2 different authorizations same cube / same user
Hi,
I need to create an authorization on the 0COOM_C02 InfoCube, where CostCenter is auth. relevant.
One user should have 2 options:
- to se just own CostCenter for most of the queries
- to see data for all CostCenters for just few queries (Cost center is not in the row/column, keyfigures are different, Cost elements are filtered)
How?
Thanks, Tom
Hi ..
try this
Technical name: 0TCAVALID
Less or Equal (LE) Everything <= value in FROM field ^
Greater Than (GT) Everything > value in FROM field ^
Greater or Equal (GE) Everything >= value in FROM field ^
Less Than (LT) Everything < value in FROM field ^
Technical name: 0TCAKYFNM
Possible values
Single value (EQ) Exactly one key figure
Range (BT) Selection of key figures
Pattern (CP) Selection of key figures based on pattern
Message was edited by:
krish
Similar Messages
-
Different authorizations on different cubes for the same characteristic
Hello,
Is it possible to implement different authorizations on different groups for the cubes characteristic?
For example a user should be authorized to see just the data of company code 101 on Cube A but he should see the data of all company codes on Cube B (Cube B also contains the company code. ":"-Authorization is not an option)?
In transaction RSECADMIN it is possible to insert the "special characteristics" Acitivty, InfoProvider and Validity into an authorization. But standard setting for InfoProvider is * and I get an error message if I want to modify for just 1 Cube because the characteristic "InfoProvider" (SAP Content) isn't marked as authorization relevant.
Can you please answer:
1) If it is possible to implement different authorizations on different cubes for the same characteristic?
2) What is the function of the special charactristics if I can't maintain the values?
Thank you
JohannesHi there,
Yes it is possible.
The new authorization concept created union also based on InfoProvider Characteristic.
You have to change in rsd1 transaction the characteristics 0TCAACTVT, 0TCAKYFNM, 0TCAIPROV and 0TCAVALID to be authorization relevant.
So you can do this:
Create two authorizations in rsecadmin like this:
Aut_1:
0comp_code: 101
0TCAACTVT: 03 (activity of display)
0TCAKYFNM: * (all key figures)
0TCAIPROV: Cube A
0TCAVALID: * (authorization valid for ever)
Aut_2:
0comp_code: *
0TCAACTVT: 03 (activity of display)
0TCAKYFNM: * (all key figures)
0TCAIPROV: Cube B
0TCAVALID: * (authorization valid for ever)
Now in rsecadmin give both authorizations aut_1 and aut_2 for the user.
If the user opens a query built on cube a he will be having authorizations only for company code 101. If the user opens a query for cube B he will be having authorizations for all the company codes.
Diogo. -
Assigning different authorization to same user based on Query
Hi experts,
I am redefining my issue,
Is there any way i can assign different authorizations to the same user but based on either Query/Workbook.
lets say i have two Analysis authorizations A & B and two Queries X and Y.
If the Query/Workbook is X then Add Authorization A to user ABC.
else if the Query/Workbook is Y then Add authorization B to user ABC.
this is because i have two set of workbooks the same user can access and authorization for these two set is different based on the workbook.
I tried using the auth objects 0TCTWORKBK,0TCTQUERID OR 0TCTQUERY but no success so far.
thank in advance.
Edited by: youmenbi on Feb 12, 2008 1:20 AM
Edited by: youmenbi on Feb 12, 2008 1:31 AMHi
We have set same kind of authorizations based on the users. The Cost Center Manager is assigned a role and the authorizations for each of the Report/Layout/Workbook is based on his/her profile...some are Read only, some or Read & Write...etc.
If you go through that route......and assign each of the Reports/Layouts/Workbooks to Users....you may succeed.
I know it is a bit time consuming but that is one alternative we could think of as it addressed seamlessly any changes in CC Managers.
Regards
Srinivas -
Trusted RFC not working for different user , working for same user
Dear All,
I have two SAP system - One Solman (7.0) and another ECC 6.0 (SR3) on HPUX box with Oracle DB (Unicode).
I want to establish Trust relationship between these system.
I have configured the same, as per the following link:
http://help.sap.com/saphelp_nw04/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm
and note 128447.
My requirement is one user X in solman client 001,
will execute some test plan (Tcode stwb_2) which will take the control to ECC 6.0 client 200, execute the tcode as user Y and come back in Solman again.
The user X (SAP_ALL) exists in Solman - client 001 and user Y (SAP_ALL) exists in ECC 6.0 - client 200.
In ECC 6.0 client 200, I have created a role ZRFCACL with the following and assigned to the user Y (as per the above help / note):
Role : ZRFCACL
Auth. Obj: S_RFCACL
Value assigned to fields are:
RFC_SYSID : SOL
RFC_CLIENT: 001
RFC_USER : X
RFC_EQUSER: N
RFC_TCODE : *
RFC_INFO : *
ACTVT : 16
Whenever the user X is trying to execute the test from solman, he is getting the error : "No authorization to log on as trusted system (RC = 0)"
Each time the user is trying the above, in ECC 6.0, the following dump is occuring:
CALL_FUNCTION_SINGLE_LOGIN_REJ under username SAPSYS
I have assigned the role ZRFCACL to user X in Solman also.
Next, I have performed the following check:
created one user M in both system
created the role ZRFCACL2 in ECC 6.0 client 200 as follows and assigned the role to user M:
Role : ZRFCACL2
Auth. Obj: S_RFCACL
Value assigned to fields are:
RFC_SYSID : SOL
RFC_CLIENT: 001
RFC_USER : ''
RFC_EQUSER: Y
RFC_TCODE : *
RFC_INFO : *
ACTVT : 16
Assigned SAP_ALL to user M in both system (So the user M in Solman does not have ZRFCACL2).
This time, the trust relationship worked and no dump got generated.
I have also checked the thread Trusted RFC do not work
but unable to resolve the issue.
Any suggestion where the things are going wrong in this / what else I need to check or this is not possible at all?
Thanks in advance for your help.
SudipHi Valdecir,
Thanks for the reply. I am providing the detail of the generated dump below:
Please check in case any clue is there.
Runtime Errors CALL_FUNCTION_SINGLE_LOGIN_REJ
Date and Time 12.08.2008 18:59:32
Short text
No authorization to logon as trusted system (Trusted RC=0).
What happened?
Error in the ABAP Application Program
The current ABAP program "SAPMSSY1" had to be terminated because it has
come across a statement that unfortunately cannot be executed.
What can you do?
Note down which actions and inputs caused the error.
To process the problem further, contact you SAP system
administrator.
Using Transaction ST22 for ABAP Dump Analysis, you can look
at and manage termination messages, and you can also
keep them for a long time.
Error analysis
An RFC call (Remote Function Call) was sent with the invalid user ID "98819 "
. Or the calling system is not registered as trusted system in the
target system.
How to correct the error
The error code of the trusted system was 0.
Meaning:
0 Correct logon as trusted system mode
1 No trusted system entry for the calling system "SOL " or the
security key entry for the system "SOL " is invalid
2 User "98819 " does not have RFC authorization (authorization object
(S_RFCACL) for user "98819 " witl client 001.
3 The timestamp of the logon data is invalid
The error code of the SAP logon procedure was 1.
Meaning:
0 Login was correct
1 Wrong password or invalid user ID
2 Locked user
3 Too many attempted logons
5 Error in the authorization buffer (internal error)
6 No external user check
7 Invalid user type
System environment
SAP-Release 700
Application server... "gcbeccd"
Network address...... "10.10.4.158"
Operating system..... "HP-UX"
Release.............. "B.11.23"
Hardware type........ "ia64"
Character length.... 16 Bits
Pointer length....... 64 Bits
Work process number.. 1
Shortdump setting.... "full"
Database server... "gcbeccd"
Database type..... "ORACLE"
Database name..... "RD3"
Database user ID.. "SAPSR3"
Char.set.... "C"
SAP kernel....... 700
created (date)... "Apr 5 2008 00:55:24"
create on........ "HP-UX B.11.23 U ia64"
Database version. "OCI_102 (10.2.0.1.0) "
Patch level. 146
Patch text.. " "
Database............. "ORACLE 9.2.0.., ORACLE 10.1.0.., ORACLE 10.2.0.."
SAP database version. 700
Operating system..... "HP-UX B.11"
Memory consumption
Roll.... 16192
EM...... 4189840
Heap.... 0
Page.... 0
MM Used. 1194640
MM Free. 2992576
User and Transaction
Client.............. 000
User................ "SAPSYS"
Language Key........ "E"
Transaction......... " "
Transactions ID..... "489F2BD6C36D0F12E10000000A0A049E"
Program............. "SAPMSSY1"
Screen.............. "SAPMSSY1 3004"
Screen Line......... 2
Information on caller of Remote Function Call (RFC):
System.............. "SOL"
Database Release.... 700
Kernel Release...... 700
Connection Type..... 3 (2=R/2, 3=ABAP System, E=Ext., R=Reg. Ext.)
Call Type........... "synchron and non-transactional (emode 0, imode 0)"
Inbound TID.........." "
Inbound Queue Name..." "
Outbound TID........." "
Outbound Queue Name.." "
Client.............. 001
User................ 98819
Transaction......... "SMSY"
Call Program........."SAPLSRTT"
Function Module..... "SCCR_GET_RELEASE_NR"
Call Destination.... "SM_RD3CLNT200_TRUSTED"
Source Server....... "gcbsolm_SOL_00"
Source IP Address... "10.10.4.206"
Additional information on RFC logon:
Trusted Relationship "X"
Logon Return Code... 1
Trusted Return Code. 0
Note: For releases < 4.0, information on the RFC caller are often
only partially available.
Information on where terminated
Termination occurred in the ABAP program "SAPMSSY1" - in
"REMOTE_FUNCTION_CALL".
The main program was "SAPMSSY1 ".
In the source code you have the termination point in line 67
of the (Include) program "SAPMSSY1".
Source Code Extract
Line
SourceCde
37
endmodule.
38
39
module %_rfcdia_call output.
40
"Do not display screen !
41
call 'DY_INVISIBLE_SCREEN'.
42
perform remote_function_diacall.
43
endmodule.
44
45
module %_cpic_start.
46
if sy-xprog(4) = '%RFC'.
47
perform remote_function_call using rfctype_external_cpic.
48
else.
49
call 'APPC_HD' id 'HEADER' field header id 'CONVID' field convid.
50
perform cpic_call using convid.
51
endif.
52
endmodule.
53
54
55
form cpic_call using convid type c.
56
communication send id convid buffer header.
57
if sy-subrc eq 0.
58
perform (sy-xform) in program (sy-xprog).
59
else.
60
message a800.
61
endif.
62
endform.
63
64
form remote_function_call using value(type).
65
data rc type i value 0.
66
do.
>>>>>
call 'RfcImport' id 'Type' field type.
68
if sy-xprog = 'JAVA'.
69
system-call plugin
70
id 'JAVA' value 'FORW_JAVA'
71
id 'RC' value rc.
72
if there is no rollout on the JAVA side which
73
rolls both, JAVA and ABAP, we return to the
74
C-Stack and reach this point
75
76
in case there was an rollout, the ABAP-C stack is lost
77
and we jump direkt to this point
78
79
here we trigger the rollout on this Abap side with
80
the following statement
81
system-call plugin
82
id 'JAVA' value 'ROLL_OUT'
83
id 'RC' value rc.
84
else.
85
perform (sy-xform) in program (sy-xprog).
86
rsyn >scont sysc 00011111 0.
Contents of system fields
Name
Val.
SY-SUBRC
0
SY-INDEX
1
SY-TABIX
0
SY-DBCNT
1
SY-FDPOS
0
SY-LSIND
0
SY-PAGNO
0
SY-LINNO
1
SY-COLNO
1
SY-PFKEY
SY-UCOMM
SY-TITLE
CPIC and RFC Control
SY-MSGTY
SY-MSGID
SY-MSGNO
000
SY-MSGV1
SY-MSGV2
SY-MSGV3
SY-MSGV4
SY-MODNO
0
SY-DATUM
20080812
SY-UZEIT
185932
SY-XPROG
SAPRFCSL
SY-XFORM
READ_SINGLE_LOGIN_DATA
Active Calls/Events
No. Ty. Program Include Line
Name
2 FORM SAPMSSY1 SAPMSSY1 67
REMOTE_FUNCTION_CALL
1 MODULE (PBO) SAPMSSY1 SAPMSSY1 30
%_RFC_START
Chosen variables
Name
Val.
No. 2 Ty. FORM
Name REMOTE_FUNCTION_CALL
%_DUMMY$$
0000
0000
2222
0000
SY-REPID
SAPMSSY1
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5454555322222222222222222222222222222222
310D339100000000000000000000000000000000
SYST-REPID
SAPMSSY1
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5454555322222222222222222222222222222222
310D339100000000000000000000000000000000
HEADER
000000000000
000000000000
TYPE
3
0000
0003
SY-XPROG
SAPRFCSL
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5455445422222222222222222222222222222222
3102633C00000000000000000000000000000000
%_ARCHIVE
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
RC
0
0000
0000
SY-XFORM
READ_SINGLE_LOGIN_DATA
000000000000000000000000000000
000000000000000000000000000000
544455444445444445445422222222
2514F39E7C5FCF79EF414100000000
%_SPACE
0
0
2
0
No. 1 Ty. MODULE (PBO)
Name %_RFC_START
%_PRINT
000 0###
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2222333222222222222222222222222222222222222222222222222222222222222222222222222222222222223000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
RFCTYPE_INTERNAL
3
0000
0003
Internal notes
The termination was triggered in function "ab_xsignon"
of the SAP kernel, in line 2491 of the module
"//bas/700_REL/src/krn/rfc/absignon.c#9".
The internal operation just processed is "CALY".
Internal mode was started at 20080812185932.
Calling system.....: "SOL "
Caller.............: "98819 "
Calling client.....: 001
RFC user ID........: "98819 "
RFC client.........: 200
Trusted return code: 0
Logon return code..: 1
Transaction code...: "SMSY "
Active state.......: "-782823270"
Note: At releases < 4.0, the information for the caller is not
available.
Active Calls in SAP Kernel
Lines of C Stack in Kernel (Structure Differs on Each Platform)
(0) 0x4000000003b2b450 CTrcStack + 0x1b0 at dptstack.c:227 [dw.sapRD3_DVEBMGS00]
(1) 0x4000000004d2c470 Z16rabaxCStackSavev + 0x1d0 [dw.sapRD3_DVEBMGS00]
(2) 0x4000000004d32160 ab_rabax + 0x3570 [dw.sapRD3_DVEBMGS00]
(3) 0x4000000002b43cb0 SignOnDumpInfo + 0x280 at absignon.c:2491 [dw.sapRD3_DVEBMGS00]
(4) 0x4000000002b3f2f0 ab_xsignon + 0xb30 at absignon.c:876 [dw.sapRD3_DVEBMGS00]
(5) 0x4000000002aa4cb0 ab_rfcimport + 0x1ad0 at abrfcfun.c:3599 [dw.sapRD3_DVEBMGS00]
(6) 0x40000000040f4a80 Z8abjcalyv + 0x500 [dw.sapRD3_DVEBMGS00]
(7) 0x400000000402f190 Z8abextriv + 0x440 [dw.sapRD3_DVEBMGS00]
(8) 0x4000000003f538b0 Z9abxeventPKt + 0xb0 at abrunt1.c:281 [dw.sapRD3_DVEBMGS00]
(9) 0x4000000003f360a0 ab_dstep + 0x280 [dw.sapRD3_DVEBMGS00]
(10) 0x4000000001cb4600 dynpmcal + 0x900 at dymainstp.c:2399 [dw.sapRD3_DVEBMGS00]
(11) 0x4000000001cab0e0 dynppbo0 + 0x280 at dymainstp.c:540 [dw.sapRD3_DVEBMGS00]
(12) 0x4000000001cb1ec0 dynprctl + 0x340 at dymainstp.c:358 [dw.sapRD3_DVEBMGS00]
(13) 0x4000000001c9dff0 dynpen00 + 0xac0 at dymain.c:1628 [dw.sapRD3_DVEBMGS00]
(14) 0x4000000001fea460 Thdynpen00 + 0x510 at thxxhead.c:4830 [dw.sapRD3_DVEBMGS00]
(15) 0x4000000001fb4de0 TskhLoop + 0x4e20 at thxxhead.c:4518 [dw.sapRD3_DVEBMGS00]
(16) 0x4000000001faae40 ThStart + 0x460 at thxxhead.c:1164 [dw.sapRD3_DVEBMGS00]
(17) 0x4000000001569ec0 DpMain + 0x5f0 at dpxxdisp.c:1088 [dw.sapRD3_DVEBMGS00]
(18) 0x4000000002c10630 nlsui_main + 0x30 [dw.sapRD3_DVEBMGS00]
(19) 0x4000000002c105c0 main + 0x60 [dw.sapRD3_DVEBMGS00]
(20) 0xc00000000002be30 main_opd_entry + 0x50 [/usr/lib/hpux64/dld.so]
List of ABAP programs affected
Index
Typ
Program
Group
Date
Time
Size
Lang.
0
Prg
SAPMSSY1
0
11.04.2005
09:27:15
22528
E
1
Prg
SAPLSCCA
1
05.07.2005
13:10:18
52224
E
2
Prg
SAPRFCSL
0
13.02.2005
17:31:45
17408
E
3
Typ
RFCSYSACL
0
13.02.2005
17:31:45
7168
4
Typ
SYST
0
09.09.2004
14:18:12
31744
Directory of Application Tables
Name Date Time Lngth
Val.
Program SAPMSSY1
SYST . . : : 00004612
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x0001\0\0\0
Program SAPRFCSL
RFCSYSACL . . : : 00001760
SOL RD3
ABAP Control Blocks (CONT)
Index
Name
Fl
PAR0
PAR1
PAR2
PAR3
PAR4
PAR5
PAR6
Source Code
Line
116
CLEA
00
0035
SAPMSSY1
60
117
CLEA
00
0036
SAPMSSY1
60
118
CLEA
00
0037
SAPMSSY1
60
119
MESS
00
001C
SAPMSSY1
60
120
ENDF
00
0000
SAPMSSY1
62
121
00
0000
SAPMSSY1
62
122
PERP
00
0001
SAPMSSY1
64
123
PERP
02
0000
SAPMSSY1
64
124
WHIL
00
0002
0000
0000
0000
0000
0000
0000
SAPMSSY1
66
128
WHIL
00
0003
0000
0000
0000
0000
0000
0000
SAPMSSY1
66
132
BRAN
05
001E
SAPMSSY1
66
133
CALY
00
0003
0038
002A
0005
002B
0000
0000
SAPMSSY1
67
>>>>>
CALY
02
0000
0039
8000
0000
0000
0000
0000
SAPMSSY1
67
141
COMP
00
0002
0010
003A
SAPMSSY1
68
143
BRAF
02
000E
SAPMSSY1
68
144
SRFC
01
0000
003A
003B
SAPMSSY1
69
146
SRFC
01
0000
003C
C000
SAPMSSY1
69
148
SRFC
02
0000
0000
0000
SAPMSSY1
69
150
SRFC
01
0000
003A
003D
SAPMSSY1
81
152
SRFC
01
0000
003C
C000
SAPMSSY1
81
Thanks & Regards
Sudip -
Same user in tacacs and local database with different privilege
Hi there,
i am just not sure if this is correct behavior.
i am running NX-OS image n5000-uk9.5.1.3.N1.1.bin on the nexus 5020 platform.
i have configured authorization with tacacs+ on ACS server version 5.2 with fall back to switch local database.
aaa authentication login default group ACS
aaa authorization commands default group ACS local
aaa accounting default group ACS
a user test with priv 15 is craeted on ACS server, password test2
everything works fine, until i create the same username on the local database with privilege 0. ( it doesnt matter if the user in local database was created before user in ACS or after )
e.g.:
username test password test1 role priv-0 (note passwords are different for users in both databases)
after i create the same user in local database with privilege 0,
if i try to connect to the switch with this username test and password defined on ACS, i get only privilege 0 authorization, regardless, that ACS server is up and it should be primary way to authenticate and authorizate the user.
is this normal?
thank you for help...Hello.
Privileges are used with traditional IOS. Privileges are part of "command authorization". Other operating systems (like IOS-XR, Nexus OS , Juniper JunOS) use "role-based authorization" instead of "command authorization".
So traditional IOS can use the "privilege" attribute but other operating systems can not.
Although IOS-XR, Nexus, ACE, Juniper have "roled-based authorization" feature, every single one of them use their particular attributes.
When I was configuring TACACS with ACE, Juniper and other devices I had to capture the packets to find out what were the particular attributes of ACE, what were the particular attributes of JunOS, etc, etc and to search deeply some hints the documentation , because sadly documentation is not very good when talking about TACACS details.
If you find which attributes to use, and what values to assign to the attributes then you can go to ACS and configure a "Shell Profile".
Now back to Nexus 5000. It seems this particular device has the option to mix "role-based" with "command authorization" by overriding the default roles with other roles which names are called "priv". It seems this was an effort to try to map the old concept of "privileges" to the new concept of "roles". Although you see the word "priv", it's just the name of the role. My particular point of view is that this complicates the whole thing. I would recommend to use just the default roles, or customize some of them (only if needed), but not to use "command authorization".
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/security/502_n1_1/Cisco_n5k_security_config_gd_rel_502_n1_1_chapter5.html
I will search the particular attributes Nexus use to talk to TACACS server. If I got them I will post them here.
Please rate if it helps -
Auth: Restrict Infoobject for Queries differently for the same user
Hi guys,
I need to restrict an infoobject differently for some queries (analysis authorization). For example, I need to give full hierarchie access for query 1 to user 1. But for another query for the same user I need to restrict the hierarchie authorization. Furthermore, both queries are based on the same multi provider. It is not possible to use different multi provider ... the adjustment effort is to high (to many queries).
I have set up an authorization with rsecadmin
QUERY1:
ZHier1 Hyrarchie 1
ZHier2 Hyrarchie 2
0TCAACTVT Activity in Analysis Authorizations
0TCAIPROV Authorizations for InfoProvider
0TCAVALID Validity of an Authorization
0TCTQUERY Query
-->I added the respective values for the queries, the used multiprovider, hierarchies, etc.
I have set up the same for QUERY 2 with different Hierarchy and Query values, but it does not work correctly. The user is always authorized for the hierarchie values of both queries.
Thanks foryour helpin advance!!
Regards,
SvenHi Sankar,
Sorry for the confusion. Lets focus only one hierarchy ... ZHier1.
QUERY1:
ZHier1 -> value: node2
0TCAACTVT -> value: 2 & 3
0TCAIPROV -> value: multiprovider1
0TCAVALID -> value: *
0TCTQUERY -> value: query1 (based on multiprovider1)
QUERY2:
ZHier1 -> value: node2.1 (sub node of node 2)
0TCAACTVT -> value: 2 & 3
0TCAIPROV -> value: multiprovider1
0TCAVALID -> value: *
0TCTQUERY -> value: query2 (based on multiprovider1)
But this does not work. When I use query2 in reports the user has access to node2 and not only to node2.1.
Any idea?
Thanks again!
Sven -
i want some of my users to see all the projects in the Project Center at my top-level site, and those same users to see only the projects they own at a subsite level in Project Center. that way they could see an 'all project' view on the homepage and only
their projects on their dashboard pages (which also have an instance of Project Center web part on them). i have searched and searched but cannot find a solution to this. is there any way to acheive this functionality? thanks in advance for your assistance!I have tried this in the past, but was not successful, as far as I can recall. Once you access the project center webpart in one page, the view will be retained regardless where you see it again. (until you apply a different view or clear your browser cache).
May be an easier solution is to display a 'report' on the home page with ALL projects (much easier to do), and use the Project Center webpart for the My projects view as it is easier to achieve via Project Server Security, than a report.
Cheers,
Prasanna Adavi, Project MVP
Blog:
Podcast:
Twitter:
LinkedIn:
-
Hi,
I have questions about "Accounting-Start" and "Accounting-Stop".
1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it an issue for RADIUS application ?
Cheers,
1.If a NAS configured to have a primary and a backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the primary server goes down (Primary server won’t tell the NAS?). When sessions stop, the NAS sends the “Accounting-Stop” to the secondary. I understand the “Start-Stop” record with the same “user name” and “session-id” ideally should be recorded in the same server. If this situation happens what should both the NAS and RADIUS server do?
2.A NAS configured to have a primary and backup RADIUS server. To start with all the “Accounting-Start” records will be in the primary RADIUS server. Later on the administrator decided to change the primary server (as there are problems with the previous primary). sessions stop, the NAS sends the “Accounting-Stop” to the new primary. This ends up the “Accounting-Start” and “Accounting-Stop” with the same “user name” and “session Id” in two RADIUS servers.
To summarize, how to avoid the ”start-stop” pair ends up in different servers ? If it does, is it an issue for RADIUS application ?
Cheers,vignesh and BalusC,
following is the code in front controller's doFilter method. is this not thread safe?
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
HttpSession session = req.getSession();
somepackage.User user;
if(session.getAttribute("user") == null){
user = new somepackage.User();
session.setAttribute("user", user);
}else{
user = (somepackage.User) session.getAttribute("user");
}user object maintains all information about a user. if it is in session scope, everything should work fine.
another observation is after some time of usage, both people in different systems are getting same session.getId()
in my logout page i am using
session.invalidate();
thanks,
moses -
System needs to approve automatically when the same user has different role
Hi Gurus,
My issue relates to approval in Shopping cart.
Say this is my Issue.
This is the Approval detemined by the system.
1 - X
2 - Y
3- Z
4- X
5- Y
X & Y are the Same user but with different role in the Approvals.
First time 'X' would get the cart to approve it manually but second time system should automatically approve it. Same should happen for 'Y' as well. So now both X & Y needs to approve the cart only once.
Please advice me how to approach this issue or If anyone experience the same kind of issue please let me know how to resolve.
Thanks for your time to spend on it.
Thanks,
SNMPkumarHi,
You can handle it with N-Step BADI Workflow.
Regards,
Masa -
How can i get the following done:
Exchange 2010 disconnect AD user from mailbox and reconnect the mailbox to a new copy of the same user with a different username?
i nmust do this for 16 users TODAY, SO PLEASE HELP ME OUT HERE.
Thanks in advance!!
kind regards,
Rene Veldman
System Administrator Teidem bv, The Netherlands.Rene,
Why are you not changing the username of the existing account, instead of deleting the existing one and creating a new one?
If you truly need to delete and create new, you can save the GUID for the mailbox (Get-MailboxStatistics <mailbox alias> | Fl MailboxGuid), mail disable the existing account (Disable-Mailbox <mailbox alias>
will work), clean the mailbox database it was hosted on (Clean-MailboxDatabase
<database name>), then create your new account and recover the existing mailbox to that new account (Connect-Mailbox -Identity <Guid from before> -Database <Database name> -User <SAM account name of new account> -Alias
<what you wish to set the alias to>). In PowerShell, for all steps, you would do the following:
$MbxAlias = <mailbox alias>
$NewMbxAcct = <SAM Account Name for new account>
$NewMbxAlias = <new alias for mailbox>
$DomCtrl = (dir env:\LOGONSERVER).Value.Substring(2)
$MbxGuid = (Get-MailboxStatistics $MbxAlias -DomainController $DomCtrl).MailboxGuid
$MbxDb = (Get-Mailbox $MbxAlias -DomainController $DomCtrl).Database
Disable-Mailbox $MbxAlias
Clean-MailboxDatabase $MbxDb
Connect-Mailbox -Identity $MbxGuid -Database $MbxDb -User $NewMbxAcct -Alias $NewMbxAlias -DomainController $DomCtrl
You will need to supply the information in bold in the above commands, and you will need to create the new account before you run the above commands. I include direct use of a specific domain controller so you won't need to worry about replication.
If you are changing the account from one domain to another, this will not help, and you will need to wait for replication throughout the process, running the commands individually. -
User license problem of same user but different client for ERP
Hi ,
Our customer have many region, some region config is totally different from other region
so we want to separate it by two client
But in head office, the user will need to do operation for different region,
so they need to login to different client,
same people use the same user name but login to different client
So how to count the license?
as our customer bought named user license.
Thankshi
licenses are per client -
Same user, 2 different macs
So this is a very elementary question but is it possible to have the same user account (admin in my case) on different macs...without using OS X 10.x Server? I have zero need for anything that server edition has to offer and this would be a convenience thing. Essentially, I am always using 2-3 different macs in my home network, sometimes at the same time, and I wonder if I just need to keep using the different accounts on those machines. Make sense?
You need an account on each Mac you want to access.
If you have File Sharing turned on in System Preferences>Sharing you can access files on your various Macs on the network from any Mac you happen to be on.
Matt -
Different output format on pdf, same report same data same user Report 10g
Hi
I’ve recently came up with a very strange problem
I have the same report ( DevSuite 10g ) running on a win2003 server and without any obvious reason the output format changes from the original –correct one - ( the underlined text is not correct , font size is decreased , line spacing differs)
The report is executed with the same user, the same parameters and the same data...
Problem is solved only after a full server restart ( restarting only the report server, web cacle will not make any difference )
Once the report is formatted strangely we cannot run it correctly (reboot is needed)
Trace and log files shows nothing strange about the execution.
Can you please tell me how to start investigate or suggest a solution?
Thank you,
MThis is a wild guess, but it could be the result of there being no default printer. If you're using an in-process Reports Server, this runs by default under the LocalSystem operating system account. By default, this account does not have a default printer. Without a default printer, Reports may not format fonts correctly when producing PDF output.
For more information, see "Printing and Font Errors When Using In-process Server" in Appendix D (Troubleshooting OracleAS Reports Services) of Oracle Application Server Reports Services Publishing Reports to the Web 10g Release 2 (10.1.2). It (like Metalink note 272017.1) suggests changing the registry to set a default printer that the LocalSystem account can "see"). Metalink note 370150.1 offers a more drastic solution -- configuring the Reports Server to run under a different operating system account that does have a default printer.
Still, the theory that this "default printer" issue is the problem is not exactly consistent with the fact that your reports do work as expected at first, although there could be explanations for why the default printer is periodically changing (startup scripts, user intervention, etc.).
Hope this helps. -
Authorization sales documents varrying per transaction for same user.
Dear Gurus,
I have a query in defining the transaction authorizations for a user on the transaction level.
Requirement is as follows.
I want to give the transaction code VA01 to a user to create 2 sales orders say OR, RE so while authorizing document types i will allow both the document types only to that user to create.
But at the same time for the same user i want to allow the transaction code VA02 also with some more document types say OR, RE, CR, FD. means I want to allow the change mode of 4 documents but 2 documents for create transaction.
there fore the user can never create the CR and FD sales order but can make changes for all 4 documents OR, RE, CR and FD.
Please tell me while defining the role and authorizations for a user how can I fulfill the above requirement?
Anyhow I have to fulfill the above requirement. So Please suggest me all the possible solutions. by any possible way to complete the authorization.
Please reply me soon guurs.
regards,
SanjayHi Sanjay
As you are asking for all possible way I am suggesting you two ways:
1. Take help of BASIS team
2. Use user exits: Create a Z table for all the users you want such authorization and code the following code in user exit USEREXIT_SALESORDER_SAVE under MV45AFZZ.
Z table structure:
1. User id
2. Tcode
3. Order type
Code for user exit:
If tcode = VA01 and ordertype = OR, RE.
Check Z table.
If entry not found.
Exit without saving.
end if
endif.
If tcode = VA02 and ordertype = OR, RE,CR, FD.
Check Z table.
If entry not found.
Exit without saving.
end if
endif.
try and revert -
I am trying to deauthorize my audible account. It says the user name and/or password are incorrect after I had just deauthorized the computer using the same user name and password and logging in to post this. They should be the same password correct?
Deauthorize Audible Account... always appears as a menu selection, even if you deauthorized Audible or never even had an account.
Audible is a different account from iTunes and does not require the same username / password.
Maybe you are looking for
-
Help needed with print booklet in indesign
Help! When I attempt to print a 24 page booklet, indesign does not place my last page opposite my first page, and instead adds multiple blank pages to my document. I have the printer option to print blank pages on and I am using a multiple of four to
-
Required some help regarding Identity Auditor
Hi all Actually i am new in IDM field and want to explore Identity auditor. I have SIM 7.1 installed on my system. Actually i got the enough documentation about identity auditor but i want to find out from where i can reach the identity auditor .I me
-
Microsoft Indexing Service and Dynamic PDF (XFA)
I setup Indexing Services in Windwos Server 2003, and I confirmed that it can index (out of the box) Static PDF (created LiveCycle Desinger), in addition to other file types. However, the Dynamic PDF (also created with LiveCycle Desinger) are not ind
-
Very new - basic site design help
I have created a basic site layout in Photoshop, was wondering if someone could point me in the right direction for adding functionality. http://www.heroesmemorabilia.net/Final-Layout.jpg This is how I would like the site to look, on the left hand si
-
Having lots of trouble creating a multicam clip with independently recorded audio in sync
I can't figure out why this isn't working and have tried it many different ways and many times. Here's the situation: Video was shot on a Canon 5D Mark III and a Canon 7D (I suspect this may be part of the problem because the 5D has timecode capabili