Authorization problem using rsecadmin

Similar Messages

• Authorization issue using RSECADMIN

  Hi,
  I´ve created an Authorization using the new RSECADMIN tool. I´ve added the 0FUNDS_CTR characteristic filtered with an specific value.
  I´ve also added the 0TCAACTVT, 0TCAIPROV, 0TCAKYFNM, 0TCAVALID into the authorization.
  However, after I assing the authorization to a dummy user and try to run a report, it says that the user does not have authorization to view the report.
  it looks like I still need to create a role using PFCG and assign it to the user, but I dont see the advantages of doing that if I'm already using the RSECADMIN tx.
  What could I be doing wrong?
  Thanks in advance,
  Pablo

  Hi Pablo,
  please use transaction SU53 after you have executed the query. This transaction shows you the last authorization check, and hence also which authorization is missing (if one is missing).
  If you have restricted the error on analysis authorization, try to use the 'Execute transaction with user' (and save this execution in a log). The log should give you enough indication, which authorization is missing. For further information on the trace functionality, please search also this forum.
    Cheers
       SAP NetWeaver BI Organisation

• Interpretation of values in log generated for auth checks(using RSECADMIN)

  Hi experts
  Could you please help me in reading the error log which is created using transaction RSECADMIN.My question is in particular about the interpretation of the values which occurs in front of the authorization relevant characteristics in the section "main checks" of the error log.
  For example if I run a query , assumption(user is configured for auth. logs using rsecadmin and then finally when the query gets completed we see the authorization logs using rsecadmin only). Then in the log it shows what values were checked for the authorizations against authorized values/sets. Lets say there are 2 characteristics char1 and char2 which have hierarchies below them and I run a query with some values(any random nodes from hierarchy below char 1) for Char 1 and some values(any random nodes from hierarchy below char 2) for char2 in the query selection screen and after I run the query and see the log then below values are shown for log:
  Authorization Check  
  Detail Check for InfoProvider <INFOPROV > 
  and then comes the section related to value checks ( MAIN CHECK)
  Main Check
  Subselection (Technical SUBNR) 1  
  Following Set Is Checked                           Comparison with Following Authorized Set 
  Characteristic | Contents                           Characteristics |  Contents                                                                               result
  Char 1           | Node 0 4 0                           Char 1           | All values of nodes for Char1 for which user is authorized.          Ok/NOK
                       | 121339 1
  Char 2          | Node 3 1 98
                     | 121333 1                             Char 2                | All values of nodes for char 2 which user is authorized             Ok/NOK
  Could you please help in getting how shall I interperate the values which are being checked.I mean how exactly should i get the characteristic values from the below shown values
  Char 1           | Node 0 4 0      
                       | 121339 1
  Char 2          | Node 3 1 98
                     | 121333 1   
  I know that this might have some sids related to those values which are passed as nodes in the query selections but I am not sure how shall I get the values which are being passed for checks to the authorized set of values using above notification from sap.
  Could you please help me so that I can find out what values are passed for checks .
  I actually want to know how shall I use the values 0 4 0 121339 1 after the node for char 1 and 3 1 98 121333 after the node for char2.
  The values for the authorized set can be knows as they are shown at the end of the log but nothing is said about the node values which are passed for being checked.
  Please give me light on above so that i can use above informtion to find out what actually the user is not authorized for.
  I hope I explained the requirement to best of levels but still if this is not clear , please let me know.It might be possible that while posting the question some lines get merged (apology for the same but i could not fine the best way to put the same here).
  Thanks
  Vishal

  Hi Chandu
  Thanks for reply. But using the transaction RSECPROT and seeing the log from the rsecadmin both are same as the main program related to both of them is RSEC_PROTOCOL_MAIN.
  My question was related to this generated log only. I know that is in readable format but in log when you see what values are being checked against the authorized set then the part which is not clear to me is that what does the values in front of characteristic (for the node is selected as input value ( selection filter ) to see the data ) signifies.
  Please see example above (as given by me) and please help in interpreation of those generated values in front of charactertistics char1 and char2 (if possible) .
  Regards
  Vishal

• ACS 5.3 Authorization problem with using Identity Groups in Access Policy Rule

  Hello guys, I am found a problem which I can't solve regarding authorization with using Identity Groups in Access Policy rule.
  ACS version: 5.3.0.40.6 (internal build B.839)
  I have very simple RADIUS Authorization rule which authorize user on behalf of right Identity Group.
  Requested Identity Group exist
  Testing user is created in Internal Users and has assigned requested Identity Group
  Radius Access Policy: 
  Authentication against Identity Store Sequence, where authorization server is external RSA SecurID device and additional attributes retrieval is configured from Internal Users.
  Authorization is very simple – One Rule with only one Condition which is: Identity Group - in - Requested_Testing_Rule. Then Default rule is set to Deny.
  When I will try login with my testing user then authentication against RSA SecurID is OK, but authorization will be denied by Default rule – It looks like my Rule with Identity Group is totally omitted.
  I am managing several other ACS servers (version 5.3 but with older patches) where similar rules are working without problem.
  What I am tested:
  Remove testing user and create his account again.
  Rename Identity Group
  Use another Identity Group
  Remove Access Policy rule and create it again
  Use Compound Condition: System:Identity Group
  Use Compound Condition: System:UserID instead of Identity Group in Rule (it is working without problem)
  Do you have any idea where problem can be?

  OK guys, it started working yesterday without any configuration change. Maybe it was some database inconsistence wich was solved by ACS itself.

• Authorization Problem (I am Using Authorization For Custom Forms)

  Hi All,
  I am Using Authorizations To My Forms (I created One Addon For This Addon I am Using Authorization).I created Authorization For My Addon But While Working It Showing Some Errors
  . In My Addon Four Forms are there For  this four forms I am Using Authorization based on usres some screens only super  user can access. normal user he is not a super user he  cliekd on that authorization form it shows one message  Your not a authorized user to permitted this operation in this message box we have two butons one is ok button and one is Authorized by another user . When i clicked on Ok Button  I am getting error Internal error (-10) occured [131-183]. Please give me Your Valable Suggestion.
  I am waiting for  your Reply.
  Thanks & Regards
  Naresh

  I am using Sap Authorizations For My Custom Form  See The Code Also U Can Get Clear Idea
  Private Sub CustomAuthorization()
          Dim li_RetVal As Integer
          Dim pUserPer As SAPbobsCOM.UserPermissionTree
          Try
              pUserPer = Me.SBO_Company.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oUserPermissionTree)
              'Purchase Indent
              If pUserPer.GetByKey("NHCL_PM") = False Then
                  pUserPer.PermissionID = "NHCL_PM"
                  pUserPer.Name = "Purchase Module"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->New Purchase Indent
              If pUserPer.GetByKey("NHCL_PM_NPI") = False Then
                  pUserPer.PermissionID = "NHCL_PM_NPI"
                  pUserPer.Name = "New Purchase Indent"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010002"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent->View For Approval
              If pUserPer.GetByKey("NHCL_PM_VIE") = False Then
                  pUserPer.PermissionID = "NHCL_PM_VIE"
                  pUserPer.Name = "View For Approval"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010003"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Selection For RFQ
              If pUserPer.GetByKey("NHCL_PM_SEC") = False Then
                  pUserPer.PermissionID = "NHCL_PM_SEC"
                  pUserPer.Name = "Selection For RFQ"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010006"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Purchase Quotation
              If pUserPer.GetByKey("NHCL_PM_PUR") = False Then
                  pUserPer.PermissionID = "NHCL_PM_PUR"
                  pUserPer.Name = "Purchase Quotation"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010007"
                  li_RetVal = pUserPer.Add()
              End If
              'Purchase Indent ->Final Quotation
              If pUserPer.GetByKey("NHCL_PM_FIN") = False Then
                  pUserPer.PermissionID = "NHCL_PM_FIN"
                  pUserPer.Name = "Final Quotation"
                  pUserPer.Options = SAPbobsCOM.BoUPTOptions.bou_FullNone
                  pUserPer.ParentID = "NHCL_PM"
                  pUserPer.UserPermissionForms.FormType = "2000010008"
                  li_RetVal = pUserPer.Add()
              End If
          Catch ex As Exception
              Dim ErrCode As Long
              Dim ErrMsg As String
              Me.SBO_Company.GetLastError(ErrCode, ErrMsg)
              Me.SBO_Application.StatusBar.SetText("Authorization Problem" & ErrCode & li_RetVal, SAPbouiCOM.BoMessageTime.bmt_Short)
          End Try
      End Sub

• Mass Add authorizations using RSECADMIN for user tab

  Hi All,
  I sent the following to ask SAP if there is a way to do this and they told me they could not help unless I wanted to pay the consulting fees so I am now curious if they have a way to do this.  I have reviewed the help documents and OSS notes and could not find anything .  They pro-offered adding the authorization S_RS_AUTH to the role but I do not want to do that.  I want to do it by user instead of creating many multiple roles.  Below is the question.  Does anyone know how to do a mass add to authorizations to users using RSECADMIN.
  We want to be able to add multiple users to an authorization created
  through RSECADMIN rather than add them one by one to each user. Is
  there a mass user add with RSECADMIN. I looked and cannot find this
  feature. Thanks, Mary

  Hi,
  There are two different methods of assigning authorisations.
  Direct
  1. From the RSECADMIN transaction select 'Users', enter the name and select 'Change'. Use the value help to selct the authorisation in question and for a single value select 'Insert'. If you select the 'Nodes' option it is possible to select nodes of hierarchies on characteristic 0TCATUTH (a single ‘H’; not to be confused with 0TCAUTHH!). This char offers automatically all BI authorizations as virtual master data. These master data can be organized in hierarchies, a property that offers the possibility to group authorizations by meaning or application field. Press "Save" to save the assignment to database.
  Assignment via Roles and Profiles
  2. It is also possible to assign using roles or more specifically, profiles of roles. Use PFCG and instead of entering manually created object use S_RS_AUTH which gives you the BI Auth field to enter the appropriate authorisations.
  Hope this helps

• Authorization problem when using the Transaction Launcher

  Hi All,
  We have an authorization problem when we call a transaction (EL37) in ECC from the IC Web Client.
  We believe that we have done all the necessary customizing in CRM and when we press the link in the Navigation Bar we are asked to logon to our ECC system. After logging on, we get an error message saying that "You do not have authorization for transaction EL37". If I then enter the transaction directly in the white command field in top of the ECC screen, then I have no problem calling the transaction.
  My user has SAP_ALL, so it shouldn't be a problem with the authorizations. Maybe it has something to do with the transaction IC_LTXE? I have also tried to add this transaction to my user profile, but that didn't help.
  Does anyone have a suggestion for how to fix this problem?
  Kind Regards,
  Gitte.

  Hi,
  I have found the solution for the problem myself. The transation code in the Transation Launcher Wizard must be written in capitals! We had entered 'el37' and have now changed it to 'EL37'.
  Best Regards,
  Gitte.

• Report authorization problem 0BI_ALL

  Hi Experts,
  I have few days pending issue (trying to solve on my own but all the time some other error is popping out)
  There are 2 reports which need to be assign to 2 users. I can log in and see the report in Analyzer (on user desktop) and in SAP directly but user while login is facing problem:
  1st Analyzer was giving error "an error occurred while communicating with BI serv" I figure it out that there s value RFCH missing.. that was added... after in su53 system asked for authorization RSRT- added (but not sure if it s ok ) now it says authorization 0BI_ALL missing
  So for sure I cannot give 0BI_ALL but how to fix the problem??

  Hi
  Your Issue was not clear as per my understanding if user getting issue when opening Bex then that is different issue because GUI.
  Now user can able to login to system and when executing report if he is getting issues then issue with missing authorizations.
  You have not mention abt your Authorization model if you are using RSECADMIN then login with developer id and go to RSECADMIN and under Analysis select execute as provide user id name and tick check box With log and start the trasaction provide your report once it gives error then come back to same screen chek the log it will give you clear picture abt the missing authorizations.
  Regards
  Jagadeesh

• How I fixed my authorization problem

  There have been many posts on the authorization problem that has cropped up since the latest update of iTunes, and there doesn't seem to be universal cure. I fought it myself for a couple of weeks, and recently fixed it on my PowerBook and thought I would share it with others.
  The common theme here seems to be that it affects people who have had more than one account in iTunes. For the record, I have NEVER purchased music from the iTMS using a different account, so I was confused as to why this was happening to me.
  I have two Macs in play here: an older eMac at home and a PowerBook G4. My initial iTunes library started on the eMac, and then I moved it to my PowerBook a little over a year ago when I bought it. I purchased music from the iTMS on both Macs, using the exact same account.
  When I upgraded iTunes on my PowerBook, I reauthorized using my only account, and the music that I had purchased since I transfered my library worked just fine. The music that I had purchased on my eMac simply would not authorize!
  It dawned on me yesterday that I setup a .mac account on my PowerBook several months ago, although I never used it in the iTMS and I never used it on the eMac at home. I also realized that I had NOT run iTunes on the eMac since the most recent upgrade.
  I installed the iTunes upgrade on my eMac, and proceeded to authorize it with my only known iTMS account. No issues, and all purchased music was auhtorized, including songs that would not play on my PowerBook.
  On my PowerBook, I decided to authorize using my .mac username and password, even though I have NEVER used it to purchase music. I didn't even own that account when the music files in question were purchased. As I suspected though, the authorization went through and I can now play all of my purchased music from iTMS.
  When I try to step through this logically, it makes my head hurt. There is definitely a major problem with Apple's DRM authorization relationship somewhere, as there should be no reason at ALL for any of my music to require my .mac account.
  I don't know if this will help anyone, but if you're struggling with it and you have a .mac account, give it a shot and it might work.

  The fact that you saw no glitches while running Logic before applying the update means almost nothing because that uses only a small subset of system resources. Far more significant is that Safe Mode restored some missing functionality: because it disables non-essential items like user fonts, third party drivers, & so on, it points to problems in those areas.
  Equally significant, the fact that there are relatively few reports of post-update problems among the several million Snow Leopard users points away from the update itself as the cause of your problems.
  Separate & apart from that, it so happens that I'm a sound engineer/system designer/board operator with nearly 40 years of professional touring experience. FWIW, I never have & never will update the software of any system I must rely on professionally (whether it is running on a Mac, a PC, or dedicated hardware) unless & until I can thoroughly test it first and I have a trustworthy backup/recursion strategy to fall back on in case of problems.
  I strongly suggest you learn from your unpleasant experience & do the same. I have had far fewer problems with Macs than with PC's, but nothing is 100% reliable to begin with. Changing the OS software part way through the tour is just asking for trouble, no matter how reliable that has been in the past. Even if the budget allows for nothing better than a stack of burned CD's & a couple of consumer grade CD players, no professional tour can afford to be without some fallback strategy in place. That should be self-evident & require no warning from Apple or anybody else.

• Tunneling Problem using HttpsUrlConnection

  Hi,
  I had gone through forums regarding this topic and still i am facing the same problem using the HttpsUrlConnection. We are working behind a proxy so we have to make a proxy authorization if we want to connect to a server in the internet.
  But in case of HttpUrlConnection, everything works
  fine. But if we do the same with a HttpsUrlConnection, the authentication fails. It throws an IOException
  with the message
  Unable to tunnel through 192.9.100.10:80.
  Proxy returns "HTTP/1.1 407 Proxy authentication required"
  Sample code as follows,
  The following code doesn't have any problem becos it works fine with HttpUrlConnection and also it is working without proxyserver for https as well.
  This is running under MSVM.
  I don't want to use SSLSocketFactory and i need to use following layout(i.e only with Httpsurlconnection)
  Is there any way to make work with proxyserver? Or can't we do this at all?
  System.setProperty("proxySet","true");
  System.setProperty("https.proxyHost","proxyIP");
  System.setProperty("https.proxyPort","80");
  OutputStream os = null;
  OutputStreamWriter osw = null;
  InputStream is = null;
  InputStreamReader isr = null;
  BufferedReader br = null;
  URL url;
  String line = null;
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  String login = proxyUserName+":"+proxyPassWord;
  String encodedLogin = new sun.misc.BASE64Encoder().encode(login.getBytes());
  url = new URL("https://www.verisign.com");
  HttpsURLConnection con = null;
  con =(HttpsURLConnection) url.openConnection();
  con.setRequestProperty("Proxy-Authorization", encodedLogin);
  con.setRequestMethod("GET");
  con.setDoOutput(true);
  con.setDoInput(true);
  con.setUseCaches(false);
  con.connect();
  os = con.getOutputStream();
  osw = new OutputStreamWriter(os);
  osw.write("SampleMsg");
  osw.flush();
  osw.close();
  is = con.getInputStream();
  isr = new InputStreamReader(is);
  br = new BufferedReader(isr);
  while ( (line = br.readLine()) != null)
       System.out.println("line: " + line);
  Can any one help me regarding this?I need a reply very urgently.
  Thanks,
  Prabhakaran R

  Hope this help.
  Note to change the properties to fit your system, and use the supported package ( JSSE, JRE1.5.......).
  You can use URLConnection for both HTTP or HTTPS protocol.
  import java.io.*;
  import java.net.*;
  import java.security.*;
  import java.util.*;
  import javax.net.ssl.*;
  public class testSSL9 {
  public testSSL9() {
  byte[] data = httpConnection();
  System.out.println(new String(data));
  public static void main(String[] args) {
  Properties sysprops = System.getProperties();
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  // sysprops.put("java.protocol.handler.pkgs",
  // "com.sun.net.ssl.internal.www.protocol");
  sysprops.put("java.protocol.handler.pkgs",
  "javax.net.ssl.internal.www.protocol");
  sysprops.put("javax.net.ssl.trustStore",
  "D:/jdk1.4/jre/lib/security/cacerts");
  sysprops.put("javax.net.debug", "ssl,handshake,data,trustmanager");
  sysprops.put("https.proxyHost", "172.16.0.1");
  sysprops.put("https.proxyPort", "3128");
  sysprops.put("https.proxySet", "true");
  sysprops.put("http.proxyHost", "172.16.0.1");
  sysprops.put("http.proxyPort", "3128");
  sysprops.put("proxySet", "true");
  testSSL9 testSSL91 = new testSSL9();
  private byte[] httpConnection() {
  try {
  URL url = null;
  // String strurl = "https://www.verisign.com";
  String strurl = "https://central.sun.net";
  // String strurl = "http://www.yahoo.com"; --> use: HttpURLConnection
  url = new URL(strurl);
  HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
  HttpsURLConnection.setFollowRedirects(false);
  connection.setDoOutput(true);
  connection.setDoInput(true);
  connection.setUseCaches(false);
  connection.connect();
  InputStream stream = null;
  BufferedInputStream in = null;
  ByteArrayOutputStream bytearr = null;
  BufferedOutputStream out = null;
  try {
  stream = connection.getInputStream();
  in = new BufferedInputStream(stream);
  bytearr = new ByteArrayOutputStream();
  out = new BufferedOutputStream(bytearr);
  catch (Exception ex1) {
  System.out.println(ex1);
  System.out.println("Server reject connection...sory");
  int i = 0;
  while ( (i = in.read()) != -1) {
  out.write(i);
  out.flush();
  stream.close();
  in.close();
  bytearr.close();
  out.close();
  return bytearr.toByteArray();
  catch (Exception ex) {
  ex.printStackTrace();
  return null;
  }

• ATV2 "authorization" problem

  So, I purchased an ATV2 at Heathrpw airport before I left UK as well as a cheap (£14.95) HDMI cable.
  I wanted to use the ATV2 in my home in Switzerland and purchased a Sony Bravia TV to watch it on.
  1. My first problem, when streaming content from my iTunes is that the ATV2 sometimes gets "disconnected" from the television, i.e. I see the blnk HDMI1 screen for a split second, then it reconnects.
  2. Second problem is that after about 15 minutes of watching anything on my ATV2, the picture turns to a combination of pink and blue, the picture is still visible but i have never seens anything like this.
  3. third and most annoying problem: I rented a movie directly from ATV2 last night (with my UK iTunes account), paid for it, and when it pops up on the screen saying it is ready to be watched, I pressed play but it loads, then authorizes and then a message appears that "this device is not authorized to play this content".
  I thought that perhaps this was one movie, so I rented a second one. When that didnt work, I figured it may be because I am in Switzerland and using a UK iTunes account, so I logged into my swiss one and rented something else. To no avail!
  *Things I have done to try and fix the problems*
  1. I have authorized and de-authorized my computer
  2. I have reset the ATV2 to its factory settings
  3. I have tried Swiss as well as UK iTunes accounts to rent movies
  This is increedibly frustrating and I hope someone can help! Thank you in advance!

  I too got an ATV 2 very recently. From my iMac I can order movies and watch them (as well as music, etc.). From my MacBook Pro I can do all except stream movies. Every time I try something new on the MacBook Pro (I keep buying the same two movies, so "they" know I am sincere), I get authorization problems.
  1. REMOTE: I can preview but not watch ATV 2 movies using the remote: "your apple tv is not authorized to play this content."
  2. MACBOOK PRO: I cannot use my macbook pro itunes to order and watch movies (music yes, movies no): "Authorization is required..." even though I have authorized/reauthorized the laptop 10 times. And I have reset/restored ATV 2.
  3. IMAC: I can use my iMac itunes to order movies. I then choose that computer on the ATV 2 screen and movies stream.

• Analysis Authorization created in RSECADMIN

  Hi
  I created an alaysis authorization using the transaction RSECADMIN following the steps
  Step 1:
  Activate all business content related to authorizations before you get started:* InfoObjects: 0TCA* and 0TCT*
  InfoCubes: 0TCA*
  Set the following InfoObjects as "authorization relevant":* 0TCAACTVT
  0TCAIPROV
  0TCAVALID
  0TCAKYFNM (optional, if key figure restriction needed)
  Add 0TCAIFAREA as an external hierarchy characteristic to 0INFOPROV (optional)
  Step2 :
  RSA1 -> InfoObjects -> Business Explorer Tab -> Flag 'Authorization relevant
  RSA1 -> InfoObjects -> Attribute Tab -> Flag 'AuthorizRelevant'
  Step 3 : Created a role in PFCG and inserted the above authorization value in S_RS_AUTH
  Step 4: Maintained the following values in the role
  S_RS_COMP : Query Accessibility
  Activity: 03,16
  InfoArea: '*'
  InfoCube:*
  Name (ID) of a reporting component:*
  But still we are not able to restricted the data that is displayed when the query is executed.(It is displaying all the data without checking for the authorization created above)
  Below is the error that is displayed in the trace for this user in RSECADMIN
  There Are No Characteristics That Have to Be Checked in Detail

  Sai,
  Have u restricted authorization relevant characteristic to some values in authorization object in RSECADMIN?If so, at query level u have to create a variable with processing type "authorization variable" and variable represents option "multiple single values" or "selection options" either is fine and also u have to uncheck option "Input ready" on ur authorization relevant characteristic and drag that variable in global filter.Try to login again and check the query.
  Chandu

• Profit center and comapny code missing authorization problem.

  Could you help any body,i have some missing authorization problem with profit center and company code,
  How to search the roles  which having require profit and company code values.
  Is there any way to search.
  Please let us know very fast.
  Thanks in advance

  Another, and probably much easier way, is just to use Ctrl + Y... and use subsets of the selections in the SUIM reports.
  But I can well understand the temptation to use tables or at least double-check the SUIM output against them.
  The bugger with tables is that you can easy make the same mistakes or more than the SUIM reports do, or use old obsolete tables, or incorrect logic when interpreting single fields of the user tables.
  Personally,  I would normally check the exits first. Developers don't always raise self-explanatory messages...
  Cheers,
  Julius

• Workflow binding not working - authorization problem?

  Hi Experts,
  I have the following problem in 4.6C that happens only for a specific user, so maybe an authorization problem.
  There is a task in the workflow that calls a method with ME21N. The method takes the PO after the transaction call, creates a BUS2012 object from it and passes it to the task. The task then passes it back to the workflow. The next step of the workflow uses this PO object.
  For this specific user, the ME21N method executes fine, PO is created. The task container in the wf log shows the object in it. But the workflow container does not have it, so it was not passed from the task to the workflow. Hence, the next task that uses the object does not start but the workflow system raises an error:
  OL 808: Object with runtime number '0' not defined
  WFEA 031: Step 0000000058 of WS********: Binding from workflow to work item aborted
  This happens only for one specific user, everyone else can execute the tasks without a problem, the PO object is passed to the workflow.
  Is there a specific authorization object required for the bindings of the workflow to work correctly?
  Any help is appreciated.
  Regards,
  Krisz

  Hello,
  You can check for authorization problems in SU53.
  Did this suddenly start happening for this user, since when? I'd doublecheck that binding.
  regards
  Rick Bakker
  Hanabi Technology

• Upgrade authorization problems

  I've upgraded to 7 and itunes is telling me that I don't have access to 350+ songs due to authorization problems. These are all songs that I've purchanced on the same computer that I've upgraded. They are counting this as a compter transfer? I don't want to lose the rights to the songs that I've paid for because I've upgraded the media player! Any help here? I hope that there is an easy fix to this.
  Thanks.

  I have finally solved the problem myself. iTunes email support suggested that I rename my /Library/Preferences/SystemPreferences folder and reboot. The idea being that the error was a network problem and the reboot would repopulate the defunct SystemPreferences folder. Of course this will hose all of your network settings as well. Unfortunately my SystemPreference folder didn't repopulate correctly. I was left without access to the AirPort and no way to reconfigure it through the GUI. This is where iTunes support pawned me off on applecare, who was also unable to resolve the problem. They wanted me to mail them my macbook and wait 7 days for them to have a "product specialist" reinstall the OS. So, I reinstalled the OS myself. No luck. Having saved the old SystemPreference folder I began swapping out some of the old files for new, eventually finding a combination that allowed for iTunes to authorize purchases and the AirPort to be configurable. In the process I learned a bit about the .plist configuration files OSX uses. If you have the same problem I did, save your old preferences.plist file and make certain the new airport.plist points to the correct alphanumeric identifier for your airport.