Authorization report cats_da

Similar Messages

• ACS 5.3 Showing Clear Text Password in Authorization reports

  Hello,
  When a tacacs user is changing the local password on the router (for local user), the acs 5.3 is showing the new password in clear text in authorization reports/logs.
  This behaviour is seen on acs 5.x, whereas acs 4.2 is showing encrypted password in the reports.
  I have checked debugs on Router and it is sending password in clear text in Tacacs Authorization packet but encrypted password in Tacacs Accounting logs.
  Debug tacacs accounting
  debug aaa accounting
  4w3d: TPLUS: Received accounting response with status PASS
  4w3d: TPLUS: Queuing AAA Accounting request 208 for processing
  4w3d: TPLUS: processing accounting request id 208
  4w3d: TPLUS: Sending AV task_id=459
  4w3d: TPLUS: Sending AV timezone=UTC
  4w3d: TPLUS: Sending AV service=shell
  4w3d: TPLUS: Sending AV priv-lvl=15
  4w3d: TPLUS: Sending AV cmd=username sansehga privilege 15 password *****
  4w3d: TPLUS: Accounting request created for 208(sanjay)
  debug tacas authorization
  debug aaa authorization
  4w3d: AAA/MEMORY: create_user (0x851611DC) user='sanjay' ruser='R1' ds0=0
  port='tty7' rem_addr='10.76.212.159' authen_type=ASCII service=NONE priv=15
  initial_task_id='0', vrf= (id=0)
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): Port='tty7' list='' service=CMD
  4w3d: AAA/AUTHOR/CMD: tty7(1390711548) user='sanjay'
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV service=shell
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd=username
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=sansehga
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=privilege
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=15
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=password
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=sehgal
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): send AV cmd-arg=<cr>
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): found list "default"
  4w3d: tty7 AAA/AUTHOR/CMD(1390711548): Method=tacacs+ (tacacs+)
  4w3d: AAA/AUTHOR/TAC+: (1390711548): user=sanjay
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV service=shell
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd=username
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=sansehga
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=privilege
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=15
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=password
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=sehgal
  4w3d: AAA/AUTHOR/TAC+: (1390711548): send AV cmd-arg=<cr>
  4w3d: AAA/AUTHOR (1390711548): Post authorization status = PASS_ADD
  Please share if someone has found the fix to this problem.
  Regards,
  Akhtar

  Thanks Tarik,
  But it seems it did not help overall
  Akhtar: Cisco needs long time to fix bugs unless it is P1 or P2 bug. Otherwise they'll do it at their leisure.
  If you are not on latest patch already then upgrade. If you are already on the latest patch then wait for the next one. If your bug is not mentioned to be fixed on the resolved caveats don't panic. I've seen many bugs fixed but not mentioned in the release notes. What you need to do is to contact TAC so they contact the BU for your behalf to confirm if the bug is resolved or not.
  Regards,
  Amjad

• Report CATS_DA, long text

  Hi.
  If I run report CATS_DA and someone have filled in something in the long text, there is a little pen and paper there.
  If I then would like to save this to an excel sheet, the long text will not follow. I can understand why, because there can be a very very long text.
  But if I would like to write my own report to get this long text out of the system, from which table, cluster or what ever, can I find the text.
  I found table STXL but it only point to a cluster line.
  Anyone having any idea?
  Thanks  //  Peter B

  Do obtain text from table STXL you can use FM: READ_TEXT.
  Get the entry from STXL that you are requiring and get the text using this FM.
  thanks.
  JB

• Authorization to CATS_DA report

  Hi All,
  I have a requirement from the client. The Org unit managers will approve timesheets of the employees in their Org Unit. But there are Project Managers who require access to view the timesheet of employees in CATS_DA report in CATS.
  A project might comprise of People from different Org Units. Project Manager of a particular project should be given access to view the timesheets of those employees alone in CATS_DA report. They should not be allowed to view timesheets from other projects.
  Similarly Project Controller will manage multiple Projects and he should have access to employees timesheets of all those projects.
  For Ex: Org Unit A has 5 employees and Org Unit B has 7 employees. The project has 2 persons from Org unit A and 3 persons from Org Unit B. The Project Manager of this Project who is from Org Unit B should have access to the timesheets of these 5 employees only and should not have access to rest of the employees.
  How this requirement can be addressed? Appreciate you help.
  Many Thanks!

  Nels
  Here are my questions, are you able to see the relationship of Project managers and their direct reports and also the Project controller's relationship to individual groups in your PPOSE?
  If that is well defined, the workflow can accomodate the relationship in the structure.
  could you please check that?
  Thanks
  Ranjani

• BW Authorizations/Report. Auth Object/KF's vs. Calc. KF's

  We implemented a custom/reporting auth. object to protect key figures (1KYFNM) and it works well. The issue is that our user community never ceases to come up with new and even more creative requirements.
  Let me illustrate the latest requirement:
  I have locked-down access to certain key figures (let's call them 'KF A' and 'KF B') and therefore subsequently secure all combinations involving either one of the two meaning calc. KF D (KF A plus KF C) is locked down as well. I also need to mention that users are supposed to be able to create their own ad-hoc queries, which eliminates the option of limiting them to a query or set of queries that accomplish the following requirement.
  There are certain totals, which are calc. KF's that the users are allowed/required to see even though they are not supposed to see what makes up these numbers (they should see calc. KF K which is made up of KF A, KF B, and KF H, etc. but not KF A and KF B).
  Without the option of providing the users with rather static queries, I see another option as calculating 'KF K' (from the previous example) at the time of the load and just making it another key figure in the cube which then can be excluded from the auth. check previously mentioned based on the naming convention. The problem with that is that this will make reporting rather inflexible, increase load times as this calculation is rather complicated, and it will also create redundant information in an environment that is already experiencing substantial growth and volume.
  Does anyone see any other solution?
  Thanks,
  Joerg

  Jeorg,
  I'm afraid that there's no special authorization handling for calculated key figures. To my best knowledge, the approach to create another key figure at data load time via transfer rules or update rules would be the only one can work. While this approach may not be flexible, but the load time should not increase significantly if you just add two key figure values into a new one.
  If you find this is approach is unacceptable or it is a common requirement among BW community, you might consider submit such requirement through ASUG BI Group or via OSS development request.
  Thank you for your question and patience.
  Regards,
  Amelia Lo
  SAP NetWeaver RIG, US
  SAP Labs, LLC

• Need a Query/User Authorization Report

  Hello All,
  I am looking for tables, function modules, programs etc that will aid in building a report that will show every query and which users have access to them.
  This program I am wanting to build will serve as a periodic "reality check" on our authorizations.
  I am not sure about the tables/programs etc involved in interpreting the user's roles/profiles.
  My current thinking is that there may be a function module or program that is being by the BEx tools that comes up with the list of queries that the user has access to when they first select the query they want to run. Getting a hold of that would be very beneficial.
  Any ideas?

  Hi,
  Refer the below links
  www.das.state.ne.us/nis/security/docs/authorized_agent_manual.pdf
  script.wareseeker.com/PHP/uas-user-authorization-system.zip/18033
  eda.ogden.disa.mil/users_guide/trainMaterial/GeneralAdminMaint.ppt
  www.umaryland.edu/eumb/Documents/user_aff.pdf
  www.mariewagener.de/node/98
  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI?focusedCommentId=78053701
  www.bi-expertonline.com/downloads/Smith.doc
  https://aisweb.wustl.edu/hr/benefits.nsf/pages/files/$file/hrmssecurityauth07.pdf
  www.sapdev.co.uk/sap-bw/queryexit.htm
  naresh

• All the users authorization report

  Dear Experts,
  I want run the all the users authorization in SAP. I want prepare authorization matrix from all the users.
  Please help me on this. Thanks for advance.
  Regards
  S.Prasad

  Hi,
  post your query in abap forum.
  the following tables are useful to create such report
  ROLES BY  TCODE  ASSIGNMENT
  TSTCT
  AGR_1251
  ROLES BY  USERS ASSIGNMENT
  AGR_USERS
  USER_ADDR
  ROLES BY ORGANIZATIONAL LEVEL ELEMENT ASSIGNMENT
  AGR_1252
  USVART
  regards,
  kaushal

• How to authorize report developer to access role(Save reports in role)

  Dears,
    I created a role and assigned it to a report developer. This role is restricting the reeport developer the Display Data of InfoCubes and ODSes, and the full authorization for report development. However, when saving the new report, the role is empty. I'm expecting the user in this role has the access to save the report in this role. Any suggestions are appreciated.
  B.R
  Gerald

  Hi Gerald,
  In our 3.5 environment, I created roles specifically for this purpose.  Within the Authorization Data, I manually added authorization object S_USER_AGR.  Here we use activity 01, 02, 03, 06, 08.  The Role Name should be the technical name of the role you created for the folder.
  If you need clarification, let me know.
  Larry

• ACS command authorization report in conf t mode

  Hi, this is probably a quick one, but I couldnt find a solution so far.
  We are using command authorization via ACS and are thus able to see (in case of any issues) who has entered which commands at which time on which device. But this only works until someone enters conf t mode. After that I am not getting log entries in the ACS (Version 5). I can see all show commands and who entered the configuration mode, but nothing after that. Config snippet:
  aaa new-model
  aaa authentication attempts login 5
  aaa authentication login default group tacacs+ local line enable
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local 
  aaa authorization commands 1 default group tacacs+ local 
  aaa authorization commands 15 default group tacacs+ local 
  aaa accounting exec default start-stop group tacacs+
  aaa accounting commands 1 default start-stop group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa session-id common
  My guess is that I allow all commands with that and thus no authorization is needed. 
  Any idea?
  Thanks
  Chris

• Problem in report of cats_da data is not coming for one absence type.

  Dear experts,
  For one absence type the data is not coming in the report cats_da. When I check the other absence type the report is showing the data. I dont know where is the problem. Customer is entering data throught PA30  transaction. Kindly help me where is the problem in customization.

  No answers so closed.

• Report to check CAT5 & CAT7 Transferred or Not

  Dear All,
  Time Tickets are booked on WBS /Network & Activity thorough CATS.
  When we Executed CAT5/CAT7 , we get an Error Log that Time Tickets are not transferred because of Budget Error.  We do have a Report CATS_DA to check the Time Ticket Booked.
  But it is difficult to identify whether Time Tickets are transferred or not transferred . This will help us to identify and  do the necessary Budget Transfers.
  Appreciate your help .
  Thanks in Advance .
  Regards,
  Shareeq

  Hi,
  Could you please check your data in table CATSPS. In this table, you have a field called TRANSFER (transfered). Just check if the value is X or not. If it is X, then it means it is transfered otherwise not.
  following is the screen shot.
  Else, you can also check CATA transaction code. Here, make target components as Project System ticked or you can also check it by providing document number in selection option
  just check and let me know if it helps you.
  Regards,
  Amit

• Analysis Authorization & its compaitbility with BW 3.5 Query

  Hi,
  We have technically upgrade our system from BW 3.5 to BI 7.0. Now we are planning to upgrade to Analysis Authorization.
  1. Is it necessary to Migrate BW 3.5 query to BI 7.0 so that it will work with Analysis Authorization? If not, then how Analysis auth will treat authorization variable defined in the query?
  2.What are pro & cons of two approach: Fresh Implementation of Analysis Authrization v/s Migration using tool ?
  Please advise.
  Best Regards,
  UR

  Dear UR,
  Iu2019m going to try helping you,
  In advance a give you some ideas about migration process regarding authorization system.
  Currently you can use the old concept of authorization (reporting authorization object) in the 7.0 2004s environment. You can set up in Tcode: RSCUSTV23 what authorization mode, you would like use. 
  When have you migrated whole queries but you keep the old concept, this doesnu2019t impact the authorization system functionality.
  When you change the authorization mode to current procedure with analysis authorizations, you need be careful with the attribute navigational. Because, in the old mode, the attribute navigational get setting of its characteristic. Example if you use 0COMP_CODE__0COSTCENTER, and de 0COSTCENTER is relevant authorization, all of attribute navigational com from 0COSTCENTER are relevant authorization. Otherwise, in current procedure with analysis authorizations, where each navigational attribute has the same level of a characteristic.
  When you migrate to analysis authorization, SAP best practice recommend keep in each reporting role all of reporting authorization object for a short period of the time.
  In my experience the main thing was list above.
  Try to get more information in:
  SAP BI - User Management & Authorizations
  OSS Note 923176
  I hope this suggestion can help you,
  Luis

• Authorizations InfoCube in BW

  We are planning to build our own BW Infocube for Authorizations.
  This required because we want to consolidate the authorization reports across our
  production landscape (8 Systems) for the various interest groups - Adminstrators and Auditors.
  I would appreciate if anyone can share their experiences if they have done anything like this before.

  Hello Mushtaq,
  you can use standard functionality. There are scenarios available where you don't have to build custom InfoCubes or even develop programs.
  Please have a look at the documentation.
  1) Using existing authorizations
  http://help.sap.com/saphelp_nw04/helpdata/en/a7/5ab43b6a596660e10000000a114084/frameset.htm
  2) Generating authorizations
  http://help.sap.com/saphelp_nw04/helpdata/en/56/25dc886b0611d5b2f50050da4c74dc/frameset.htm
  Regards
  Marc
  SAP NetWeaver RIG, US BI

• Open items list, authorization

  When I give authorization to a user under Authorizations>>Reports>>Sales Reports>>Open Items List - Full Authorization, the Open Items List does not show up in Reports (as it does for the super users). 
  We are using SAP B1, 2007 A, sp: 01 pl: 08.
  Thank you

  Hi Gordon,
  Yes, this user has a professional license.  Under Sales A/R, they can open the Docuemnts Draft Report, Sales Analysis, and Backorder report.
  Another professional license user is also unable to see the Open Items List, even with Full Authorization in the Reports authorization.  The only users that see the Open Items List report are the 2 we have set as superusers.
  Thanks

• Hierarchy based non-cumulative reporting

  BI Gurus,
  I am dealing with a data model with all cumulative "summation" type key figures.  These are hours logged by an employee.  There is also an employee hierarchy which defines the reporting structure.  Now the requirement is to create two reports: (1) Cumulative and (2) non-Cumulatibe report.  Non-cumulative along the hierarchy nodes that expand.  The catch is to show the logged employee hours at each level.  So, a manager should only see his own hours on his row and not the cumulative of his plus his direct reports.  The org structure of the hierarchy needs to be maintained in the report though. 
  One other issue is that the hierarchy being used has all the nodes postable.  Perhaps a new text node based hierarchy may be a viable option but please advise if anyone has any other thoughts. 
  Thanks
  Edited by: Ron on Jul 7, 2008 9:19 PM

  Hi Vikas,
  Authorizations Steps -http://help.sap.com/saphelp_nw2004s/helpdata/en/be/076f3b6c980c3be10000000a11402f/content.htm
  Example http://help.sap.com/saphelp_nw04/helpdata/en/41/05453caff4f703e10000000a114084/frameset.htm
  Authorizations - Reporting
  Assign points if this helps.
  Regards,
  Anil