Asa cmd authorization using acs
Hi all, i was trying to authorize the asa with acs 3.2 on priv lvl 7 using tacacs+,but the users were geting priv-lvl 15 only..
aaa-server aaa_serv protocol tacacs+
aaa-server aaa_serv host 10.0.0.10
key cisco123
aaa authentication serial console tac_serv
aaa authentication telnet console tac_serv
aaa authentication enable console tac_serv
aaa authorization command tac_serv
i had brought some commands also in priv 7 using privilege commandm but the problem is that when i try to login i am geting priv-lvl 15 only not 7.i had set in acs also in tacacs+ seting to assign priv lvl=7 only to the users .. but dnt knw why it is nt wrking ..
ASA does not have any authorization exec command so Priv Level does not work with ASA.
Max privilege(enable attrib. in ACS)works with ASA.
But if you implementing command authorization with ASA no need to configure max priv levels, let them all fall on priv level 15 and control access through command authorization.
2 main commands required for command authorization are
aaa authentication enable console tac_serv (this is because we do not have authorization exec in ASA so enable authentication is required for command auth to work)
aaa authorization command tac_serv
Similar Messages
-
Hi there,
We have an implementation of Cisco Secure ACS 4.1.4 using RSA SecurID as its authentication source to provide role-based access control and command level authorisation.
We have succesfully deployed this our routers/switches, and are now looking at configuring Cisco PIX/ASA devices to use ACS and have stubbled across issues.
Config on PIX/ASA (note we actually have 4 ACS servers defined for resilience etc):
aaa-server XXXXX protocol tacacs+
accounting-mode simultaneous
reactivation-mode depletion deadtime 1
max-failed-attempts 1
aaa-server XXXXX inside host <SERVER>
key <SECRET>
timeout 5
aaa authentication telnet console XXXXX LOCAL
aaa authentication enable console XXXXX LOCAL
aaa authentication ssh console XXXXX LOCAL
aaa authentication http console XXXXX LOCAL
aaa authentication serial console XXXXX LOCAL
aaa accounting command XXXXX
aaa accounting telnet console XXXXX
aaa accounting ssh console XXXXX
aaa accounting enable console XXXXX
aaa accounting serial console XXXXX
aaa authorization command XXXXX LOCAL
Problems:
Enter PASSCODE is NOT displayed on first attempt to logon to the PIX/ASA because it does not attempt to communicate with ACS until username/pass is sent.
Username with null password (e.g. CR) will correctly then display Enter PASSCODE prompt received from ACS.
PIX/ASA does not attempt to authenticate against all configured TACACS+ servers in one go, instead it tries each sequentially per authentication attemptâ¦.e.g.
1st Attempt = Server 1
2nd Attempt = Server 2
3rd Attempt = Server 3
4th Attempt = Server 4
This means that in total failure of ACS users will have to attempt authentication N+1 times before failing to LOCAL credentials depending on number of servers configured, this seems to be from setting "depletion deadtime 1" however the alternative is worse:
With âdepletion timedâ configured, by the time the user has attempted authentication to servers 2,3 and 4 the hard coded 30 second timeout has likely elapsed and the first server has been re-enabled by the PIX for authentication attempts, as such it will never fail to local authentication locking the user out of the device, the PIX itself does warn of this with the following error:
âWARNING: Fallback authentication is configured, but reactivation mode is set to
timed. Multiple aaa servers may prevent the appliance from ever invoking the fallback auth
mechanism.â
The next issue is that of accounting.....AAA Accounting does not record âSHOWâ commands or session accounting records (start/stop) or âENABLE".
The final issue is ASDM. We can login to ASDM successfully using ACS/RSA SecurID, however when a change is made to the configuration ASDM repeatedly sends the users logon credentials multiple times.
As RSA SecurID token can only be used once this fails and locks the account.
Any ideas on how to make two of Ciscos leading security products work together better?Just re-reading the PIX/ASA 7.2 command reference guide below:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/crt_72.pdf
It appears some of the above are known issues.
PASSCODE issue, page 2-17 states:
We recommend that you use the same username and password in the local database as the
AAA server because the security appliance prompt does not give any indication which method is being used.
Failure to LOCAL, page 2-42 states:
You can have up to 15 server groups in single mode or 4 server groups per context in multiple mode. Each group can have up to 16 servers in single mode or 4 servers in multiple mode. When a user logs in, the servers are accessed one at a time starting with the first server you specify in the configuration, until a server responds.
AAA Accounting, page 2-2 states:
To send accounting messages to the TACACS+ accounting server when you enter any command other than show commands at the CLI, use the aaa accounting command command in global configuration mode.
ASDM issue, page 2-17 states:
HTTP management authentication does not support the SDI protocol for AAA server group
So looks like all my issues are known "features" of PIX/ASA integration with ACS, any ideas of how to achieve a "slicker" integration?
Is there a roadmap to improve this with later versions of the OS?
Will the PIX/ASA code ever properly support the same features as IOS?
Would it be better to look at using something like CSM instead of ASDM? -
Using ACS for command authorization
I've setup my ASA for this and it works as it should, the restricted user can only run the commands I put into the command set in ACS.
However this is fine on telnet/SSH but when using ASDM the restricted account has level 15 access and is able to change things.
Can you use ACS to give a view only account on an ASA when using ASDM?thanks for the reply, I actually resolved it by watching the logs and seeing what ASDM needed, in the end had to add permit to the session command and also permit write net
this worked and gives the restricted user view only access to the config etc and also view only in ASDM. -
AAA IOS HTTS Cmd Authorization
On my ACS SE 4.2 setup I have CMD Authorization set up and it works nice, Service Desk type cmds: show, clear, telnet, traceroute, exit and then another group with full access (all cmds permitted). both user groups have Priv. Levels = 15.
However, (there is always one) with SDM access via HTTPS it appears that all you need is Priv. Level 15 to run SDM and make any configuration changes.
With my current setup, a user in the NetDevOper group when Telnet'ed or SSH'ed has access to a few commands, i.e. clear crypto sessions.
If I change this group from Priv Level 15 to, say 14, then I will have to 'Demote' the Clear command to Priv Level 14 on each device so this group can do simple clear commands.
My other choice is to disable HTTP access altogether, which is what I am leaning towards.
Is there another option available?Hi JG,
Thanks for your reply.
Do you know if there is a way to limit user access via HTTP(S) (SDM) so my Service Desk can use it, but cannot make configuration changes?
It appears to me that the IOS code for HTTP(S) (SDM) access is only checking to see if the user has Priv Level=15 and there is no other varibles being check.
If true, I will just disable HTTP(S) SDM access to the routers.
Thanks
Charlie -
TACACS+ command authorization and ACS "Quirk"(?)
Hi All,
I've created a limited access command set for a few of my engineers. They can shut/no shut ports, change VLANs on access-ports etc, but they can't access critical ports like uplinks. That's working fine. I'd like to take it a step further and ensure that they can't accidently assign a server vlan to a user access port. Using ACS 4.2
For the example, i'll use Vlan 101, which is one of my server networks.
My Command set says:
Command: switchport
Arguements: permit access, permit vlan, deny 101
Permit Unmatched Args is UNCHECKED.
When I debug the aaa authorization, i see this:
146425: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): user=<my Testuser>
146426: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV service=shell
146427: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV cmd=switchport
146428: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV cmd-arg=access
146429: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV cmd-arg=vlan
146430: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV cmd-arg=101
146431: Mar 8 09:39:19.162: AAA/AUTHOR/TAC+: (3413047404): send AV cmd-arg=<cr>
146432: Mar 8 09:39:19.362: AAA/AUTHOR (3413047404): Post authorization status = PASS_ADD
I know I have the correct command set applied, because it blocks me appropriately for other commands.
146451: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): user=<my Testuser>
146452: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): send AV service=shell
146453: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): send AV cmd=interface
146454: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): send AV cmd-arg=GigabitEthernet
146455: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): send AV cmd-arg=1/1
146456: Mar 8 09:39:22.526: AAA/AUTHOR/TAC+: (838742026): send AV cmd-arg=<cr>
146457: Mar 8 09:39:22.730: AAA/AUTHOR (838742026): Post authorization status = FAIL
Any thoughts why it's not working as expected?Don’t mean to be ignorant about this, but is there a way to export the config from ACS? Router config section is below…I’ve used this successfully with 4.2 several times…
ip tacacs source-interface gi 0/0
tacacs-server directed-request
tacacs-server key
tacacs-server host x.x.x.x
aaa new-model
aaa authentic login default group tacacs+ local
aaa authentic login no-tacacs none
aaa authentic enable default group tacacs+ enable
aaa author config-commands
aaa author exec default if-authenticated
aaa author commands 1 default if-authenticated
aaa author commands 15 default group tacacs+ local
aaa author console
aaa account exec default start-stop group tacacs+
aaa account commands 0 default start-stop group tacacs+
aaa account commands 1 default start-stop group tacacs+
aaa account commands 15 default start-stop group tacacs+
aaa account connection default start-stop group tacacs+
aaa account system default start-stop group tacacs+
aaa session-id common -
Configuring AAA Authorization on ACS 4.1
Hi,
Can anybody provide me links to any good documentation on how to configure AAA Authorization using Command Shell on the ACS 4.1 ? I would be really grateful if someone one can point me few links.
Thanks,
MeetHi
I would try looking at this link:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080088893.shtml
This describes how to plan, design and build shell cmd auth config in ACS.
Darran -
AAA authentication for networking devices using ACS 4.1 SE
Hi!!!
I want to perform AAA authentication for networking devices using ACS 4.1 SE.
I do have Cisco 4500, 6500,2960, 3750, 3560, ASA, CSMARS, routers (2821) etc in my network. I want to have radius based authentication for the same.
I want telnet, ssh has,console attempt to be verified by radius server & if ACS goes down then it will be via local enable passwordf.
For all users i need to have different privilege levels based upon which access will be granted.
could u plz send me the config that is required to be done in the active devices as well as ACS!!!!Pradeep,
Are you planning MAC authentication for some users while using EAP for others?
For MAC authentication, just use the following in your AP.
aaa authentication login mac_methods group radius
In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
In your SSID configuration, under client authentication settings,
check "open authentication" and also select "MAC Authentication" from the drop-down list.
If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
You will not need to change anything in XP.
NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
HTH -
Nexus, command authorization using TACACS.
Hello.
Can someone provide a sample configuration to use Cisco Secure ACS 4.2 to enable command authorization using TACACS.
Thanks.
Regards.
AndreaHi Andrea,
We've moved onto ACS 5.3 now - but we had our Nexus 5520's running against our old ACS 4.2 before that - so I've picked out the relevant bits of the config below:
username admin password role network-admin ; local admin user
feature tacacs+ ; enable the tacacs feature
tacacs-server host key ; define key for tacacs server
aaa group server tacacs+ tacacs ; create group called 'tacacs'
server ;define tacacs server IP
use-vrf management ; tell it to use the default 'management' vrf to send the tacacs requests
source-interface mgmt0 ; ...and send them from the mgmt interface
aaa authentication login default group tacacs ; use tacacs for login auth
aaa authentication login console group tacacs ; use tacacs for console login auth
aaa authorization config-commands default group tacacs local ; use tacacs for config command authorization
aaa authorization commands default group tacacs local ; use tacacs for normal command authorization
aaa accounting default group tacacs ; send accounting records to tacacs
Hope that works for you!
(That can change a bit when you move to ACS 5.x - as we've chosen not to do complex command auth (using shell profiles only) so instead you pass back the nexus role to the 5k - and it does the command auth (network-admin vs network-operator) based on that - so you just don't configure aaa command authorization on the 5k)
Rob... -
AAA Authorization Using Local Database
Hi Guys,
I'm planning to use AAA authorization using local database. I have read already about it, I have configured the AAA new-model command and I have setup user's already. But I'm stuck at the part where I will already give certain user access to certain commands using local database. Hope you can help on this.
FYI: I know using ACS/TACACS+/RADIUS is much more easy and powerful but my company will most likely only use local database.For allowing limited read only access , use this example,
We need these commands on the switch
Switch(config)#do sh run | in priv
username admin privilege 15 password 0 cisco123!
username test privilege 0 password 0 cisco
privilege exec level 0 show ip interface brief
privilege exec level 0 show ip interface
privilege exec level 0 show interface
privilege exec level 0 show switch
No need for user to login to enable mode. All priv 0 commands are now there in the user mode. See below
User Access Verification
Username: test
Password:
Switch>show ?
diagnostic Show command for diagnostic
flash1: display information about flash1: file system
flash: display information about flash: file system
interfaces Interface status and configuration
ip IP information
switch show information about the stack ring
Switch>show switch
Switch/Stack Mac Address : 0015.f9c1.ca80
H/W Current
Switch# Role Mac Address Priority Version State
*1 Master 0015.f9c1.ca80 1 0 Ready
Switch>show run
^
% Invalid input detected at '^' marker.
Switch>show aaa server
^
% Invalid input detected at '^' marker.
Switch>show inter
Switch>show interfaces
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 0015.f9c1.cac0 (bia 0015.f9c1.cac0)
Internet address is 192.168.26.3/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Switch>
Please check this link,
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Regards,
~JG
Do rate helpful posts -
Authorization in ACS 5.2
In ACS 5.2, when i add custom a shell profile to a rule in an authorization policy (used in a TACAS access service) it seems to be skipped.
I can see the rule is hit because the hitcount number increases (it hits because of the group id), and when i set the shell profile to deny access (as test), access is actually rejected. So i know the rule is hit, but anything i put in my custom shell profile at the common tasks tab (like an auto command or default/maximum privilege level) is not used.
The same goes for commands sets. When i add the set 'deny all commands' the user is still able to exceute all commands, although the rule is hit based on the group ID the user belongs to.
I must be doing something wrong, but i can't find my mistake.@ Edward; Same here, no authorization logging.
@ Nicolas; thanks for picking this up.
First of all, these are my AAA lines in the test 2901, running IOS 15.0.
aaa authentication login ACS-TAC group tacacs+ local
aaa authorization exec ACS-TAC group tacacs+ local
aaa authorization commands 0 ACS-TAC group tacacs+ local
aaa authorization commands 1 ACS-TAC group tacacs+ local
aaa authorization commands 15 ACS-TAC group tacacs+ local
I created a new Access service, of which the Identity part is working fine.
These rules are in the authorization policy:
This is rule1:
This is the Shell profile, just for test:
The command set is easy, denyallcommands. I want to add a specific command set for our service desk, but not before i can get it to work.
When i change the Shell profile of rule1 to DenyAccess i am not able to logon with the service desk account, so it looks like the authorization rule is actually used. -
Shell Command Authorization Sets ACS
hi i followed this guide step by step http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
but still all my user can use all the commands
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R3
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login milista group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa session-id common
memory-size iomem 5
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
multilink bundle-name authenticated
username admin privilege 15 secret 5 $1$CS17$3oeNpzTvJAyZTvOUP2qyB1
archive
log config
hidekeys
interface FastEthernet0/0
ip address 192.168.20.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0
no ip address
shutdown
clock rate 2000000
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial0/1
ip address 20.20.20.2 255.255.255.252
clock rate 2000000
interface Serial0/2
no ip address
shutdown
clock rate 2000000
interface Serial0/3
no ip address
shutdown
clock rate 2000000
router eigrp 1
network 20.0.0.0
network 192.168.20.0
no auto-summary
ip forward-protocol nd
no ip http server
no ip http secure-server
tacacs-server host 192.168.20.2 key cisco
control-plane
line con 0
exec-timeout 0 0
logging synchronous
login authentication milista
line aux 0
line vty 0 4
end
i copy the authorization commands from the cisco forum and follow the steps but no thing all my users have full access to all commands
heres my share profile
name-------------admin jr
Description---------for jr admin
unmatched commands------- ()permit (x)deny
permint unmatched args()
enable
show -------------------------- permit version<cr>
permit runnig-config<cr>
then i add this profifle to group 2 and then i add my user to the group 2
then i log in to the router enter with the user and i still can use ALL the commands i dont know what i am doign bad any idea?
can you give me if you can a guide to setup authorization with ACS i cant find any good guide jeremy from CBT gives a example but just for authentication i am lost i am battling with this prblem since wednesday without luck"you are testing with privilege level 15 or below 15. Because when you are using below 15 level user, first it will check local command authorization set. For example if you want to execute sh runn command with level 5 user, first it will check local command set. If the sh runn command exits in local command set then it will send request to ACS. If it is not in the command set, it won't send request to ACS. That's why you don't see debug. For 15 level users it will directly send request to ACS. Configure command set locally and try it should work.
Correct me if I am wrong."
Regards
Vamsi -
Shell Command(session) Authorization in ACS 4.2
Hi, All~
Our customer is using ACS 4.2.
They would like to restriction shell command(session) in ACS 4.2.
For examples,
MSFC => 'session slot [slot #] processor [processor #]' => Command authorization failed.
Is this possible to deny for shell 'session' command?
Have a nice weekend.
Thanks.
Bruce LeeBruce:
If you are running Cisco IOS then yes it is possible.
AFAIK the MSFC runs on 5600 hardware and that runs IOS so I think it is possible for you
look into this example
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
please rate if useful and let us know if you got any problem with the configuration.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you" -
Hi Guys,
its like I want to have only single user ID (Could be AD account or ACS local account) & want this user account should have level 1 access on some switches,routers & have rights to run specific commands on Core devices,firewall & should have level 15 on access devices.
So I want to use only one user account & want to have different level of Access & specific command authorization through ACS.
please help me on this.
ThanksHi ,
The trick here is to give Priv 15 access to the user is question and then deploy command authorization , so that user can only execute some specific commands.
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/spc.htm#wp697557
Pix command,
username Test password cisco
username Test privilege 15
aaa-server TACACS protocol tacacs+
aaa-server TACACS (outside) host 10.130.102.191 cisco timeout 10
aaa authentication http console TACACS LOCAL
aaa authentication ssh console TACACS LOCAL
aaa authentication telnet console TACACS LOCAL
aaa authentication enable console TACACS LOCAL
aaa authorization command TACACS LOCAL <--------- NEEDED FOR COMMAND AUTHORIZATION ON PIX
Regards,
~JG
Please rate if that helps ! -
Command authorization failed ACS 5.6
I have a new ACS 5.6 appliance set up that uses Active Directory authentication.
I created a shell profile, mapped it to the authorization rule, and then added devices to the system.
The first device I added was able to use ACS to authenticate and authorize users without any issues. In the ACS logs, it shows me log in and get the shell profile/privileges (15).
The second device I added authenticates me, but then I get a "command authorization failed" message every time I try to do something. In the ACS logs, it shows me log in (using AD), and get the same shell profile (level 15). Not sure what the problem is.
Here are the AAA settings on the switch
aaa authentication login listASH group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec listASH group tacacs+ local
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
tacacs-server host 10.1.2.212
tacacs-server timeout 3
tacacs-server directed-request
tacacs-server key <key>
line vty 0 4
access-class vty-access in
logging synchronous level all
login authentication listASH
transport input ssh
Network connectivity is fine, and obviously, the key works (because I authenticate). Nevertheless, I cannot get proper authorization.Hmm, the config looks correct, especially if it works on one device but fails on the second. Have you tried to issue some debugs and see if you are getting any errors?
debug aaa authentication
debug aaa authorization
debug tacacs authorization
Also, is there a version of code difference between the two devices? Perhaps you are hitting a bug.
Thank you for rating helpful posts! -
Problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN c
I met a problem when try to use ACSE+ Windows AD to authenticate two kind of WLAN clients:
1. Background:
We have two WLAN: staff and student, both of them will use PEAP-MSCHAPv2, ACSE will be the Radius server, it will use Windows AD's user database. In AD, they create two groups: staff and student. The testing account for staff is staff1, the testing account for student is student1.
2. Problem:
If student1 try to associate to staff WLAN, since both staff and student WLAN using the same authentication method, the auth request will be send to AD user database, since student1 is a valid user account in AD, then it will pass the authentication, then it will join the staff WLAN. How to prevent this happen?
3. Potential solution and its limitation:
1) Use group mapping in ACSE(Dynamic VLAN Assignment with WLCs based on ACS to Active Directory Group Mapping), but ACS can only support group mapping for those groups that have no more than 500 users. But the student group will definitely exceed 500 users, how to solve it?
2) Use methods like âRestrict WLAN Access based on SSID with WLC and Cisco Secure ACSâ: Configure DNIS with ssid name in NAR of ACSE, but since DNIS/NAR is only configurable in ACSE, don't know if AD support it or not, is there any options in AD like DNIS/NAR in ACSE?
Thanks for any suggestions!I think the documentation for ACS states:
ACS can only support group mapping for users who belong to 500 or fewer Windows groups
I read that as, If a user belongs to >500 Windows Group, ACS can't map it. The group can have over 500 users, its just those users can't belong to more than 500 groups.
Maybe you are looking for
-
Amigos, Não sei dúvidas de localização BR são colocadas aqui mas vamos lá: O governo acaba de editar a Medida Provisória 540 que vai alterar a forma de tributação do cigarro. Como sabemos, a função que calcula impostos na TAXBRJ não nos permite inser
-
Service Registry in PI 7.1 .. cannot connect from VC 7.1 on CE
Hello I am trying to access PI 7.1 Service Registry which maintains Services published on ECC centrally. VC is used as access tool which is installed on CE7.1. I have changed the Destination Templates UDDI_DESTINATION, CLASSIFICATION_DESTINATION to
-
Can't start video chat in Messages or iChat
Does anyone know why I'd be able to accept a video chat but not start one? I cannot initiate a video chat with one particular buddy. I have not yet been able to test with other buddies, so this could be on the other guy's end - but when he starts th
-
Well, the latest firmware fixed the trackpad issues that I was having. Way cool! Now yesterday, a new problem developed which I wondered if anyone else had experienced. Yesterday, when returning to my desk, I realised that my MBP was making a humming
-
Function SPLIT_LINE not working as expected
Dear All, I have created a BDC to upload Long Text of CJ20N along with the Dates. For this first the editable ALV is used where in the User can enter Long Text. It is working fine. I have used the below FM to split the text after every 50 characters