Authorization in WEB UI

Hello, Guru!
I want to create company wich generate lead. When i go to create Compaign (in role SAP_CRM_UIU_MKT_PROFESSIONAL) i see next error
Cannot display view MKTPRJ_COMMCHNL/OVEFChannels of UI Component MKTPRJ_COMMCHNL
An exception has occurred Exception Class  CX_BSP_DLC_CONFIG_GENERAL_ERR - Error creating configuration model 
Method:  CL_BSP_DLC_VIEW_DESCRIPTOR=>LOAD_APPL_MODEL 
Source Text Row:  27
When i add role Z_OBT i don't see this error and a see communication chanel.
How i can search authorization key which resolve this error?

Vladimir,
For localization your problem read this document:
How To Guide: PFCG Roles and Authorization  Concept
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/00515e75-f1d0-2c10-bebb-e5675f470ee6
Denis.

Similar Messages

  • How can I authenticate and authorize with Web Service on ESB ?

    Hello,
    I want to authenticate and authorize client with Web Service published
    by HTTP/SOAP BC.
    Simply if it is an Web Service as J2EE application, I will use
    Basic Authentication with JAX-RPC and Realm.
    But I think that Web Service published by HTTP/SOAP BC is not belong
    to J2EE Application. Threre is no place to describe security role mapping
    (like web.xml).
    JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
    JAAS Subject is given in the NM Properties. Really in this package
    com.sun.jbi.internal.security.*
    implements JAAS autentication and authorization (at JaasAuthenticator).
    But I can't see how to configure my Service to use this.
    How can I authenticate and authorize with Web Service on ESB ?
    I referred to the resources.
    Mutual Authentication for Web Services: A Live Example
    http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
    XML and Web Services Security
    http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
    JAAS Authentication Tutorial
    http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
    Thanks,
    Takurou
    - environment ---------------------------------------------
    OpenESB : Project Open ESB Starter Kit
    AppServer : Sun Java Systems Application Server 9.0 PE
    OS : Windows XP
    I don't assume to use SSL (if It's necessary I will try).
    User information is stored in a LDAP Server.
    -----------------------------------------------------------

    Hello,
    I read this resource.
    SecurityDesign
    http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
    Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
    But I can't see well why this page comments 'HTTP over SSL, TLS'.
    HTTP/SOAP Binding Component Overview
    http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
    Does BC support only "SSL server authentication" ?
    Doesn't BC support "SSL client authentication" by username/password ?
    Thanks,
    Takurou

  • TACACS Authorization of Web Interface on Aironet 1200 AP

    I have the Aironet 1200 AP setup to authenticate and perform authorization for the CLI via TACACS. That is working fine.
    However, the web interface is failing "ip http authentication". (Slight caveat - it works for a local user in the local AP DB - it does not work when it goes to CiscoSecure ACS to authenticate/authorize).
    I can get to some pages (prompt and pass authentication), but certain pages (e.g. Services>>SNMP) where configuration steps are taken cause a second prompt is presented, username and password is provided, and it fails.
    This is only evident from the output of a "debug ip http authentication"
    What do I need to configure in ACS to make this work?
    Relevant portion of config:
    aaa authentication login default group tacacs+ local
    aaa authentication enable default group tacacs+ enable
    aaa authorization exec default group tacacs+ local
    no ip http server
    ip http authentication aaa
    ip http secure-server
    Sep 7 13:40:59.885: HTTP AAA picking up console Login-Authentication List name: default
    Sep 7 13:40:59.885: HTTP AAA picking up console Exec-Authorization List name: default
    Sep 7 13:40:59.909: HTTP: Authentication failed for level 15
    Sep 7 13:41:06.757: HTTP AAA picking up console Login-Authentication List name: default
    Sep 7 13:41:06.757: HTTP AAA picking up console Exec-Authorization List name: default
    Sep 7 13:41:06.780: HTTP: Authentication failed for level 15
    This document appears to describe a scenario similar to mine, but is for http - not HTTPS:
    Local Authentication for HTTP Server Users
    http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080178a51.shtml#tac-win
    Any ideas what I may be missing here?
    Thanks,
    Jeff

    I found the answer was to use a more specific "ip http authentication" statement. Specifically,it required the following:
    CiscoSecure ACS:
    Group Settings
    Shell (exec)
    Priv Level = 15
    On the AP:
    had to enable:
    ip http authentication aaa login-authentication AP_Web (Named Method List)

  • Check user role/authorization during Web report run-time?

    Hello again,
    I ran into a problem. I need to check <b>user's authorization during webtemplate execution (run-time)</b>. I want to have a possibility to allow in one web template extra functionality (through template menu) to key users. Normal users, who are running same report, should not have this extra menu visible.
    Is it possible to check user authorizations or roles during web-template run-time?
    Thank you!
    Vitaliy

    Hi Harinam,
    From my logic your are right.
    The restriction is in two new roles (Requestor and Approver role).
    But ->
    If I assign my approver role the selection possiblities of the request types during the AR creation is restricted and the AR search function does not work.
    If I assign my requestor role the restriction of the request type is not there, but the AR search function works again. :-(
    If I assign the original approver role of sap I have the same behavoiur for the AR search.
    Both new roles are a 1:1 copy of the SAP standard roles - > Exception, ristriction on request type 'Execption Approval' is not displ.
    I have execute ST01 now. If I try to open the log, the system syst "No records that correspond to these search criteria".
    But I have found something else.
    The problem appears only if I search for Process ID "Access Request Approval Workflow".
    If I select other Process ID such as "Control Assignment Approval Workflow" or "Fire Fighter Log Report Review Workflow", everything works fine.
    Very strange!
    BR
    Melanie

  • Authorization in Web reports

    Hi ,
    I amfacing a authorization problem when executing the query in web.plz consider the senario below
    there are 2 seperate roles ,one for web and other for bex version
    we are having an authorization object for one characteristics. We are restricting this with auth variable in the query.I have created a particular role wih restriction on certain values on authorization obj.If I am executing the web version with this role alone then i am get an authorization error.If I am executing the web with * auuth for the auth obj then it is getting executed without auth error.
    Can some body help me and explain how authorizatio works in case of web reports.There is also a precalculation job scheduled

    Hi,
    Sorry for the confusion in the earlier mail.plz read the below mail
    My requirement is to have user specific precalculation of webtempletes.ie different users should see values for which they are authorized to when they login with their id in Web.(after precalculation job is executed)
    I checked precalculate user -specificaly flag in the reporting agent setting and executed the precalculation job. But when I logon with any id added in the reporting agent setting it is showing the " Requested document not found".
    Can somebody help me in solving this ? Thanks

  • Authorization for Web report

    Hello Experts,
    One of my user wants to see a report in the web and wants an authorization for the same. When he is trying to execute the query in the WEB he is facing the follwoing error.
    User SCANESIN has no RFC authorization for function group SDIFRUNTIME.
    What steps do i need to follow to resolve this issue.
    Regards,

    Hi,
    You can solve this problem with the help of your basis person.
    Go to the role of that use using RSECADMIN. Find the authorisation object S_RFC. Include SDIFRUNTIME in
    'Name of RFC to be protected' field. Activate the role.
    Regards
    Githen

  • Authorization about Web Dynpro ABAP

    Dear all:
                 I have some problem withs the authorization about the web dynpro for abap.Please give me some advices.
    For example: In my web dynpro abap,i have two tabs,one is "upload",anthor is "preview".Now there are two users,
    in this example ,i  assume user A and user B.If user A have the authorization of "Upload",and the user B have "Preview".
    Now how can i solve the problem ?  If i do not want to use the  code to implement it , is there any solution for it ? Thank  you ~
    Best wishes !

    Hi,
    There are many ways to achieve this, but without code changes I guess this would be the easiest route:
    Create 2 application configurations: one with Upload button Hidden and other with Preview Button Hidden.
    Now to run you application you have 2 URL's by vritue of 2 application configurations.
    Give the appropriate URL to required set of people.
    Learn more about [App Configuration Here|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/media/uuid/af5e19e7-0b01-0010-37af-bc816f9a240c]
    Hope this helps.
    Regards
    Manas Dua

  • Authorization in web services

    Hi all,
    I'm trying to understand security in web services and i've been
    studiying web services security blue prints in glassfish. But all the
    samples work with authentication and message security (stock
    samples).
    My question is how to implement the authorization part in
    web services, is there some way/sample to authorizing a
    specified role to execute some web service? I'm interested
    in a declarative way.
    I haven't found any way to specify this except in EJB
    security-constraints part. Maybe web services are just the entry
    point and relays authorization and real work to underlaying
    EJBs. Is that the right thing to do?
    thanx

    Please provide me with a reply as this is an urgent situation.
    Thanks in advance,
    Geet

  • Authorization and Web Services

    Hello guys,
    I've posted this question on the Identity Management forum, but since I had no answer I'm trying here (since this forum takes question about OWSM).
    I'm taking part in a mission to advise how to protect Web Services with OWSM.
    The authorization to execute a Web Service will be provisioned by the IAM Suite (OIM/OAM/OID etc)
    But before getting into the technical details I'm hoping to find a Best Practices guide for approaches on how to determine/map WHO is authorized to execute which Web Service.
    Since SOA promotes an heterogeneous environment where a Web Service can (and should) be reused by other process, and even other Web Services, I don't see clearly what drives this rules.
    For example, the authorization rules should be based on :
    a) User vs Web Services ?
    b) User Role vs Web Services ?
    c) Apps (or Business Process) vs Web Services ?
    d) All users are authorized to execute all Web Services as long as they are authenticated ?
    e) Something else?
    Thanks for an insight or any direction to papers about this subject.
    Adriano.
    Edited by: user11994311 on 1 oct. 2012 01:08

    You can find more information under this blog.
    https://blogs.oracle.com/owsm/
    I would recommand to go through what OWSM can provide then you can decide what you want.
    https://blogs.oracle.com/owsm/entry/owsm_concepts_11g
    Thanks,
    Vijay

  • Roles & Authorizations for Web Reports...

    Hello Experts,
    We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
    We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
    I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
    And also how to call a function from web applications.
    This is a kind of urgent issue any quick ideas would be greatly appreciated.

    I apologize for the difficulty in reading this  I will repost.
    We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
    With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
    The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
    Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
    To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
    Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
    <Font ID="UserID",,,textelement....</Font>
    Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
    [<SCRIPT language = "JAVASCRIPT">                       
      function fnRepOnLoad()
        var user_ID=document.getElementById("UserID").innerHTML;
        if (user_ID=='USER123')
          document.all["HEADTMPLT1"].style.visibility = 'hidden';
          document.all["HEADTMPLT1"].style.position = 'absolute';
        else         
          document.all["HEADTMPLT2"].style.visibility = 'hidden';
          document.all["HEADTMPLT2"].style.position = 'absolute';
    </script>
    The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
    We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
    As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
    Var User_template=document.getElementById("UserTmplt").innerHTML;
    If UserTmplt = HeaderTemplate1
    -->  make all header templates other than HeaderTemplate1 invisible
    else
    -->  make all header templates other than HeaderTemplate2 invisible
    etc...
    I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
    Best Regards,
    Larry

  • Authorization for web shop users

    Hi Experts,
    How can we Control the users at webshop level?. Can anybody explain me the step by step process to set up authorization group for web shops.
    Regards,
    S Reddy

    Hello,
    In each web shop there is an authorization group.  If left blank, any user can enter the web shop.  If it is populated with a value, only users with special authorization can enter the web shop.
    The authorization set is:  CRM_ISA_SP
    You maintain a value for the authorization object in role maintenance and assign it to your web show (as described above).
    You also to a user to control the user access to a particular web shop.
    The way it works is the system checks any user attempting to enter the shop.  If the user has the authorization object value assigned to it, the user can enter the shop. Otherwise, he is denied access.
    I hope this helps.
    Deb

  • Authorization on web interface urls

    Hi there.
    Is it possible to restrict user access to certain web interface urls?  i.e. we want to distribute the 'URL BSP APPLICATION' for various input templates to end users.
    We have played around with the authorization object r_webitf but it doesn't seem to do what we want.
    Thanks.

    Hi,
    Once you have the URL BSP Application, you can set authorizations for it in txn SICF.
    An entry would be there for this service (the application you have created) under /default_host/sap/bc/bsp/sap/ node.
    You can change the properties of this node in SICF, assign your authorization value in 'SAP Authoriz' field in the 'Service data' tab. Once you assign a value here (say 'abc'), users authorization will be verified for authorization object s_icf for this value (ie 'abc' in this case). You can now setup your authorizations as you wish. Users will get an error if they do not have authorization for this service.
    cheers,

  • Authorization for Web applications

    Hi, friends,
    We have already developed some Web applications and we stored the user id and encrypted password in the database using JCE. We can handle authentication by ourselves. But we want to set up authorization on these Web applications, for example setting up authorization on a certain Web directory holding a bunch of JSPs. How can we do that ?
    Thanks
    John

    Hi John
    We am writing a basic J2EE framework where we have pluggable Authentication modules using Kerberos etc. I was jus curious as to what your Authentication system uses and how its done.
    Gracias
    Ram
    I will add some of my comments on authorization as soon as the document is complete.

  • Authorization for Web Application Designer

    Hello,
    I'm trying to grant authorizations for the WAD without having to grant SAP_ALL and SAP_NEW. What authorizationobjects do i have to use?
    We're working on a BW7.0 (SP12) system.
    Kind regards.
    Joost Kruk

    hi Joost,
    take a look
    http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
    Business Explorer - BEx Web Templates (NW 7.0+)/S_RS_BTMP
    Authorizations for working with BEx Web templates
    Business Explorer – BEx reusable Web items (NW 7.0+)/S_RS_BITM
    Authorizations for working with BEx Web items
    BEx Broadcasting authorization for scheduling/S_RS_BCS
    Authorization for registering broadcast settings for execution.
    Business Explorer – BEx texts (maintenance)/S_RS_BEXTX
    Authorizations for the maintenance of BEx texts
    hope this helps.

  • Web Reporting Authorizations for Web Application Designer

    Hi,
    any information on authorizations in context with the Web Application Designer would be appreciated. I know the data access is regulated the normal class RS and RSR authorization objects. Any way to secure and regulate access to the Web items in the WAD?
    thanks,
    Michael

    Hi Michael,
    Security settings are the standard ones (RS/RSR) as you mention plus limiting access to Web templates using roles.
    I do not know any mean to limit access at the web item level; you can define security restrictions on the underlying queries though.
    Best regards,
    LauQ

  • Problem - acs command authorization and web access control

    Hi, I'm trying to add the control of some aironet 1310 bridges with a ACS 3.2 (tacacs+). I wanted to be able to do telnet command authorization restrictions trough shell command authorization sets and be able to give similar restrictive web access at the same time. I have it working if I permit some commands that are sent by the browser as "write memory quiet" and few other ones, but for it to work, I must give them limited users the privilege level 15 and by having the tacacs server authorizing the commands, it work for both, http and telnet. Where my problem begin is when I loose the connection with the ACS server, the user being already authenticated as level 15 user, the device become open to all commands; there is no more restriction applied by the ACS. Do anybody now a workaround.

    It is already at local, that is just that the user already have a level 15 access and I used to control the commands through level settings before. So when I try it, my user that is localy level 5 is already recognized as a level 15 user from when it was authenticated through the ACS. If I could find a way to give web access to the 1310 at priv level 5 and still controlling the command set, it would be ok but as soon as I try to access a page that is not permitted other way than by the view level (i think it's level 1... or 0), I get a username password prompt with that line on the top of it:"level_15_or_view_access" and the only way I can access it is by entering a level 15 un/pass. I attached my 1310 aaa config
    and here are the command set that work at level 15 to do a "shut" or "no shut" of the radio interface by the web interface:
    configure
    permit terminal
    exit
    permit Unmatched Args
    interface
    permit Dot11Radio0
    no
    permit shutdown
    permit cca
    ping
    permit Unmatched Args
    show
    permit Unmatched Args
    shutdown
    permit Unmatched Args
    telnet
    permit Unmatched Args
    write
    permit memory quiet
    Thanks for the help !

Maybe you are looking for

  • Error 3253 Network Connection was reset

    This is my first experience with iTunes and it may be my last! I am trying to download from iTunes. Several times the download has progressed for 9 minutes, but then when I reach 7.8 of 7.9MB completed the download stops and it gives me "error 3253."

  • [SOLVED] Rapidly changing pixels in X (Intel 945GME)

    Hi, A few days ago I managed to install Arch Linux on my EEE Box B202 (thanks, devs), containing an Intel 945GME chipset. Everything looks fine, but when I start X, the screen goes black for a few moments (monitor complains 'no sync') and when it is

  • My iTunes ext/int drive question a little more clear:

    How do you fully restore a back up of itunes? i have one fully saved on an external drive called 'backup' and it was from february, but i have only added some cd's since then, so they can be re-added later. So how do i clear what is in my internal ha

  • OO python - access instance in which object was created?

    I'm playing with python and qt a bit. Just for fun. To clarify what i meant with the title of this thread, i'll elaborate on what i'm doing. I've imported one "mainwindow" widget, and one "regular" widget constructed in qt designer. The idea is to ha

  • Question - reset default OS Install Permissions for /etc - Solaris 9

    Hello, I'm hoping that someone might be able to help me out or point me in the right direction. I have a Solaris 9 installation on an E250 where a cohort of mine accidentally did a "chmod -R 755 /etc" when instead his intent was to just apply "chmod