know of any training or code jams provided by SAP for organizations related to SAP ABAP secure coding?
↧
SAP GUI SNC client encryption with commoncryptolib
Dear experts,
I am searching a lot in this Topic but I am not sure if it is possible and allowed by SAP to encrypt the communication between SAP GUI and AS ABAP using the commoncryptolib without SAP Netweaver Single-Sign-On. Important for me is encrypted communication and not the single sign on Feature. As far as possible the product should be without additional costs so I think commoncryptolib would be fine.
Can somebody give me a link to a tutorial how to configure SNC Client encryption between SAP GUI and AS ABAP (please not SAP help http://help.sap.com/saphelp_nw74/helpdata/en/b9/0dfa4a0457487bb0e59d304eb1a79a/content.htm?frameset=/en/b9/0dfa4a0457487bb0e59d304eb1a79a/frameset.htm¤t_toc=/en/cd/a3937849b043509786c5b42171e5d3/plain.htm&node_id=132&show_children=true#jump132 )
I tried the SAP help Information and had Problems with the Active Directory Integration which is only described rudimentary).
Also in my Scenario I had multiple Domains in different Locations which cannot be integrated in trusted Domains. So a solution without active Directory would be fine. Is this possible?
Thank you very much in advance.
Kind regards, Basti
↧