Application authorization on CMC

Similar Messages

• Partner application authorization model missing

  We have written our own portal using j2ee technologies. Based upon user identity, we construct a launch pad for the applications that a user has authorization to. It have 260 different applications.
  We want to migrate to Oracle Portal. I would like to make each of these applications a partner application. They all share the same user repository.
  The problem is that Oracle does not have a user to Partner application authorization model.
  I could encapsulate all the applications as portlets, then Oracle portal would be able to manage the authorization to the portlets. To do this would be a major effort, changing thousands of JSP's and classes that render links. But this is not possible if they are just partner applications.
  I know, Oracle is going to say "Portal is just a launch pad, it does not handle menuing of individual applications. That is the individual application's responsibility."
  THIS does not apply. I thought long and hard on this issue. I am not asking Oracle Portal to take over menuing of an application, rather, I am asking it to be a launchpad to my 260 different applications, and to provide the facility that would allow the assignment of user and groups to execute partner applications.
  One thing I may have to do is on the initialization of the partner application is to make a call back to the login server and check whether they are authorized to use the partner application.
  There is a big difference between authentication and authorization.
  Thanks,
  Phillip

  Did you try checking the partner application entries on the SSO-login server page?
  please login as orcladmin or some other user with membership in, i beleive, iasadmins group. verify that for this partner application, what you see here corresponds to the application URL. it looks like your login page call may have issues. so check for login url too.
  also check the ORASSO.WWSSO_LS_CONFIGURATION_INFO$ for entries corresponding to Apex application.

• 910 application authorization failure blackberry

  hi all im new to here and looking for some help i have just got a sceond hand bb and it dint have appworld on it so when i tryed to download it it came up with this 910 application authorization failure and am not sure y can anybody help me out thanks
  lee

  Hello leewilliam88
  Welcome to the Community
  From the Error message it seems that an IT policy has been enabled on the Device.As you had brought it second hand  to resolve the problem you had to remove the IT policy from the device .So to do that follow this Knowledge Base :
  KB14202 : How to remove an IT policy from a BlackBerry Device.
  Try any of the Method suggested in Knowledge Base to remove the IT policy from the device.Additional Information regarding the error :KB12230
  I hope it will Resolve your problem.
  Prince
  Click " Like " if you want to Thank someone.
  If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.
  Click " Like " if you want to Thank someone.
  If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.

• Enterprise/ SAP Authorization in CMC

  Hi Experts,
  Just need to clarify that if we are using CMC with Enterprise Authorization, is it necessary to use InfoView with same Authorization or can we use SAP Authorization with it?
  Thanks & Regards,
  Sumeet

  Hi,
  thats the most common way you are explaining.
  End- Users are using the SAP Auth. for InfoView and the Administrator(s) are using the Enterprise Administrator with the Enterprise Authentication in the CMC.
  Regards
  -Seb.

• What does iplanet suggest to manage application authorization? which schema?

  Do you suggest to use user role ?
  How the most application manage the user authorization ?

  More details please. I don't understand your question.

• Download Failed: 910 Application authorization failure"

  Error 910: Failed to download
  Hi, I just bought a Torch 9800 second hand and I have a big problem right now, I can download any application, I still have a failed installation error 910! I obviously look good on the forums, it gave this: 
  http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=9F995B1F8317AE09B6732369649F58BA?...
  It seems that this is the solution to my problem, but with very limited computer skills I really do not understand, there is also a small problem I have OS 6 and it is not included in the tutorial !! I have a new phone that I can use !! without whatsapp or anything!!
  Pleeeeeeeeeeeeeeeeeeeeease help me!
  I prefer some help in French, but even if it's in english this is not a problem, just help me please ! 

  Hi Dohes and welcome to the BlackBerry Support Community Forums!
  The article you've posted indicates an IT policy is causing the problem with the application installation.  Does your BlackBerry® smartphone show an IT policy listed under Options>Security>Security Status Information?
  Thanks.
  -CptS
  Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

• Explorer missing from CMC Application list

  Hi all,
  I have a strange issue on one of my systems, explorer has been installed but appears 'disabled'
  We are using XI4.1 SP1 Edge and somehow Explorer doesn't appear in the list of applications in the CMC.
  Also, -as you can see on the screenshot- although explorer is available from the BI Launchpad and launches successfully, it loads with a disabled 'Manage Spaces' link (even as Administrator) and is not usable.
  Any ideas? I've checked rights and everything seems to be fine.
  I'm about to try a repair of the Explorer installation, but not sure what else I should try.
  Thanks for your help
  Antoine

  Antoine,
      Did you try using IE 9.x &/or 10 instead of FireFox?
  Regards,
  Ajay

• REQUIRED FOLDER LEVEL AND APPLICATION ACCESS

  Dear Expert,
  I am new in SAP BO admin, I want folder level access and application level access.
  My senario as below
  FOLDER ABC HAVING 3 SUB FOLDER LIKE FOLDER 1 , FOLDER 2 AND FOLDER 3.AND ALL THE FOLDER HAVE SOME DASHBOARD INSIDE.
  I have created 3 users
  USER 1 CAN VEW ONLY FOLDER 1 DASHBOARD
  USER 2 CAN VIEW ONLY FOLDER 2 DASHBOARD
  USER 3 CAN VIEW FOLDER 2 AND FOLDER 3 DASHBOARD.
  Please share me step by step guide.
  Many Many Thanks In Advance.
  Regards,
  Divyesh Patel

  Hi Patel,
  pls check the below threads
  Folder Level authorisations
  Folder level authorization in BO 4.0
  Securing Business Objects Content – Folder Level, Top Level and Application Security
  User Authorisations
  User Authorization in CMC?
  Note: after assigning access to  sub-Folders ,we need to assign access to root folder also to users.
  Hope this Helps,
  Sundar Kumar

• Error while running SDK application in XIR3 environment

  Hi all,
  Thanks for your support provided so far.
  I have developed a SDK application using BOE SDK in BO XI-R2 environment. This application queries the CMC and provides the list of objects, users etc.,
  While running the  application in BO XI-R3 environment, when I invoke the Login button in my application, I'm getting the following Unhandled Exception as
  "Could not load File or Assembly: "CrystalDecisions.Enterprise.Framework.Infostore version=11.5.3300.0, culture =neutral......."
  Am I missing any Dll file to be included along with  the EXE?
  Can anyone help me in this regard?
  Thanks.

  Hello Bhuvan,
  Do you have BusinessObjects Enterprise (BOE) 3.0 or 3.1?  The .NET implementation was not released until BOE 3.1, so .NET applications wouldn't be expected to work against BOE 3.0.
  Assuming that you have BOE 3.1, then you also have to upgrade your application.  An Enterprise .NET application that references the XI R2 (v11.5) assemblies would not be supported for communicating with a BOE 3.1 system.
  On it's face, the error is saying that Enterprise 11.5 (XI R2) assemblies are missing.  The .NET SDK for BOE XIR2 has to be installed from the Enterprise installation CD.  It is not available as a stand alone installer or MSI.  
  Finally, you've made note of trying to include the Enterprise assemblies with an EXE.  BusinessObjects Enterprise is a web based application.  SAP Business Objects does not fully support using the Enterprise .NET SDK in Windows applications.  It may work, but any issues have to be duplicated in a web application before they'll be accepted for a possible fix.  Additionally, since the XIR2 Enterprise .NET SDK is not available in an stand alone MSI it becomes quite difficult to manage deploying the SDK to multiple workstations.
  Sincerely,
  Dan Kelleher

• Kanban authorization checks (SU24, PK13N, PK*)

  Hi,
  Does anyone know why the Kanban transactions (PK*) have mostly disabled authorization check indicators in SU24?
  In PK13N, for example, there is functionality to do a goods receipt (MIGO GR) and also functionality to create POs (and maybe more that I have not looked into yet).
  However, the related auth objects in SU24 are not enabled (check indicator = do not check).  This seems strange for these authorization objects.
  Especially in light of SoD.  Users could create POs or do Goods Receipt via PK13 without proper auth check and these 2 functions conflict already (using default GRC ruleset).
  But that's beside the point.  The question is: Is there a good reason why these are disabled and how is this NOT a secuty risk?
  Now, there is one object that is enabled: C_KANBAN
  But, I feel that this is insufficient to really secure the goods receipt action and the PO creation action.
  For reference, a list of disabled auth objects:
  C_STUE_WRK CS BOM Plant (Plant Assignments)
  C_TCLS_MNT Authorization for Characteristics of Org. Area
  F_BKPF_KOA Accounting Document: Authorization for Account Types
  F_FICA_CTR Funds Management Funds Center
  F_FICA_FTR Funds Management FM Account Assignment
  F_FICB_FKR Cash Budget Management/Funds Management FM Area
  F_FICB_FPS Cash Budget Management/Funds Management Commitment Item
  F_LFA1_APP Vendor: Application Authorization
  F_SKA1_BUK G/L Account: Authorization for Company Codes
  L_BWLVS Movement Type in the Warehouse Management System
  L_LGNUM Warehouse Number / Storage Type
  M_BANF_BSA Document Type in Purchase Requisition
  M_BANF_EKG Purchasing Group in Purchase Requisition
  M_BANF_EKO Purchasing Organization in Purchase Requisition
  M_BANF_WRK Plant in Purchase Requisition
  M_BEST_BSA Document Type in Purchase Order
  M_BEST_EKG Purchasing Group in Purchase Order
  M_BEST_EKO Purchasing Organization in Purchase Order
  M_BEST_WRK Plant in Purchase Order
  M_LPET_EKO Purchasing Org. in Scheduling Agreement Delivery Schedule
  M_MRES_BWA Reservations: Movement Type
  M_MRES_WWA Reservations: Plant
  M_MSEG_BWA Goods Movements: Movement Type
  M_MSEG_BWE Goods Receipt for Purchase Order: Movement Type
  M_MSEG_BWF Goods Receipt for Production Order: Movement Type
  M_MSEG_LGO Goods Movements: Storage Location
  M_MSEG_WMB Material Documents: Plant
  M_MSEG_WWA Goods Movements: Plant
  M_MSEG_WWE Goods Receipt for Purchase Order: Plant
  M_MSEG_WWF Goods Receipt for Production Order: Plant
  M_RAHM_BSA Document Type in Outline Agreement
  M_RAHM_EKG Purchasing Group in Outline Agreement
  M_RAHM_EKO Purchasing Organization in Outline Agreement

  Hi Steven
  Normally, when I submit OSS messages about security gaps the response is "working as designed", so I thought I'd try SCN first... perhaps it REALLY IS working as designed and there is a good reason why no auth checks should happen in this case.
  Unfortunately this is all too common. However, I have found a lot of the times it is a Level 1 Support person in SMP advising you of this. With perseverance and escalation to a the next level the chance of a fix is greater (still not a guarantee)
  It's a pity if working as per design they could explain why.
  MIGO can be used in display mode only. If PK13 and PK13N are meant to be display transaction and the SU24 allows you to perform change (i.e. none of the underlying auths are checked for change) then I would refuse to close the customer incident until SAP responds further. At the end of the day, if a display transaction allows modification then it isn't a display transaction
  I get the impression SU24 and some other security (e.g. authority check on '' instead of dummy) has been allowed to exist as customers give up and change the values themselves instead of getting SAP to fix their solution.
  You could also look at SE97 if call transaction can be switched to yes so users cannot jump from PK13N to MIGO (assuming the code was a CALL TRANSACTION)
  Regards
  Colleen
  P.s. - understand the comment with stale thread but take note of timezone and if you raise it on a Friday people may not see it until the following week. Although you did consider this, a lot of people on SCN put urgent in their question and then within the same day respond to their thread to "bump it" on the list

• No authorization for changing Customer Centrally- Idoc in Error Status 51

  Hi Experts,
  We are implementing MDM for one of the client.
  The client  runs a  modification scenario in MDM for Customer Master.
  He modifies a customer record in MDM and this record is transfered from MDM to ECC via PI through Idocs.
  We are using standard Idocs for Customer Master which is DEBMDM
  There are 2 Idoc's generated in ECC by PI from DEBMDM as DEBMAS and ADRMAS.
  ADRMAS Idoc is succesfull in ECC and the corresponding record is modified.
  Now the issue is that the corresponding DEBMAS Idoc goes into Error 51.
  The Error details is as below:
                                                                                  No authorization for changing vendor Centrally                                                                               
  Message no. F2326                                                                               
  System Response                                                                               
  You cannot access the requested data.                                                                               
  Procedure for System Administration                                                                               
  If necessary, include an entry in the user's authorization profile for  
      the authorization object and parameters specified below.                                                                               
  Authorization object:                                                                               
  o   F_KNA1_APP                                                                               
  Parameters:                                                                               
  o   Activity: 02
      o   Application authorization : *
  We gave the respective authorization object to the RFC User ID used in PI RFC created to connect to ECC.
  Also we have given the user id  Tcode authorization like XD01/02/03.
  But this error still persists.
  Request to throw some light on this.
  Cheers
  Dhwani

  Check these threads
  [Re: IDOC STATUS - 51 " IDOC HAS TEST STATUS|IDOC STATUS - 51 " IDOC HAS TEST STATUS";
  [Error Inbound IDoc - Status 51|Error Inbound IDoc - Status 51;
  thanks
  G. Lakshmipathi

• Authorization to access Web Client UI - CRM 2007 (v6)

  When I create a user in the system, I have to assign it a business role.
  Apart from assigning it work centers etc., I also need to assign a PFCG role.
  What authorization objects should I include in that PFCG role that will allow the user to access (login and view the homepage) of the Web Client UI?
  I assigned the user to a position in the Organization model, to the position I have assigned a business role.
  I have tried giving it the authorization object for BSP, but it doesn't help.
  After the login screen, I get the message saying "Sorry, Logon is not possible because you have not been assigned to a business role. Contact your system administrator. "
  Anybody facing the same problem? Is there any standard Role that I can assign to the user which will give it access to the Web UI?

  Hi
  you wrote "Deactivate the object S_SERVICE via Cross-application Authorization Objects"
  if I try with SU25 I get information like this :
  You have switched off Basis authorization objects (starting with S_) or
  HR authorization objects (starting with P_). However, these
  authorization objects must always remain switched on.
  The system ignores the fact you switched off these authorization objects
  when saving. All other data is saved when you continue.
  I always get an error in our system which says:
  "XX field value(s) for object S_SERVICE were not entered in the profile"
  what can I do with this?
  Thank you for all suggestions
  regards
  RAfal

• "No Authorization" error message when running Dashboards

  Hi Experts,
    I have successfully transported my dashboard from DKY system to IKY system. When I am trying to run the dashboard from IKY system it is throwing "No Authorization" error message. Since both the systems have same permission levels.
  Urgent help is needed.
  Regards
  Vishnu Priya

  Hi,
  Can you able to see the dashboard file in the IKY System.If yes then,check in the user level authorization in CMC,the particular user has been given to connection access(Under OLAP Connection if it is BI else Relational Connection).If you are not able to see the dashboard in particular folder then the folder level authorization might not assigned to that particular user/group.
  Regards,
  Venkat

• Problem in getting the application login page

  Hi Firends,
  I am facing problem in getting the application login page.
  http://localhost:7777/pls/apex/f?p=102:1
  when i am clicking this link it is not directing me to the login page for this application.please let me know what could be the reason behind this.
  Thanks in advance

  Hi Martin, many thanks for replying. Let me know how this could effect in not getting the login page. I have checked in my application,it is by default "No application authorization required " and other option is " must not be a public user " . Should i change it to " must not be a public user from no application authorization required"
  please put more light on it. Y i am saying this because it was working fine day b4r yesterday but today i am getting problem in finding the login page of my application aftr providing the url. i am following the SSO authentication scheme and under Home>Application Builder>Application 102>Shared Components>Edit Security Attributes , i have given f?p=&APP_ID.:1:&SESSION. as home link and under Home>Application Builder>Application 100>Page 101>Edit Page Process, this code i have provided
  wwv_flow_custom_auth_std.login(
  P_UNAME => v('P101_USERNAME'),
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => :APP_ID||':1'
  as a source code.
  i am really stucked into it, and i need to finish is ASAP. Please provide all possible reasons for this problem.

• Authorization error report

  I want to see authorization unsuccessful error report of 100 users from last 15 days.Is there any program need to executre or any process to get this?

  > venkat sap wrote:
  > Then there is NO solution for this?
  I can think of a few solutions, but USR07 would not be one of them. There is also an old post about this "last failed check" and "reason codes for failed checks" which suggested that a development request to enhance them might be on the cards. I eventually decided not to open the development request.
  A simple solution:
  To report on failed authority-checks for attempts to start transactions, the failed attempts to call RFC's and failed attempts to start reports, you can use the Security Audit Log (tcode SM20 <= use the search and the FAQ) for objects S_TCODE, S_RFC and S_PROGRAM. There might be false-positives for BDC programs... see the threads on function module AUTHORITY_CHECK_TCODE.
  A more complex solution:
  Intended for recording detailed information about authorization checks during the development of applications (much more detailed than USR07, SU53 and St01), there are an obscure set of tables which contain information about (failed) authority-checks. They are not intended really for production systems and there is a SAP note which explains how to use them and warns about consequences for rapid growth of the tables, particularly in large systems with many users... I could not find any infos on the search terms here at SDN, but if you are interested, I can dig in my box-of-tricks to see whether I can find the infos again. I dont think that it was originally intended for production systems though, much like ST01, debugging, etc, etc...
  If your authorization concept is confident of the application authorizations which the users have, then the simple solution would, in my opinion, be sufficient for monitoring purposes, which can then be drilled down further once abnormalities are found using a number of tools with forensic capabilities such as SM20, ST03N, STAD (if you are fast enough), F190, etc, etc...
  Cheers,
  Julius