Assign/Map X509 certificate to the SAP User

Similar Messages

• Transaction Notofocation Procedure - How to know the SAP user?

  Hi Experts,
  In the transaction notification procedure can we know the name of the SAP user whose transaction is being processed?
  Thanks a lot.
  Regards,
  B.

  hi
  sapgenpse get_my_name -v -n validity
  http://wiki.sdn.sap.com/wiki/display/Basis/HowtorenewtheSAPRouterlicense
  http://www.saptechies.com/how-to-renew-the-sap-router-certificate-validity_1/
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCCSTROUT/BCCSTROUT.pdf
  Kiran

• How to link the Business Partner with the SAP User ID.

  Hi,
  We are working on a scenario wherein the resources are created as Business Partners in R/3.
  now How to link the Business Partner with the SAP User ID.

  HI AP,
  Maintain the business partner in role Internet User - BUP005.
  Now assign the existing user to this BP .(you can make this assignment in tab "internet user'. Just enter the user name in the field User and save).
  You can now see the link in table HRP1001.
  Cheers,
  Rishu.

• Error when generating IDoc from MC document - workitem to all the SAP users

  A workflow item with the subject of “Error when generating IDoc from MC document” is sent to all the SAP users' inbox. Is it possible to stop the generation of this work item? If that is not possible, can we limit sending the work item to a specific user/agent instead of all the users in the system?
  It appears that these work item or error message are generated when one of the developers reopen the POs and add line items. Moreover, during that time the procurement team blocked the IDOCs from going out to the vendors when changing and resaving the POs. Therefore, we need stop the generation of error message/work item when the IDOCs generation blocked.

  Please check Rule 70000141which is the default rule for this task. Inside this rule a FM is attcahed which is reading table EDO13 and EDPP1 where agent is retrieved Probably this table entries are not maintained. This Workflow is getting triggered from Message cOntrol I think.
  Please check this link for
  http://help.sap.com/saphelp_47x200/helpdata/en/c5/e4aec8453d11d189430000e829fbbd/frameset.htm
  <b>Reward points if useful and close thread if resolved</b>

• How to assign single responsibity to all the applications user?

  how to assign single responsibity to all the applications user?
  Thanks in advance

  Use FND_USER_PKG.AddResp
  How to use FND_USER_PKG.AddResp
  Re: How to use FND_USER_PKG.AddResp
  single responsibility to all users
  Re: single responsibility to all users

• Communication to the SAP user's though SAP e-mails

  Hi, SAP Gurus,
  can we communicate to the SAP user's though SAP e-mails that so and so SalesOrder has been issued etc.
  Can we know the  procedure to be followed for this communication.
  Regards,
  Sree

  Please read OSS note 454893 and other notes referred in it.

• Mapping X509 certificate to User

  Hello Everybody,
  I am accessing SAP R/3 Function module from the outside(JAVA Application) using JCO connections.
  I got sucess doing this using Basic authentication.
  I have passed fix username and password to connect to the SAP R/3 from my JAVA program.
  But, now i want to pass X509 certificate from my Java application to SAP R/3 for authentication. I have completed my work from JAVA side. But at SAP R/3 side i don't know where to add this X509 certificate and how to map this certificate to perticular user in SAP R/3.
  If anyone knows then please help.
  Its urgent, so if anybody has some idea then please help.
  Thanks in advance,
  Bhavik
  Message was edited by: Bhavik Devisha

  Through the T-Code : PFCG you have to create the Authorization group .
  the authorization group should contain the object:
  Z:PO_APPROVER_00 ( Authorization group name).
  Add manually the object.
  First select the object  MM_E (Materials Management: Purchasing)
  Under that select M_EINK_FRG
  Assign values properly to the
  Release code: FRGCO
  Release group :FRGGR
  After that use the T-Code : SU01 to provide the rights to the user XYZ.
  By
  Subrahmanian

• Ramifications of assigning a wildcard certificate to the SMTP service (needed for Exchange 2010 Hybrid Configuration - Office 365)

  Hello All:
  I am receiving an error when I run the Manage Hybrid Configuration wizard - ERROR:Updating hybrid configuration failed with error 'Subtask NeedsConfiguration execution failed: Configure Recipient Settings. I have opened a SR, but figured I'd try the forums,
  too. I have a wildcard certificate from GoDaddy (MS says they support wildcards from GoDaddy) & that cert has only the IIS service applied to it on the CAS. I've read in the Exchange Server Deployment Assistant that it should have the SMTP & IIS services
  assigned to it, but my question is - SMTP on the CAS (separate server) or on the Mailbox/Hub Transport (separate server)? And what are the ramifications of assigning the SMTP service to, let's say, the CAS? We have had multiple issues every time the servers
  get updated/changed; I do not want to disrupt services further, as the Manage Hybrid Configuration will be done during business hours.
  If anyone can provide any assistance/clarification, it would be most appreciated.
  Thank you.

  Hi,
  We can enable a Wildcard certificate with SMTP service for Exchange Hybird Deployment. The SMTP service can be assigned to multiple certificates. For some Exchange services such as OWA, Ecp, ActiveSync, Autodiscover service, OOF, it is used with Exchange
  certificate with IIS service. And there is usually only one certificate can be assigned with IIS service.
  Please just make sure your Wildcard certificate can contain all namespaces which are used for all internal URL and External URL configuration in Exchange services. About how to import an existing wildcard certificate on the Exchange 2010 Hybird servers,
  please refer to the Import & Enable Third Party Certificate on Hybrid Servers
  part in the following article:
  http://www.msexchange.org/articles-tutorials/office-365/exchange-online/configuring-exchange-hybrid-deployment-migrating-to-office-365-exchange-online-part9.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please
  make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Winnie Liang
  TechNet Community Support

• How do i assign new portal desktop to the specific user or group?

  Hi all
  I created new portal desktop, and i want to assign it to the specific user or group.
  Can anybody help me regarding this.
  Help appreciated
  Thx
  PRadeep

  Hi Pradeep.,
  1. add a new 'IF' rule.
  2. Edit it in the edit section (above the 'IF's part) to 'user' (in the dropdownlistbox) = <userid> (free text).
  3. Press 'Apply'.
  4. Edit the 'Then' section of the new IF to show the new portal desktop. You can add the full desktop's id by right clicking on it in the 'browse content' section if the screen (where you opened the Display Rule from) and choosing 'add portal desktop to expression'.
  5. Press 'Apply'.
  6. Move your 'IF' up. Display rules are evaluated from top to bottom until the first one that applies.
  Hope that helps,
  Yoav.

• How to chek the sap users from all the clients

  Hi Experts,
  I have a server which got 3 clients
  100, 200, 300 and I want to check out all the users of 3 clients at one shot
  Please let me know how to check this?
  Thanx in advance
  Regards
  Jawed

  Hi,
  I am afraid table USR02 is client-specific. Using display you can only view the records which belong to your current client. 
  You can use Tcode USMM (User measurement data)- User classification lising and view all the client users you need, or use report (RSUVM005) in se38.
  Thanks,
  George

• Sap User Managment - Can't Modify the Id User

  I want to modify the SAP R3 User Id, but I couldn't.
  It told me that, Field USERNAME not a member of BAPIADDR3.
  Anyone have an idea?
  2008-07-07 14:27:59,020 INFO [STDOUT] Running SAP R3 Modify User
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] modifyUserInformation : User modification request
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] userId:PRUEBA10, fieldValue:PRUEBA10-0, fieldName:USERNAME,bapiKey:ADDRESS,bapiKeyXADDRESSX
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Request
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] Inside XLSAPUTILITIES
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Requesting****
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection creation.
  2008-07-07 14:27:59,020 INFO [XL_INTG.SAPUSERMANAGEMENT] After Create Client
  2008-07-07 14:27:59,035 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Connection creation successfull.
  2008-07-07 14:27:59,098 INFO [XL_INTG.SAPUSERMANAGEMENT] returnStructure:User PRUEBA10 exists
  2008-07-07 14:27:59,098 INFO [XL_INTG.SAPUSERMANAGEMENT] Type:I
  2008-07-07 14:27:59,098 INFO [XL_INTG.SAPUSERMANAGEMENT] Mesage NUMBER:088
  2008-07-07 14:27:59,098 INFO [XL_INTG.SAPUSERMANAGEMENT] User exist in SAP
  2008-07-07 14:27:59,098 INFO [XL_INTG.SAPUSERMANAGEMENT] User modification start :USERNAME
  2008-07-07 14:28:00,035 ERROR [XL_INTG.SAPUSERMANAGEMENT] Modify User Base Exception for user id :PRUEBA10
  2008-07-07 14:28:00,035 ERROR [XL_INTG.SAPUSERMANAGEMENT] Modify User JCO Exception: Field USERNAME not a member of BAPIADDR3
  2008-07-07 14:28:00,035 ERROR [XL_INTG.SAPUSERMANAGEMENT] userId:PRUEBA10, fieldValue:PRUEBA10-0, fieldName:USERNAME,bapiKey:ADDRESS,bapiKeyXADDRESSX
  2008-07-07 14:28:00,035 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection Close.
  2008-07-07 14:28:00,035 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Connection Close successfull.
  Thanks

  Oh, thanks. It seems that I must create my own java code to resolve it.
  To rename the sap user id, I will have to call to the tasks, create user and later delete old user, but my question is. How could I copy, to the new user, the old user's roles and profiles?
  Obrigado ;)

• Usage of SAP* user in OOSB

  Hi Gurus,
  I'll be implementing Structural Authorization for my current project.
  I received requirement to restrict ESS and MSS display access specific to Qualification/Qualification Group (by object ID).
  General Authorization cannot specify the restriction by Object ID, thus I'm considering to restrict it using authorization profiles.
  Restriction for MSS view has successfully tested since MSS users will be assigned with MSS Authorization Profile in OOSB. The issue that I'm facing at the moment is how to apply the same restriction to ESS without assigning ESS IDs in OOSB - approximately 40K ESS users; will it impact the system performance anyway?
  If I were to use similar authorization profile defined in OOSP as per MSS, the only way to make it effective for all ESS users without assigning PD profile to each ESS ID in OOSB is by using SAP* - this is based on my understanding referring to notes that I found as attached below. I plan to customize authorization profile specific for ESS users and assign it to SAP* - still in test stage.
  Here are the statement that I'm referring to from the notes mentioned above:
                " What happens if the table doesnu2019t contain entries for a specific user? In that case, the authorization check uses the
                  entry of the SAP* user. So, the profile stored for this user is applicable if an entry has been left out."
  Please correct me if I'm wrong and appreciate your advice on this matter. Million thanks

  Hi,
  In this scenerio you can activate Context based structural authorizations where the Auth profiles are not assigned to User Ids directly but assigned via Custom roles using authorization objects P_ORGINCON (HR: Master data with Context) and P_ORGXXCON (HR: Master data- Extended Check with Context).
  Authorization objects P_ORGINCON and P_ORGXXCON consists of the same fields as to P_ORGIN and P_ORGXX respectively and has been expanded to include the PROFL field. The PROFL field is used to determine which structural profile the user is authorized to access (as per table T77UA - User Authorizations = Assignment of Profile to User).
  Additionally,I f you have requirements that cannot be mapped using the P_ORGINCON and P_ORGXXCON authorization objects (for example, because you want to build your authorization checks on additional fields of the Organizational Assignment infotype 0001 that are customer-specific) and if you want to implement the context solution, you can include an authorization object- P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context) in the authorization checks yourself.
  Please note following switches have to be activated for Context based Structural authorization in table T77S0 (tcode- OOAC)
  AUTSW INCON (HR Master Data (Context))- Authorization Main Switch that controls whether the P_ORGINCON authorization object should be used in the authorization check.
  AUTSW XXCON (HR Master Data: Extended Check (Context))- Authorization Main Switch that controls whether the P_ORGXXCON authorization object should be used in the authorization check.
  AUTSW NNCON (Customer Authorization Object (Context))- Authorization Main Switch that controls whether the P_NNNNNCON customer-specific authorization object should be used in the authorization check.
  Hope this is helpful!
  Thanks
  Sandipan

• SAP User Authentication via Windows Active Directory

  The non-profit company I work for as an SAP Security Admin has been using SAP since 1999.  We are currently running ECC 6.0, BI 7.0, and CRM 7.0.  With fewer than 300 SAP users, we have not implemented CUA, so each of our multiple clients in these systems is managed independently. 
  The company recently licensed and implemented some non-SAP software to be used by all of our employees (~1200) in keeping track of & catagorizing their work time; a very handy feature of this software is that it depends upon Windows Active Directory for user authentication.  Therefore, each employee logs into this time-keeping package by entering his/her standard PC userID & password.  If you can log onto your PC, you can log into the time-keeping software. 
  That got me thinking & researching, because our SAP users - especially those who have access to three or more SAP clients - must maintain their passwords independently in each SAP client that they hope to access in the future.  I'm certainly not the first person who has thought of how nice it would be to permit SAP users to log into all SAP clients across the landscape in which they have defined userIDs, using the same password that they are using to log into their PCs (i.e., the password that is stored & maintained in Windows Active Directory).  My quest has led me to find presentations on this topic that typically involve modules we aren't using & very complicated configurations that we really lack the time & resources to employ; or, to third-party solution providers who claim to be certified SAP partners who would love to sell us more software to provide this convenience, usually irelated to single sign-on, LDAP, etc.  The lowest pricing tier for such software usually would cover many times the number of SAP users we have to serve here - and it feels like trying to push in a tack using a sledgehammer.  It is true that we have not used the same userID for our PCs that we have defined in SAP, so there would need to be some way to translate from one to the other, but our PC password rules are consistent with those we have configured in SAP clients, so it seems to me it should be very simple.   Can anyone lead me to a more straightforward solution?  If not, can you articulate why this has to be so complicated using SAP software when it seems so simple using relatively inexpensive timekeeping sotware?

  >
  Gagan Deep Kaushal wrote:
  > Hi Tim,
  >
  > Its nice to see video.
  >
  > Is that mean using different username on OS and SAP level still we can achieve SSO.
  >
  > Correct if if am wrong.
  > The only thing we need to maintain SNC name.
  Once installed, yes. This is all you need to maintain when users are added. You can even use LDAP if you like to sync all user info between SAP and MS AD domain, but this cannot sync the password, so using SNC authentication instead of using SAP passwords is ideal.
  >
  > So for user test1 i can manage name as p:test2.....  ??
  Yes, that is correct. The mapping is maintained using standard SAP user management, such as su01. The user in AD domain might have long account name, e.g. "firstname.verylonglastname" which is too big for use as a SAP username so you can map this long AD account name onto a SAP user called FIRSTLAST in one or more SAP clients.
  >
  > I think that is what Ronald is also looking, user name need not to be same.
  >
  > Regards,
  > Gagan Deep Kaushal

• SAP USERS ROLE TABLE

  Can some one tell me the SAP USERS ROLE TABLE
  I Will assign point to any input.
  Balance Roll forward     
  Change Vendor Line Items
  Change Parked Vendor Document
  Change/ Reverse Vendor Invoice     
  Check Processing
  Clear Accounts Payable Items
  Display A/P  Balance & Items
  Display Checks     
  Display Vendor Documents     
  Display A/P Master Data     
  Display Parked Vendor Documents     
  Account Payable Interest Calculation     
  A/P Invoice Entry     
  A/P Accounting Key Reports     
  Manual Payment     
  Payments Using Bill of Exchange     Display
  Payment Run Parameters     
  Create and Process Payment Run Proposal     
  Accounts payable period closing     
  Post Parked Vendor Document     
  Maintenance of Accounts Payable Master Data     
  Process Withholding Tax

  go to t code PFCG
  Search for roles with SAP_FI_AP*
  You could always create your own role.
  In the Menu tab add the t codes you have specified.
  You will then need to add the authorization objects in the authorization tabs.
  For the t codes you have I guess it would take an hour max.

• Importing SAP users from Prod to Prod

  What is the best way to migrate sap users and from one prod system to another.
  If I have those SAP user in BOBJ security groups?
  Is there a way to move them to new environment (save version) with IMport wizard or LCM and keep their current group memebership?
  Thanks,
  Dwayneat

  If the users and groups do not exist already on the destination system you may be able to migrate them in IW following the same rules as AD/LDAP. The SAP plugin should be configured the same (except no roles mapped in on the destination) and use the IW to migrate the groups/users. I have not tried this with SAP but 3rd party LDAP and AD work this way. If the SAP users show up in the IW I would think the same rules apply.
  Regards,
  Tim