Authorization with DUMMY
Hi experts,
What does it mean if in the authority check there is a dummy? The program cannot absolve this authorization check successfuly, what is the problem. I have full authority for all components, could it caused by the dummy?
I have the following code:
AUTHORITY-CHECK OBJECT 'P_TRAVL'
ID 'bukrs' FIELD w_header-bukrs
ID 'authp' DUMMY
ID 'persa' DUMMY
ID 'kostl' DUMMY
Hi,
Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Thanks,
Sriram Ponna.
Similar Messages
-
If I have additional music on my second computer that I authorize with iTunes Match, How do I upload it to iCloud?
check out this post by Zevoneer.
-
Transport roles and analysis authorization with user assigned
Hi expert,
I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
Thanks for your time,
LuisHi,
In role administration, you have the following options for transporting roles:
You can download the roles from one system and upload them into another
You can import the role from a remote system using RFC
You can transport the roles with the transport function.
Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
Transporting Roles with the Role Transport Function
1. Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
2. Enter the role to be transported and choose Transport Role.
The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
For more information go thrpugh the below link
http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
Regards,
Marasa. -
Transaction code: 9KE0 - Posting with Dummy profit center
Hi All,
We have an issue with transation 9KE0, While posting any adjustment entries with single line item, system automaticaly creating second line item few times. We were unable to find the reason why it is creating second line for few documents?
Our requirement is that those entries should have only one line item in transaction 9KE0. Most of the cases we were able to post the document with single line item.
We are using almost 100 co.codes for our client.
For ex: if we post one entry in co.code 1000 through transaction 9KE0 with single item, system posting with one lineitem.
But some times for the same co.code with same parameters if we post one line item, second line item automatically creating with dummy profit center while posting.
Please let us know why the system is creating two line items.
Awaiting for your replies.
Thanks in Advance
Prasad
Edited by: prasad naga on Feb 22, 2011 2:53 PMHi,
We have further analyzed this issue and found that, whenever the amount in field(KSL -Amount in profit center local currency) is ZERO, System it is creating second line item with dummy profit center.
ex:1
proft cenert account amount in co.code cur amount in profit center local currency
9999 100000 - 0.13 00
dummy 100010 0.13 00
ex:2
proft cenert account amount in co.code cur amount in profit center local currency
9999 100000 - 3.13 1
we have verified the values in GLPCA table also... whenever the tech field KSL-Amount in profit center local currency is zero system creating two line items.
Please suggest us is there a solution to stop the second line item even the amount in profit center local currency field (Tech name -KSL) is Zero
Awaiting for your suggestions.
Thanks in advance
Prasad -
Value Contract with dummy material.
I want to create a contract with Dummy material for a certain value of amount then want to create release orders for other materials with reference to this contract.
For example - I want to enter into a contract with a customer for amount £10000 for a period 1 year let's say for Any Electrical equipements.
and with reference to this contract I want to release 5-10 materails which I am not sure any material which will be required by customer.
The reference should be made with this contract and values from release order billed to customer needs to be updated to the contract
- The requirement is that a dummy material is entered at contract with certain amount in place of actual consumable materials in release order.
Kindly help
Thanks & best regards
AtreeHi Atree,
it is not necessary a dummy material
use assortment module WS01 for the list of materials you need in contract and add the assortment to the contract
Thanks,
Zoltan. -
Dear Guru,
Could you provide how to set up the PO with dummy asset?
First, I use account assignment "A" and enter the dummy asset from FI team "DUMMY" but the message occurs as below.
Message no. MEPO053
Maximum LVA amount exceeded in the case of at least one asset
Do I have to configure anything in MM side?
Thank you very much.
RD
SaiyamanHi,
It doesn't require any setting from MM side. Ask your FI Person to check the following config. setting
OAY2 - Here check whether LVA has been specified for the asset classes
OAYK - Here check the amount specified for low value assets -
How can I authenticate and authorize with Web Service on ESB ?
Hello,
I want to authenticate and authorize client with Web Service published
by HTTP/SOAP BC.
Simply if it is an Web Service as J2EE application, I will use
Basic Authentication with JAX-RPC and Realm.
But I think that Web Service published by HTTP/SOAP BC is not belong
to J2EE Application. Threre is no place to describe security role mapping
(like web.xml).
JBI 1.0 the section "5.5.1.1.3 Normalized Message Properties" comments
JAAS Subject is given in the NM Properties. Really in this package
com.sun.jbi.internal.security.*
implements JAAS autentication and authorization (at JaasAuthenticator).
But I can't see how to configure my Service to use this.
How can I authenticate and authorize with Web Service on ESB ?
I referred to the resources.
Mutual Authentication for Web Services: A Live Example
http://developers.sun.com/prodtech/appserver/reference/techart/mutual_auth.html
XML and Web Services Security
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
JAAS Authentication Tutorial
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
Thanks,
Takurou
- environment ---------------------------------------------
OpenESB : Project Open ESB Starter Kit
AppServer : Sun Java Systems Application Server 9.0 PE
OS : Windows XP
I don't assume to use SSL (if It's necessary I will try).
User information is stored in a LDAP Server.
-----------------------------------------------------------Hello,
I read this resource.
SecurityDesign
http://www.glassfishwiki.org/jbiwiki/Wiki.jsp?page=SecurityDesign
Then I think [non-ssl and ssl/tls and so on] securing by basic authentication is ongoing feature at this time.
But I can't see well why this page comments 'HTTP over SSL, TLS'.
HTTP/SOAP Binding Component Overview
http://download.java.net/general/open-esb/docs/jbi-components/httpsoap-bc.html
Does BC support only "SSL server authentication" ?
Doesn't BC support "SSL client authentication" by username/password ?
Thanks,
Takurou -
Configuring Cisco ISE for Authorization with External Radius Server attribute
Hi,
I'm trying to integrate an external radius server with Cisco ISE.
I created an External Identity Store>Radius Token Server.
I created a Identity Store sequence with just one identity store just as creadted above.
And I was able to authenticate successfully.
But when it comes to authorization.
I observed we just have one tab named Authorization while creating Radius Token server.
And it always refers to ACS:attribute_name.
If I want to define a IETF radius attribute, (lets say class with attribute id as 25), how could I do it.
In Cisco ACS we have a direct entry option in authorization tab where we can define the radius (IETF) attribute within Radius token server creation (within radius token server>Directory attribute tab).
How ever I try to define the IETF attribute here (class,IETF:Class) I am not able to authorize with this attribute value.
I tried with just one single authorization rule where it could hit.But observed it to go the default(as none of the rules defined matches the condition).
Can anyone guide me how can we define a IETF radius attribute for authorization within Cisco ISE and what policy could we set it to work as authorization.
Thanks in advance
Senthil KThis is the step of Creating and Editing RADIUS Vendors
To create and edit a RADIUS vendor, complete the following steps:
Step 1 From the Administration mega menu, choose Resources > RADIUS Vendors.
The RADIUS Vendors page appears with a list of RADIUS vendors that ISE supports.
Step 2 Click Create to create a new RADIUS vendor or click the radio button next to the RADIUS vendor that
you want to edit and click Edit.
Step 3 Enter the following information:
• Name—(Required) Name of the RADIUS vendor.
• Description—An optional description for the vendor.
• Vendor ID—(Required) The Internet Assigned Numbers Authority (IANA)-approved ID for the
vendor.
• Vendor Attribute Type Field Length—(Required) The number of bytes taken from the attribute value
to be used to specify the attribute type. Valid values are 1, 2, and 4. The default value is 1.
• Vendor Attribute Size Field Length—(Required) The number of bytes taken from the attribute value
to be used to specify the attribute length. Valid values are 0 and 1. The default value is 1.
Step 4 Click Submit to save the RADIUS vendor. -
Dear All,
Can you please send to me an Idoc (xml format) with dummy data for one of the following masterdata (MATMAS05, CREMDM04, DEBMDM06 ...) because I have MDM but I do not have any backend system (R/3, CRM..)
My email addres is [email protected]
Points will be awarded.
Kind regards,
NLHi,
one more delivered
did you get this one too?
Regards,
Michal -
LDAP (openldap) authorization with DAP (dymamic access policy)
Hello,
We have a asa 5520 and we try to make a ldap (openLdap) authorization with DAP (Dynamic Access Policy). We have problem with logical expression. We need more example of logical expression and we need to know how debug logical expression. We try to use de Debug dap trace and debug dap error but we need more debug informations.Hi
I guess you are using an ldap attribute map, to map the ad group to a group policy. This does not work as you may expect when the user is part of multiple groups, I.e. the user will always be mapped to the same group (first or last in the list, not sure).
Possible solution : remove the ldap attribute map, and configure dap rules that check the ldap.memberOf attribute instead
Hth
Herbert
Sent from Cisco Technical Support iPad App - sorry for the brief explanation, if you need more details let me know. -
Hi can anyone help me please this is driving me crazy ! I download and install Abode Digital Editions and when I try to Authorize with my Abode ID information I get the message " Activation Server Problem - check connection to the internet when I clearly am connected to the internet ?
<moved from Downloading, Installing, Setting Up to Adobe Digital Editions>
-
Structural Authorizations with Training & Event Management
We have implemented TEM in R/3 4.72. We also use structural authorizations with our decentralized HR functions. Our problem is that if a user has one of the profiles assigned, they can get all the way to booking the class and then receive an error that they have no authorization to edit attendances. If the user has NO profile, they are able to book a class with no problems. If I add the P-E evaluation path in the profile, it fixes the problem with booking a class, but then gives the users global access (which is what we are trying to avoid). I know there must be a key somewhere to making this work. If anyone knows what it is, I would appreciate finding out.
In the profile, I have given access to objects D, E, F, G, L, R and P with the P-E and P-S-O evaluation paths (using RH_GET_MANAGER_ASSIGNMENT) function.
Thanks.Hello Michelle,
I think you could solve this issue by using Context Sensitive Authorizations. It is available from 4.7 and above.
Regards,
Ahmad -
Hierarchy authorization with variables of type exit
Hi all,
I am trying to implement hierarchy based authorizations with variables. After collecting information from the SAP documentation and this forum, I think I know more or less how to do it, but it's not working and it has me very confused.
These are the steps I have followed:
- From RSSM, I have created a hierarchy authorization object including my characteristic and 0TCTAUTHH
- From RSSM again, I have created a hierarchy authorization pointing to the node $ZG_V_008
- From the Query designer, I have created a hierarchy node variable of processing type customer exit ZG_V_008 (are any special settings needed here?)
- From the Query designer, I have created <b>another</b> hierarchy node variable of processing type authorization, and I have used this variable to restrict the hierarchy for my characteristic
- I have edited the EXIT_SAPLRRS0_001 to watch for I_STEP = 0 and give values to ZG_V_008 (we'll get to my code later in case we solve this issue first
It is my understanding that with this setup, the user exit will be called to process the value of ZG_V_008 in I_STEP = 0, however, when debugging, I don't see any calls for the function with I_STEP = 0.
What have I done wrong?
Thanks a lot in advance.
GuillermoThanks, Jimmy, but that does not help much: my problem is that my user exit is not evaluated with I_STEP=0, but there are no error messages or anything like that.
I have created a test user <b>without</b> a developer role to see if that could have any impact, but it's still not working.
Any ideas? -
Authorization with JAAS in JSF with facelets
hi,
can u please hint me where i did mistake.. i clearly mention what i did and what i getting ..i did this in jsf1.2,tomcat6.x
i did JAAS authentication in jsf with facelets.but i am unable to do the authorization with JAAS in jsf
after getting authentication i put the subject in session. if i print the values in suject i got the following out put
Subject:
Principal: TypedPrincipal: hari [USER] // user name
Principal: TypedPrincipal: admin [GROUP] // user role.
now i want to authorization based on the role.
for this i wrote policy file --principal.policy like this
grant Principal com.alw.reports.jaas.TypedPrincipal "admin" {
permission com.alw.reports.jaas.ViewIdPermission "*";
grant Principal com.alw.reports.jaas.TypedPrincipal "hari" {
permission com.alw.reports.jaas.ViewIdPermission "*";
grant Principal com.alw.reports.jaas.TypedPrincipal "user" {
permission com.alw.reports.jaas.ViewIdPermission "/contents.jsp";
};and i set the path for this policy file like
System.setProperty("java.security.policy", "policy file location" );when i run my application i am getting login page after that i gave username and passwed. it is getting authentication .. but not able to displaying next page that is /pages/welcome.xhtml but directly it is showin /pages/error.xhtml
i am getting following error
java.security.AccessControlException: access denied (com.alw.reports.jaas.ViewIdPermission /pages/welcome.xhtml)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at com.alw.reports.jaas.JAASHelper$1.run(JAASHelper.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at com.alw.reports.jaas.JAASHelper.permitionToAccessViewId(JAASHelper.java:83)
at com.alw.reports.jaas.JAASActionListener.processAction(JAASActionListener.java:65)
at javax.faces.component.UICommand.broadcast(UICommand.java:106)
at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:184)
at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:162)
at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:350)
at org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:316)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:141)
at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:281)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
my faces-config.xml
<navigation-rule>
<display-name>pages/login</display-name>
<from-view-id>/pages/login.xhtml</from-view-id>
<navigation-case>
<from-outcome>loginSuccess</from-outcome>
<to-view-id>/pages/welcome.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
<navigation-case>
<from-outcome>errorpage</from-outcome>
<to-view-id>
/pages/error.xhtml
</to-view-id>
</navigation-case>my command button in login.xhtml
<td align="center" colspan="2">
<h:commandButton value="Reset" type="reset"/>
<h:commandButton action="loginSuccess"
id="login" value="Login" />
</td>my actionlister
package com.alw.reports.jaas;
import javax.faces.component.UIOutput;
import javax.faces.context.FacesContext;
import javax.faces.event.AbortProcessingException;
import javax.faces.event.ActionEvent;
import javax.faces.event.ActionListener;
import javax.security.auth.Subject;
public class JAASActionListener implements ActionListener {
private ActionListener parent = null;
public JAASActionListener(javax.faces.event.ActionListener parent) {
System.out.println("-------------- in JAASActionListener ;");
this.parent = parent;
public void processAction(ActionEvent event)
throws AbortProcessingException {
System.out.println("-------------- in processAction ;");
FacesContext context = FacesContext.getCurrentInstance();
UIOutput comp = null;
String userid = null, password = null;
JAASHelper jaasHelper = new JAASHelper();
// Check to see if they are on the login page.
boolean onLoginPage = (-1 != context.getViewRoot().getViewId().lastIndexOf("login")) ? true : false;
if (onLoginPage) {
if (null != (comp = (UIOutput)
context.getViewRoot().findComponent("helloForm:username"))) {
userid = (String) comp.getValue();
if (null != (comp = (UIOutput)
context.getViewRoot().findComponent("helloForm:password"))) {
password = (String) comp.getValue();
// If JAAS authentication failed
if (!jaasHelper.authenticate(userid, password)) {
context.getApplication().getNavigationHandler().handleNavigation(context, null, "login");
return;
else {
// Subject must not be null, since authentication succeeded
System.out.println("----------- setting the subjects in context in ActionListner ");
assert(null != jaasHelper.getSubject());
// Put the authenticated subject in the session.
System.out.println("---- putting the authenicated subject in the seesion ");
context.getExternalContext().getSessionMap().put("JAASSubject",jaasHelper.getSubject());
parent.processAction(event);
Subject subject=(Subject)context.getExternalContext().getSessionMap().get("JAASSubject");
System.out.println("subject after parent process action>>>>>>>>>>>>>>>>>>>>>"+subject);
assert(null != subject);
if(!jaasHelper.permitionToAccessViewId(subject,context,context.getViewRoot().getViewId())){
context.getApplication().getNavigationHandler().handleNavigation(context, null, "errorpage");
}can u please hint me where i did mistake
thanks in advancegbabu wrote:
My doubt is based on that subject , how to write policy file and how to call doAsPrivileged() mehod on that Subject in order to navigate web pages.how to provide web pages permission for particular role in policy file..
For example i have three pages login.xhtml,user.xhtml,admin.xhtml.
1> if the logged in person is admin, then we want to display admin.xhtml
2> if the loggend is person is user , then we want to display user.xhtml
untill now i did and found who is logged in and what are his type( admin or user) .now i want configure the web.xml and faces-config.xml based on policy fileTo the best of my knowledge, there is nothing in the standard NavigationHandler which accounts for JAAS security. If you wanted, you could create a custom NavigationHandler to do this. If you think the idea is worthy enough, you could issue an enhancement request to the specification ([https://javaserverfaces-spec-public.dev.java.net/]). -
Cockpit - authorizations with hierarchy
Hello,
I have a problem in a cockpit, and it is relating to authorizations with hierarchy.
I have an object of authorization already defined with certain criteria (bucket and node of the jerarquiaa that only I want that agrege deposit a user) this object in a rol, unitedly with a profile of visualizing the cockpit. When I enter with the user to visualize the cockpit I enter to all the nodes, my question is: Why not respecting my authorization for the node of the hierarchy that alone I want to show?
thank you.
Mikelisto ya quedo
Maybe you are looking for
-
Want to stop for opening multiple frames ????
Dear i am working on an application . in that there is a frame ok in that frame there is a button. so when u click on that button a new frame will open ok now the problem is that. suppose u click 5 times on that button so that button will open 5 same
-
WSYNCMGR.LOG Failed to Sync Update. Failed to Save Update.
I recently had to re-install WSUS on an SCCM 2012 SP1 server which had a problem where the EULA's were not being downloaded by WSUS for any updates which needed them. Even attempting to download the updates within the WSUS console generated an error
-
DeliveryException: invalid content type for SOAP: TEXT/PLAIN; HTTP 302 Move
Hi everyone, Hello all, I have an RFC->XI->Web Service (SOAP) synchronous scenario. I'm trying to send a message from the the RFC, and in the message monitoring (SXMB_MONI) I'm getting this error message: <?xml version="1.0" encoding="UTF-8" standa
-
How to revert back from external display mode to laptop display mode?
Hi, I'm new to this community. I'm not sure if this is where I should be posting my questions. Anyway, I accidentally pressed fn + f2, which switched my laptop into external display mode (I'm pretty sure), and the screen is now very narrow and small.
-
Lost access to Jam Pack instruments after migration to new macbook pro
I just migrated to a Macbook Pro and now all the instruments from my Symphony Orchestra Jam Pack are no longer available. I was also getting a message "Native Instruments Installation Folder not found" but after copying the instrument files into the