Authorize and authenticate user
Hi,
I understand the difference between authorization and authentication but most tools use a single or similar class to do both.
Oracle seems to use BPMAuthorizationService to authorize using "jazn.com" and IWorkflowContext to authenticate an user.
Please see the queries below and help me understand the rational behind using them.
What is this ShortHistoryTaskType?
Thanks,
BPMAuthorizationService
BPMAuthorizationService bpmAuthServ = wfSvcClient.getAuthorizationService
("jazn.com");
IWorkflowServiceClient
IWorkflowContext ctx = // Use default realm
querySvc.authenticate("bpeladmin", "welcome1", "jazn.com",null);
Edited by: me_sun on Jul 8, 2009 10:31 AM
can you confirm if you are using getActions or getAction API
Also you may want to enable "Allow Management Operations" in AccessGate configuration in oamconsole
what is exception you get while invoking api
hope this helps
Similar Messages
-
Hi,
So I have been trying to write some code that will
prompt users to authenticate to AD and use that authentication to map the next 2 available drive letter to two network shares.
I have adopted using the HAT format as this provides me with the ability to prompt for a username and password and authenitcate to AD.
<script language="vbscript">
Function setSize()
window.resizeTo 350,300
Window.moveTo (screen.width-240)/2, (screen.height-600)/2
End Function
Function cmdSubmit_OnClick()
Dim strUser 'User Name variable
Dim strPW 'User Password variable
if auth.username.value = "" Then
msgbox ("ERROR: No User account information provided. Please Try Again!")
cmdSubmit_OnClick = False
Elseif auth.password.value = "" Then
msgbox ("ERROR: No User account information provided. Please Try Again!")
cmdSubmit_OnClick= False
Else
strUser = auth.username.value
strPW = auth.password.value
Authenticate strUser, strPW
End If
End Function
Public Sub Authenticate (Byref strUser, Byref strPW)
On Error Resume Next
Const ADS_SECURE_AUTHENTICATION = &H1
Const ADS_SERVER_BIND = &H200
Dim strPath 'LDAP path where the Users accounts are listed
Dim LDAP 'Directory Service Object reference variable
Dim strAuth 'Parses the User Name and Password through the DSObject
strPath = "LDAP://fanzldap.au.fjanz.com/rootDSE"
Set LDAP = GetObject("LDAP://company/rootDSE")
Set strAuth = LDAP.OpenDSObject(strPath, strUser, strPW, ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)
If Err.number <> 0 Then
intTemp = msgbox(strUser & " could not be authenticated", vbYES)
if intTemp = vbYes Then
'window.location.reload()
End If
Else
For Each obj in strAuth
If obj.Class = "user" Then
If obj.Get("samAccountName") = strUser Then
msgbox ("Success! " & strUser & " has been authenticated with Active Directory")
window.close()
Set wShell = CreateObject("Wscript.shell")
wShell.run "Firstletterali.vbs"
End If
End If
Next
End If
End Sub
</script>
<head>
<body style="background-color:#B0C4DE">
<img src=Title.jpg><br>
<HTA:APPLICATION
APPLICATIONNAME="User Login"
BORDER="thin"
SCROLL="no"
SINGLEINSTANCE="yes"
WINDOWSTATE="normal">
<title>NAS Authentication</title>
<body onload="vbs:setSize()">
<div class="style2">
<h3>NAS Archive Authentication</h3>
</div>
<form method="post" id="auth" name="auth">
<span class="style3"><strong>User Name: </strong></span>
<input id="Username" name="Username" type="text" style="width: 150px" /><br>
<span class="style3">
<strong>Password: </strong></span>
<input id="password" name="password" type="password" style="width: 150px" /><br><br>
<input type="submit" value="Submit" name="cmdSubmit" />
<input type="button" value="Exit" onclick="self.close()">
</form>
</body>
</html>
using the above I can succefully authenticate users but I cant work out how to then use that authenticattion to map the next to available drive letters to a network source.
The code I have for that is
Option Explicit
Dim strDriveLetter, strRemotePath, strRemotePath1, strDriveLetter1
Dim objNetwork, objShell
Dim CheckDrive, DriveExists, intDrive
Dim strAlpha, strExtract, intAlpha, intCount
' The section sets the variables
strRemotePath = "\\mel\groups\Team\general"
strRemotePath1 = "\\mel\groups\Team\specific"
strDriveLetter = "B:"
strDriveLetter1 = "H:"
strAlpha = "BHIJKLMNOPQRSTUVWXYZ"
intAlpha = 0
intCount = 0
err.number= vbEmpty
' This sections creates two objects:
' objShell and objNetwork and then counts the drives
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set CheckDrive = objNetwork.EnumNetworkDrives()
' This section operates the For ... Next loop
' See how it compares the enumerated drive letters
' With strDriveLetter
On Error Resume Next
DriveExists = False
' Sets the Outer loop to check for 24 letters in strAlpha
For intCount = 1 To 24
DriveExists = False
' CheckDrive compares each Enumerated network drive
' with the proposed drive letter held by strDriveLetter
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter _
Then DriveExists = True
Next
intAlpha = intAlpha + 1
' Logic section if strDriveLetter does not = DriveExist
' Then go ahead and map the drive
'Wscript.Echo strDriveLetter & " exists: " & DriveExists
If DriveExists = False Then objNetwork.MapNetworkDrive _
strDriveLetter, strRemotePath
call ShowExplorer ' Extra code to take you to the mapped drive
' Appends a colon to drive letter. 1 means number of letters
strDriveLetter = Mid(strAlpha, intAlpha,1) & ":"
' If the DriveExists, then it is necessary to
' reset the variable from true --> false for next test loop
If DriveExists = True Then DriveExists = False
Next
WScript.Echo "Out of drive letters. Last letter " & strDriveLetter
WScript.Quit(1)
'Sub ShowExplorer()
'If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
'If DriveExists = False Then objShell.run _
'("Explorer" & " " & strDriveLetter & "\" )
'If DriveExists = False Then WScript.Quit(0)
'End Sub
On Error Resume Next
DriveExists = False
' Sets the Outer loop to check for 24 letters in strAlpha
For intCount = 1 To 24
DriveExists = False
' CheckDrive compares each Enumerated network drive
' with the proposed drive letter held by strDriveLetter1
For intDrive = 0 To CheckDrive.Count - 1 Step 2
If CheckDrive.Item(intDrive) = strDriveLetter1 _
Then DriveExists = True
Next
intAlpha = intAlpha + 1
' Logic section if strDriveLetter1 does not = DriveExist
' Then go ahead and map the drive
'Wscript.Echo strDriveLetter1 & " exists: " & DriveExists
If DriveExists = False Then objNetwork.MapNetworkDrive _
strDriveLetter1, strRemotePath1
call ShowExplorer ' Extra code to take you to the mapped drive
' Appends a colon to drive letter. 1 means number of letters
strDriveLetter1 = Mid(strAlpha, intAlpha,1) & ":"
' If the DriveExists, then it is necessary to
' reset the variable from true --> false for next test loop
If DriveExists = True Then DriveExists = False
Next
WScript.Echo "Out of drive letters. Last letter " & strDriveLetter1
WScript.Quit(1)
Sub ShowExplorer()
If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
If DriveExists = False Then objShell.run _
("Explorer" & " " & strDriveLetter & "\" )
If DriveExists = False Then WScript.Quit(0)
End Sub
Now the above script will find the next availabe letter and map one location to it...I still havent worked out to create another loop for it to do it again. It obviously also requires that you already be authenticated to map to that location.
I looking for some help on how to marry these to scripts together.
Thanks
AliHi Ali
Here is some code that will enumerate two free adjacent drive letters. It starts searching from "C" all the way to "Z" for two drives letters that are adjacent and returns the results in an array then echos the results. You can easily adapt this code to
map your network drives to each drive letter. Hope that helps
Cheers Matt :)
Option Explicit
Dim objFSO
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
ProcessScript
If Err.Number <> 0 Then
WScript.Quit
End If
On Error Goto 0
'Functions Processing Section
'Name : ProcessScript -> Primary Function that controls all other script processing.
'Parameters : None ->
'Return : None ->
Function ProcessScript
Dim driveLetters, driveLetter
If Not GetFreeDrives(driveLetters) Then
Exit Function
End If
For Each driveLetter In driveLetters
MsgBox driveLetter, vbInformation
Next
End Function
'Name : GetFreeDrives -> Searches for a pair of free adjacent drive letters.
'Parameters : adjacentDrives -> Input/Output : variable assigned to an array containing the first two free adjacent drives.
'Return : GetFreeDrives -> Returns True if Successful otherwise returns False.
Function GetFreeDrives(adjacentDrives)
GetFreeDrives = False
Dim drive, driveLetter, drivesDict, i
Set drivesDict = NewDictionary
driveLetter = "C"
'Add the drives collection into the dictionary.
For Each drive In objFSO.drives
drivesDict(drive.DriveLetter) = ""
Next
'Check drive letters C: to Z: for two free adjacent drive letters and set the "driveLetter" variable to the first one.
For i = Asc(driveLetter) To Asc("Z")
If Not drivesDict.Exists(Chr(i)) And Not drivesDict.Exists(Chr(i + 1)) Then
driveLetter = Chr(i)
Exit For
End If
Next
'If two free adjacent drive letters were not found then exit.
If driveLetter = "" Then
Exit Function
End If
adjacentDrives = Array(driveLetter, Chr(Asc(driveLetter) + 1))
GetFreeDrives = True
End Function
'Name : NewDictionary -> Creates a new dictionary object.
'Parameters : None ->
'Return : NewDictionary -> Returns a dictionary object.
Function NewDictionary
Dim dict
Set dict = CreateObject("scripting.Dictionary")
dict.CompareMode = vbTextCompare
Set NewDictionary = dict
End Function -
Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?
I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server.
You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way? -
Authenticate user by LDAP server
Environment: WLS6.0 Netscape Directory Server 4.1
I have successful protect a servlet and authenticate user by "File Realm". But I can't authenticate user by "Security Realm(LDAP). Pls tell me any configure I miss.
======weblogic.xml entites========
<security-rike-assignment>
<role-name>manager</role-name>
<principal-name>joan</principal-name>
<principal-name>awang</principal-name>
</security-role-assignment>
(the user joan has defined in "File Realm", and there is a user in LDAP: uid=awang, ou=IT, dc=CMD)
And why the user "awang" can't access the servlet (the username field enter "awang"; the password filed enter "awang123")
=====config.xml entities=====
<LDAPRealm AuthProtocol="simple" Crdential="awang123" GroupDN="dc=CMD" GroupIsContext="false" LDAPURL="ldap://127.0.0.1:389" Name="defaultLDAPRealmForNetscapeDirectoryServer" Principal="uid=awang, ou=IT, dc=CMD" UserAuthentication="local" UserDN="dc=CMD" UserNameAttribute="uid"You can use jsp's and servlets.
Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
<form method="post" action="/servlet/LoginServlet">
<input type="text" size="15" name="username" value="">
<input type="password" size="15" name="password" value="">
<input type="submit" name="Submit" value="Authenticate">
</form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
}You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password. -
Server Behaviours...Authenticate User
I am trying to create a login page using macromedia, I got
the form setup with text box's and button.. then I try and go to
server behavior and authenticate user... but that choice is not
there..
How do I get that choice ?> Yes a site has been setup and it's setup to use ASP.net
VB. Testing server is
> also setup.
and this is an .asp page that's been saved to within this
site folder...
Alan
Adobe Community Expert, dreamweaver
http://www.adobe.com/communities/experts/ -
How can authenticate users´portal in OIM?
I have installed Aqualogic Interaction 6.5, and I want import and authenticate users from OIM(or another LDAP)? What i can do?
I read that i must install Oracle webcenter identity services? It´s true? Where i can adquire?
thanksI have not tried with 6.5, btu I think you just need to install one of the identity services which allow you to sync and authenticate against various sources (LDAP, AD, etc). See here for more info http://edocs.bea.com/alui/integration/
-
Cisco ip phone and wired user authenticate form ISE
Hi dears,
I configurate wired users from Cisco ISE. The authentication protocol is Eap-fast, the external device is DC. The wired user authenticate from ISE normally. I use labminutes web sites for configuration video.
Now the customer also want the cisco phone is authenticate from ISE. the physical connection is that: the cable connect to phone from switch. and one cable is connec from phone to pc.(standard physiacl connection.)
I create new authentication policy and use mab, and new authorization police.
The problem is : the phone is authenticate is normally but the wired user want to authenticate but it can not authenticate.
Can someone provide me a best practice configuration on ise and switch for phone and wired user authentication. or please say the source of problem.
Thanks.interface GigabitEthernet1/0/48
switchport access vlan 10
switchport mode access
switchport voice vlan 14
ip access-group ACL-ALLOW in
authentication event fail action next-method
authentication event server dead action authorize vlan 20
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
do you need ISE configuration?? -
Cisco WLC 2504 and ways to authenticate users
Hi All,
What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
and any one can give me case study for this issue
System consist of Cisco 2504 and Cisco LAP 1140
ThanksTo implement radius based authentication is the best practice for the small & enterprise environment.
Information About RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
•Authentication—The process of verifying users when they attempt to log into the controller.
Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
•Accounting—The process of recording user actions and changes.
Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on.
For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947 -
How to authenticate external and internal users on different AD
What is the recommended way to authenticate external users as well as internal employees in a customer facing application?
We have external users in an Active Directory in the DMZ and our employees in our internal DMZ. Unfortunately we don't have an identity management system in place and wondering if there is a way we could authenticate user against two active directories without creating a trust between them.
We are implementing EP7.0
Thanks in Advance.You can also use user partitioning. A feature of the UME which allows for having different user persistence options for different users. What you could do in this case have the external user stored in the local db or an LDAP for the external users and the internal users stored in an internal LDAP directory. For more details about <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/e0/b60b404b2b1e07e10000000a1550b0/frameset.htm">user partitioning</a>, please see the docs.
regards,
Patrick -
Authentication and authorization for AD users in UCM11g
Hi all
we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
Thanks
SomeshAs you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
As for SSO, refer to the:
http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
and
http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
Procedure steps are:
Create a user account for the hostname of the web server machine in Active Directory
Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
Generate the keytab file
Create a JAAS Login File named krb5Login.conf
Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
Configure the Identity Assertion Provider
Adjust Weblogic Server startup arguments for Kerberos authentication
Redeploy CS (and optionally other servers) server with the documentation given deployment plan
Check web browser configuration (IE and Firefox only)
Take a deep breath and test
If successful have a cake and cup of coffee else goto step one
Regards,
Boris -
DAC server start-up error and Can't authenticate user
HI,
we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
while starting DAC services in Unix server it throws an error like
ANOMALY INFO An exception occurred. Shutting down server...
MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
How to start the DAC services?
How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
Pls help in this regard.
Thanks in advance.EddyLau wrote:
Hi,
I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
here's my sql statement to create database schema for dac in oracle database.
grant dba, connect, resource, create view, create session to SSE_ROLE;
create user DEV_DAC identified by "password";
grant DEV_DAC to SSE_ROLE;
grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
I tried dropping the data schema and create it again but still fail to authenticate.
did I grant enough privileges to the database schema?
Please help.
Thanks,
EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
now run the command Delete From W_ETL_USER
Now login to dac client with Administrator and pwd which you have set earlier.
Mark as helpful or correct if it helps
Thanks,
RM -
Define and assign user authorization groups in FI
Hi All,
In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
Thanks,
TeoHi Teo,
Here i am giving some authorisations in fi
F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
F_BKPF_BED FI Accounting Document: Account Authorization for Customers
F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
F_BKPF_BLA FI Accounting Document: Authorization for Document Types
F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
F_BKPF_KOA FI Accounting Document: Authorization for Account Types
F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
F_BL_BANK FI Authorization for House Banks and Payment Methods
F_BNKA_BUK FI Banks: Authorization for Company Codes
I hope it will help.
BR,
Satya -
Query problem - authorization and user entry variable as filter
hi,
I made two variables for the characteristic 0COMP_CODE.
The first variable is a user entry variable for the selection.
The second variable is my authorization variable with multiple single values.
This two variables are defined as filter in the query.
The problem is as follows:
A user is authorized to see the data from three companies. For example companies 1, 2 and 3.
Now he enters on the selection for the 0COMP_CODE the value 2 to see only the data of this company. The query result gets me confused. It shows all data of the companies 2 and others. It basicly shows more companies than he has selected.
Other companies of the authorization variable are shown.
It works if the user has the authorization over all companies.
Did someone has the same problem?
Thanks for your help/advice.
regards,
PascalHi Pascal,
this is an issue. The main problem is that you just can't influence via the exit for a vairable "ready for input".
What could be done is define a dummy element (hidden in the final display) in your query like a restricted KeyFigure to a variable based on COMP_CODE; let's say VAR1 ready for input.
You char COMP_CODE would then be filtered by a variable not ready for input processed by user exit, VAR2.
The exit would ready VAR1. If there any value complying with the authorized one then populate VAR2 with it, otherwise remove it (you could use STEP_3 to raise a message "you aren't authorized to use comp_code XYZ" and return to the initial variable screen). If VAR1 is empty, then populate VAR2 wit all corresponding aithorized values.
The main issue is that
1- this is bypassing the standard functionality of authorization variables
2- any report would have to be designed like that!
What we have done is to add nav_attr / and added more IObjs in the InfoProviders related to 0COMP_CODE reflecting a country, region or any other group of comp_code authorization and then have based our authorizations on those nav....
hope this helps...
Olivier. -
Authorizations needed for MAM 2.5 for RFC user and business users
Hello all,
We are using MAM 2.5 application but we are facing authorizations issues.
It seems we have not enough authorizations on RFC user used between middleware system and back-end system located on the RFC destination MAM on the middleware.
And we don't find any SAP document related to this customizing.
Moreover is there any other or same document deals with authorizations needed on the back-end for each user using MAM on its mobile device ?
Thank in advance,
Eric GOURDOUHello,
Can you send me the errors you have?
If you have a trusted connection, then each users need the authorization S_RFCACL .
Other than that, I never had to set any authorization for the plant maintenance scenarios of MAM.
Thank you,
Julien.
msc mobile Canada
http://www.msc-mobile.com -
ABAP Code To Authenticate Users
Hi,
How can I code a ABAP program/function which will authenticate a user based only on their user id? Do not want to use their password.
I want the entire authentication process to happen in the ABAP code.
Any ideas?
Thanks,
AudreyHi,
To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:
AUTHORITY-CHECK OBJECT '<object>'
ID '<name1>' FIELD <f1>
ID '<name2>' FIELD <f2>
ID '<name10>' FIELD <f10>.
<object> is the name of the object that you want to check. You must list the names (<name1>, <name2> ...) of all authorization fields that occur in <object>. You can enter the values <f 1 >, <f 2 >.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the users profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.
There is an authorization object called F_SPFLI. It contains the fields ACTVT, NAME, and CITY.
SELECT * FROM SPFLI.
AUTHORITY-CHECK OBJECT 'F_SPFLI'
ID 'ACTVT' FIELD '02'
ID 'NAME' FIELD SPFLI-CARRID
ID 'CITY' DUMMY.
IF SY-SUBRC NE 0. EXIT. ENDIF.
ENDSELECT.
If the user has the following authorizations for F_SPFLI:
ACTVT 01-03, NAME AA-LH, CITY none,
and the value of SPFLI-CARRID is not between "AA" and "LH", the authorization check terminates the SELECT loop.
Hope it helps u.
Thanks&Regards,
Ruthra.R
Maybe you are looking for
-
Ironport Whitelist and related questions
Hi all, I have recently started at a new position for a company that is utilising ironport as the email spam filtering/virus checking appliance. Almost immediately after starting in my position issues were being discussed, where the senderbase reputa
-
How do I change the "Default Directory" associated with my subscription?
I was recently added as an administrator for a client's Azure subscription. This has caused his account AD to be the default directory I see when I log in. So every time I log in I have to open the Subscriptions menu and change the FILTER BY DIRECT
-
Am having issue with my iTools software... I can't transfer music to my iphone with my iTools.. If I try it, this msg will pop up...''unable to ascertain the compatibility of iTunes' I uninstall my iTunes and reinstall most current one.. But am stil
-
ORACLE OCA and OCP Certification.
Hi Guys, I am currently working in TCS BPO from last 2 years and 8 months for Cargo Revenue Accounting. Done my Accounting and finance graduation. I am very bored with the current profile I have and want to change the job. (though the place is good)
-
Hi. For a few days now, I've been hearing a faint high-pitched tone coming from my macbook pro. I've never heard this before, and it starts after I've used my computer for about 15 minutes to half an hour. It's not very loud, and you can't hear it ov