Authorization issue - help request
Hi guys,
One of the consultants is having an authorization issue ( He is not abele to run a t-code)
I ask him to run a su53 report and i am not sure how to proceed with this.
Please help.
Here are the details from the SU53 report.
DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
User : VYXXX profile parameter authorization buffering 4
Authorization Object: F_KNA1_GRP
Description
Authorization check failed:
+ Authorization object F_KNA1_GRP Customer Account Group Authorization
Activity 08
Customer Account Group ZM01
Users Authorization Data :
+ Authorization object F_KNA1_GRP Customer Account Group Authorization
Authorization T-PD19002300
Authorization T-UG39000900
Authorization T-UG39001000
Please help me guys what need to be performed.
Regards,
Vamsi.
Hi Vamsi,
SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
Then check-> which auth object is failing.
RC=4 means a object value is failing.
RC=12 means an object is missing!
Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
You can check the SAP documentation on running traces on the help portal of SAP. I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
Let me know if you have any questions
EOD for me :P . take care
Abhishek
Similar Messages
-
ASA 5505 Speed Issue - Help Requested if possible
Hi All,
I am wondering if anybody here can shed some light on any potential configuration issues with the configuration below (Sanitized). Current State:
1. SIte to Site VPN is up and running perfectly.
2. Client to Site VPNs work through L2PT/IPSEC and through mobile devices such as IPhone.
3. The outside interface is at line speed - approximately 5-6MBits per second.
4. When performing a download of a service pack from microsoft - Bit rate on the inside interface is approximately 1/3rd of the outside interface (A lot of loss). Interface shows no CRC errors and no input errors.
5. The outside interface shows CRC errors and INPUT errors but due to the line speed being optimal (as the client experienced via their WAN router direct (with the ASA out of the mix), have not looked in to this further. I suspect the device it is directly attached to does not auto negotiate correctly even though the interface is set to 100Mb Full Duplex.
6. Outside interface MTU is set to 1492, purposely set this way due to PPPOE over head (Please correct me if I am wrong). (Approx 8 bytes)
7. Inside Interface MTU is set to 1500, no drops or loss detected on that interface so have left it as is.
8. All inspection has been disabled on the ASA as I thought that scans on the traffic could have impaired performance.
Current Environment Traffic Flow:
1. All hosts on the network have there DNS pointed to external IP addresses currently as the DNS server is out of the mix. This usually points to DNS servers in the US. If the hosts use this, the DNS queries are performed over the site-to-site VPN but the internet traffic is routed around the VPN as the traffic is a seperate established session. Split tunneling is enabled on the ASA to only trust the internal hosts from accessing the US hosts. Everything else uses the default route.
2. The version of software on this ASA is 8.2(1). I have checked and there does not seem to be any underlying issues that would cause this type of behaviour.
3. Memory is stable at roughly 190Mb out of 512Mb
4. CPU is constant at approximately 12%.
5. WAN and INSIDE switch are Fast Ethernet and the ASA interfaces are all Ethernet - Potential compatibility issue between standards? I'm aware they should be compatible - any body that has experienced any issues regarding this would be greatly apprecaited.
Current Issues:
1. Speed on the inside interface is approximately 1/3rd of the WAN/Outside interface - download speeds are sitting at approximately 250 - 300kb (should be sitting at approximately 700-800kb).
2. Noticed that when the DC is pointed to the USA Root Domain Controller (Across the tunnel) latency is approximately 400ms average. (Performed using host name).
3. I ping the IP address of the exact same server and the latency is still 400ms.
4. Changing the DCs DNS address to 8.8.8.8, I perform the same ping to the same servers. Still 400ms.
5. I ping google.co.nz and I still get 400ms (You would expect it to route out the default gateway but session is still active for that IP on the ASA).
6. I ping 74.x.x.x (The IP from the resolution from step 5) and I get the same result.
7. I flush dns, same issue for 5/6.
8. I clear xlate on the ASA and the same issue persists.
9. I close command line, repen it, and perform the test again - latency is now back to 40 - 50ms as we would expect for non-vpn traffic.
I am currently out of ideas and would like some advice on what I have actually missed.
Things I suspect that I may need to do:
1. Upgrade IOS to latest version (Other than that - I'm out of ideas).
ASA Version 8.2(1)
hostname BLAH
enable password x.x.x.x encrypted
passwd x.x.x.x encrypted
names
name x.x.x.x BLAHPC
name 8.8.8.8 Google-DNS description Google-DNS
name 202.27.184.3 Telecom-Alien-Pri description Telecom-Alien-Pri
name 202.27.184.5 Telecom-Terminator-Sec description Telecom-Terminator-Sec
name 203.96.152.4 TelstraClearPri description TCL-PRI
name 203.96.152.12 TelstraClearSec description TCL-Sec
name x.x.x.x BLAH_Network description BLAH-Internal
name x.x.x.x DC description DC VPN Access
name x.x.x.x Management-Home description Allow RDP Access from home
name x.x.x.x SentDC description BLAHDC
name x.x.x.x Outside-Intf
dns-guard
interface Vlan1
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group pppoex
ip address pppoe setroute
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
banner exec [BLAH MANAGED DEVICE] - IF YOU ARE UNAUTHORIZED TO USE THIS DEVICE, LEAVE NOW!!!
banner login If you are Unauthorized to use this device, leave now. Prosecution will follow if you are found to access this device without being Authorized.
banner asdm [BLAH MANAGED DEVICE] - IF YOU ARE UNAUTHORIZED TO USE THIS DEVICE, LEAVE NOW!!!
ftp mode passive
clock timezone WFT 12
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
name-server Google-DNS
name-server Telecom-Alien-Pri
name-server Telecom-Terminator-Sec
name-server TelstraClearPri
name-server TelstraClearSec
object-group service RDP tcp
description RDP
port-object eq 3389
object-group network BLAH-US
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network x.x.x.x
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group service Management_Access_Secure
description Management Access - SECURE
service-object tcp eq https
service-object tcp eq ssh
service-object tcp eq 4434
object-group service FileTransfer tcp
description Allow File Transfer
port-object eq ftp
port-object eq ssh
object-group service WebAccess tcp
description Allow Web Access
port-object eq www
port-object eq https
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service AD_Access udp
description Allow Active Directory AD ports - UDP Only
port-object eq 389
port-object eq 445
port-object eq netbios-ns
port-object eq 636
port-object eq netbios-dgm
port-object eq domain
port-object eq kerberos
object-group network DM_INLINE_NETWORK_2
group-object x.x.x.x
group-object x.x.x.x
object-group network DM_INLINE_NETWORK_3
group-object x.x.x.x
group-object x.x.x.x
object-group network BLAH_DNS
description External DNS Servers
network-object host Telecom-Alien-Pri
network-object host Telecom-Terminator-Sec
network-object host TelstraClearSec
network-object host TelstraClearPri
network-object host Google-DNS
object-group service AD_Access_TCP tcp
description Active Directory TCP protocols
port-object eq 445
port-object eq ldap
port-object eq ldaps
port-object eq netbios-ssn
port-object eq domain
port-object eq kerberos
port-object eq 88
object-group network DM_INLINE_NETWORK_4
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network DM_INLINE_NETWORK_5
network-object x.x.x.x 255.255.255.0
network-object x.x.x.x 255.255.255.0
object-group network DM_INLINE_NETWORK_6
group-object x.x.x.x
group-object x.x.x.x
object-group network DM_INLINE_NETWORK_1
group-object x.x.x.x
group-object x.x.x.x
access-list inside_access_in remark Allow Internal ICMP from BLAH
access-list inside_access_in extended permit icmp Sentinel_Network 255.255.255.0 object-group DM_INLINE_NETWORK_2
access-list inside_access_in remark Allow Internal ICMP to BLAH
access-list inside_access_in extended permit icmp object-group DM_INLINE_NETWORK_3 BLAH 255.255.255.0
access-list inside_access_in remark External DNS
access-list inside_access_in extended permit object-group TCPUDP BLAH 255.255.255.0 object-group BLAH_DNS eq domain
access-list inside_access_in remark Allows Web Access
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group WebAccess
access-list inside_access_in remark Allow Remote Desktop Connections to the Internet
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group RDP
access-list inside_access_in remark Allow File Transfer Internet
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 any object-group FileTransfer
access-list inside_access_in remark ldap, 445, 137, 636, dns, kerberos
access-list inside_access_in extended permit udp BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_4 object-group AD_Access
access-list inside_access_in remark ldap, 445, 137, 636, dns, kerberos
access-list inside_access_in extended permit tcp BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_5 object-group AD_Access_TCP
access-list inside_access_in extended permit ip any any
access-list outside_cryptomap_65535.1 extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_6
access-list nonat extended permit ip BLAH 255.255.255.0 object-group BLAH-US
access-list nonat extended permit ip BLAH 255.255.255.0 object-group BLAH-USA
access-list nonat extended permit ip BLAH 255.255.255.0 x.x.x.x 255.255.255.0
access-list tekvpn extended permit ip BLAH 255.255.255.0 object-group BLAH-US
access-list tekvpn extended permit ip BLAH 255.255.255.0 object-group BLAH-USA
access-list tekvpn extended permit ip BLAH 255.255.255.0 x.x.x.x 255.255.255.0
access-list inbound extended permit icmp any any
access-list inside_nat0_outbound extended permit ip BLAH 255.255.255.0 10.1.118.192 255.255.255.224
access-list inside_nat0_outbound extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_1_cryptomap extended permit ip BLAH 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list outside_access_in extended permit icmp any any
pager lines 24
logging enable
logging monitor informational
logging buffered notifications
logging trap informational
logging asdm informational
logging class auth monitor informational trap informational asdm informational
mtu inside 1500
mtu outside 1492
ip local pool ipsec_pool x.x.x.x-x.x.x.x mask 255.255.255.0
ip local pool Remote-Access-DHCP x.x.x.x-x.x.x.x mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 BLAH 255.255.255.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
reval-period 36000
sq-period 300
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authorization command LOCAL
aaa authorization exec authentication-server
http server enable RANDOM PORT
http 0.0.0.0 0.0.0.0 outside
http x.x.x.x x.x.x.x inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1428
sysopt connection tcpmss minimum 48
auth-prompt prompt You are now authenticated. All actions are monitored! if you are Unauthorized, Leave now!!!
auth-prompt accept Accepted
auth-prompt reject Denied
service resetoutside
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 1 set transform-set TRANS_ESP_3DES_SHA TRANS_ESP_3DES_MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer x.x.x.x
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
client-update enable
telnet timeout 5
ssh x.x.x.x 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
vpdn group pppoex request dialout pppoe
vpdn group pppoex localname **************
vpdn group pppoex ppp authentication pap
vpdn username ************** password PPPOE PASSPHRASE HERE
dhcpd auto_config outside
dhcpd address x.x.x.x/x inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server x.x.x.x source outside prefer
tftp-server outside x.x.x.x /HOSTNAME
webvpn
group-policy DfltGrpPolicy attributes
banner value Testing ONE TWO THREE
vpn-idle-timeout 300
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value outside_cryptomap_65535.1
user-authentication enable
nem enable
address-pools value Remote-Access-DHCP
webvpn
svc keepalive none
svc dpd-interval client none
USER CREDENTIALS HERE
vpn-tunnel-protocol l2tp-ipsec
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key SITETOSITE PSK
peer-id-validate nocheck
tunnel-group DefaultRAGroup general-attributes
authorization-server-group LOCAL
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key CLIENTTOSITE PSK
peer-id-validate nocheck
isakmp keepalive disable
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
no authentication chap
no authentication ms-chap-v1
authentication ms-chap-v2
authentication eap-proxy
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *
tunnel-group-map default-group DefaultL2LGroup
class-map inspect_default
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:894474af5fe446eeff5bd9e7f629fc4f
: endHi all, this post can be officially closed. The issue had nothing to do with the ASA but required a firmware upgrade on the WAN router which boosted the throughput on the external interface on the ASA to 10Mbps and the inside throughput naturally corrected itself to what was expected.
Thanks to everybody who looked at this issue.
Andrew -
HT1420 Authorization Issues, Help!
Trying to authorize a new computer, and i already had 5 authorized so I un authorized one. It still says i have 5 authorized. Help!!!!
Emailed iTunes, got an answer. Had to do with 2 accounts, one old one new.
-
Find and Replace Issue Help Requested.
Hi all. I've been digging around for a couple of days and
can't seem to figure this one out. For starters, I have already
looked at the Regular Expression syntax and tried the MS word
clean-up option, but no luck. We have about 1,500 pages of content.
They are in DNN, so the pages are created dynamically.
Unfortunately, the page content was written in Word and then dumped
in DNN. We are trying to clean up the pages. We are grabbing the
content from Dot Net Nuke and putting it into Dreamweaver 8.0.2.
Then we are manually cleaning out things like:
<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" />
and
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"
align=left>
We are using the Find and Replace funtion in Dreamweaver to
clean out these commands, but I know from the documentation, there
is an easier way to clean these pages.
Bottom Line: Since the pages are dynamically built, I know I
have to grab the page content and put it in Dreamweaver manually
and then put it back in DNN, but I am trying to find a way (using
Regular Expressions or something) to look for all the little
variances of MSO, <?XML, etc. in a straight shot. I would like
to find a way to use a wild card to look for all tags that have MSO
or Microsoft or ?XML in them and then replace them with a null
value. From what I can tell, the Find would have to use a wildcard
because the advanced find features don't carry what I am looking
for. Something like Find \<?xml * [<-wildcard] to \> to
grab the entire tag. The Find tag command doesn't work because the
tags I need aren't listed. Also, because the content is dynamic, I
can't do a Fins and Replace against the entire site for these
commands, but it would be nice to "Find" all of these items with a
single pass since the "Replace" value is always null.
The wildcard syntax and multiple Find instances are the main
questions. The wildcards seem to be character or space specific.
Sorry for the long explanation - I just don't want to waste
anyone's time typing responses to things I've already tried to do.
Thanks in advance for any help. This is my first time back in
the forums in about 4 years.sadamec1 wrote:
> Well David, you Findmaster - it worked! (At least it
found and highlighted the
> code). Now, I need to dig through what you sent me and
compare it against my
> regular expression definitions to find out how to grab
the rest of these
> phrases. You're the best. Thank you!
Glad that it did the trick. Just to help you understand what
I did,
there are two main sections, as follows:
<\?xml[^>]+>
and
<[^>]+(?=class=Mso)[^>]+>
They are separated by a vertical pipe (|), so they simply act
as
alternatives.
The first one searches for <?xml followed by anything
except a closing
bracket until it reaches the first closing bracket.
The second one is more complex. It begins with this:
<[^>]+
This simply looks for an opening bracket followed by anything
other than
a closing bracket. What makes it more intelligent is the next
bit:
(?=class=Mso)
This does a forward search for "class=Mso". It's then
followed by this
again:
[^>]+>
That finds anything except a closing bracket followed by a
closing bracket.
The bit that you need to experiment with is (?=...). It's
technically
called a "forward lookaround". The effect is that the second
half of the
regex finds <....class=Mso....>.
David Powers
Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
http://foundationphp.com/ -
Authorization Issues - Apple, please help
There have been several posts regarding users not being able to play their iTunes music due to authorization issues. Solutions have been provided, including the following:
1. Deauthorizing the account several times until the following message appears "This computer was not authorized. To authorize this computer, to play a song or video you have purchased using this account."
2. Deleting the "SC info" folder.
3. Authorizing the music using the original account (File > Get Info).
Nothing seems to be working. I've contacted Apple support, and they have been more than responsive and helpful, but they keep asking me to do the same things over, and over.
Everytime I enter my account authorization info, I get a message indicating that the computer is now authorized...however, the music still won't play.
I have now gone 3 months without being able to solve this issue (I've tried everything in the forums), and I am about to give up. Unfortunately, this also means flushing over $300 down the toilet. I still have all the files, so I am not asking to download them again (they are on my hard drive). I just want a fix...Hi,
For the BW consultant use the following objects :
B_ALE_MAST
S_ADMI_FCD
S_APPL_LOG
S_ARCHIVE
S_BDS_DS
S_BTCH_ADM
S_BTCH_JOB
S_BTCH_NAM
S_CTS_ADMI
S_C_FUNCT
S_DATASET
S_DEVELOP
S_DOKU_AUT
S_FIELDSEL
S_FOBU_MTH
S_GUI
S_IDOCCTRL
S_IDOCDEFT
S_IDOCMONI
S_IDOCPART
S_IDOCPORT
S_LDAP
S_LOG_COM
S_OC_DOC
S_OC_FOLCR
S_OC_ROLE
S_OC_SEND
S_OC_TCD
S_PROGRAM
S_PROJECT
S_QUERY
S_RFC
S_RS_ADMWB
S_RS_COMP
S_RS_FOLD
S_RS_HIER
S_RS_ICUBE
S_RS_IOBJ
S_RS_IOMAD
S_RS_ISET
S_RS_ISOUR
S_RS_ISRCM
S_RS_MPRO
S_RS_ODSO
S_RZL_ADM
S_SCD0
S_SCRP_ACT
S_SCRP_FRM
S_SCRP_GRA
S_SCRP_STY
S_SCRP_TXT
S_SPO_ACT
S_SPO_DEV
S_SPO_PAGE
S_TABU_CLI
S_TABU_DIS
S_TABU_RFC
S_TCODE
S_TMS_ACT
S_TOOLS_EX
S_TRANSLAT
S_TRANSPRT
S_TWB
S_USER_AGR
S_USER_AUT
S_USER_GRP
S_USER_PRO
S_USER_TCD
S_USER_VAL
S_WFAR_OBJ
S_WFAR_PRI
For users :
S_ADMI_FCD
S_BDS_D
S_BDS_DS
S_GUI
S_OLE_CALL
S_RFC
S_RS_COMP1
S_RS_FOLD
S_RS_HIER
S_RS_ICUBE
S_RS_ISET
S_RS_ODSO
S_SPO_DEV
S_TCODE
S_USER_AGR
You also need to give the end user objects to the BW consultant. All of these objects have activities and values that need to be populated.
Cheers,
Kedar -
Authorization issue to view cube contents
Hi Gurus,
I am getting Authorization issue to view cube contents in Production server, When I execute the cube it is showing me the following statement.
"You do not have sufficient authorization for the infoprovider ZMMG_C05".
Please provide me a possible solution for this.
Thanks,
Jackie.Hi,
Two things to be checked with respect to authorization for this one.
1) Functional Roles: Check whether Info cube is present in the functional roles that are assigned to you.
If not you need to get the functional role in which the Infocube is assigned.
2) Data Access Roles: Check in the data access roles assigned to you, whether you have the access
to the selection that you are using to see the data in the info cube. Else, request
BASIS team to assign the appropriate data access roles to you.
Hope this helps.
Regards,
Bharat -
S_CTS_ADMI Authorization issue
Hi Experts,
Every now and again a user sends me a SU53 with the error requesting access to S_CTS_ADMI field TABL. The user of this morning is trying to release a purchase order using transaction ME29N. Why would the SU53 indicate that the user want to maintain the control tables of the Change and Transport System in Production when they are trying to release a purchase order? I am running a trace ST01 but it's not helping.
Could you please help me to resolve issue.
Thanks
PavelHi
Gowri is perfectly ok. Below Objects checked.
M_BEST_BSA
M_BEST_EKG
M_BEST_EKO
M_BEST_WRK
Along with that M_EINK_FRG also get checked.
Check for access to all of the above Objects in user master records. Before that check with MM team to get these values of the PO that the approver is trying to release.
1) Document Type : Relate with M_BEST_BSA
2) Purchasing Group : Relate to M_BEST_EKG
3) Purchasing Organization : Relate to M_BEST_EKO
4) Plant : Relate to M_BEST_WRK
5) Release code & release Group : Relate to Object M_EINK_FRG
You also can get these information through ME23N
If all of the above matches with user master record and PO then there is no further authorization issue. Rest on MM team !!!!!
Best of luck...
Arpan -
Variable screen/variant screen authorization issue
HI All,
We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
We have three selection fields:
1.Company Code which is mandatory
2.My controlling Area which is also mandatory
3.Costcenter which is not mandatory
The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
can anyone guide me on how to go about on this authorization issue at the variable screen itself.
Please treat this issue/requirement on high priority.
Appreciated in advance.
Regards,
raps.Hi,
I think that an alternative to solve your concern could be using Web Application Designer (WAD). In this respect, there are several design options, with different levels of complexity.
As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center. The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
I hope this helps you.
Regards,
Maximiliano -
Authorization issue during Jump
Hi all,
I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
Both the multiprovider and the base infocube have the same authorization objects checked.
Can someone please help?
Regards,
Ashmith RoyPls have a look on the below thread:
Authorization by InfoArea
Regards
Ganesh
*Assign points if this helpful -
Authorization issue - need to know the Role providing this access
Hi,
User is facing an authorization issue below:
"You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
"You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
Kindly let me know what Role is missing from the user's profile?
Thanks and Regards,
Sachin
SAP Security ConsultantHi Murali,
It helped.
I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
I did user comparision and then user is able to view the below DataSources....
Thanks for your help, it triggered to find the root cause.
Thanks
Sachin -
Authorization issue to execute query via analyzer
Dear,
We are experiencing an authorization issue that we can not solve...
We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
When we test in RESCEADMIN, everything is fine. We can execute the query.
When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
"There is no variable in the workbook, which allows user input"
Does anybody have a direction to help us to orientate our investigation?
Many thanks,
RodolpheHello,
What is the basic settings you have in the Query Properties basic setting tab
Try making it mandatory
Regards
Nitin Bhatia -
Dear all,
I have an authorization issue with two ODS.
One I activated for BEx reporting --> Is working fine in Dev, but I get error with
missing authorization in QUA, althought some authorizations.
Same issue with a newly created ODS, which works in Dev, but gives an error
with missing authorization in QUA.
What can be the reason for this? Any input is highly appreciated!
Cheers,
ClaudiaHi,
check that the role(s) are transported from your DEV and your QA, and that the user has the correct role(s)
Check as well in your QA transaction RSSM for your ODSs objects; it might be that by transporting the ODS, some authorizations have been applied by default.
hope this helps...
Olivier. -
Authorization issue "No authorization"
Dears gurus,
I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
Please let me know what is missing.
Best regards,
Pilar Infantas.Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
Check box -->with Log option
select RSRT option
hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
if not
again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
Hope it Helps
Chetan
@CP -
Authorization issue in BI system.
Hi,
Having a authorization issue in BI system.
user trying to run a query in and attempt to drill down by customer, he gets customer details but some of the customers are missing...
Does the authorization granted in BI system based on customers? Is it a security issue?
pls help...
Thanks...Hi,
Please execute the query with your id(developer id who will be having access to all data) first. Check if you are able to see all the customer data. If you are able to see all the data then the user is restricted with some authorizations. ( usually the authorizations are done on sales organization, company codes, plant..etc.. please check how it is in your project...)
If you are not able to see all the customer data, then check in the infoprovider on which the query is built and do your analysis.
Check in the roles assigned to the user.
Hope it helps.
Edited by: Maddy on Apr 21, 2011 6:42 AM -
Authorization issue with VA02 radio buttons
Hello All,
We are stuck at one authorization issue. The user navigates using tcode VA02.
1) Execute Tcode -VA02=>
2) 2) puts order number # 100001 =>
3) press enter =>
4) press enter =>
5) Screen: Change (Company Name) Return 100001: Overview =>
6) Option: Display doc. Header details (looks like a magnifying glass beside PO_date) =>
7) This bring us to Change (Company Name) Return 100001: header Data =>
8) select status tab =>
9) on Status tab lower end there is a button u201CObject Statusu201D =>
10) Press it =>
11) Come to Change Status :
12) On this screen There is Status with status no. on the right side with 7 options
e.g:
u2022 1 BLK Approval Required for,
u2022 2 BL1 Approval for Credit,
u2022 3 BL2 Approval for material Replacer
We need to restrict the radio button access for user for which we are unable to find the authorization object.
Could any one help.
Thanks & Regards
gabHi,
Use ST01 to trace the user activities and check which objects its hitting when you click on those buttons, then you can restrict radio buttons using those objects.
I have'nt run the tcode myself and performed the steps you mentioned, but if you think its calling other transaction from those buttons you can manage tht in SE97, or add the t-code VA02 in the S_tcode auth object in PFCG.
Hope this should get you going
Thanks,
Vijay
Maybe you are looking for
-
Converting PM from trial to full version
I had asked in another thread whether I could download and install the current tryout version of PM, and then use my old serial number from a PM 7 upgrade I had registered with Adobe back in 2002. I was under the impression this process would work f
-
Jre 1.4.1_02 and jre 1.4.2_05
Help, I have one third party application requiring jre 1.4.1_02 plug-in and another third party application requiring jre 1.4.2_05 plug-in running on a Windows 2000 Professional PC. Is there any way to get the two JAVA plug-ins to work together witho
-
Accordion component property .enabled has no function???
Hi, the subject pretty much sums it up. I created an accordion component, but setting its .enabled property - which according to the component help it has (inherited from UIComponent class) - has no effect!
-
More complex queries ???
hi all, Can you tell me anyone, where can I found more complex queries for oracle sql expert exam ? thx in advance
-
'print time' formula in cross tab?
Is it possible to use a formula that is processed 'whileprintingrecords' in a cross table?