Authorize and authenticate user

Similar Messages

• Scipt to prompt and authenticate users to AD and then map 2 next available drive letters to 2 network shares

  Hi,
  So I have been trying to write some code that will
  prompt users to authenticate to AD and use that authentication to map the next 2 available drive letter to two network shares.
  I have adopted using the HAT format as this provides me with the ability to prompt for a username and password and authenitcate to AD.
  <script language="vbscript">
  Function setSize()
  window.resizeTo 350,300
  Window.moveTo (screen.width-240)/2, (screen.height-600)/2
  End Function
  Function cmdSubmit_OnClick()
  Dim strUser 'User Name variable
  Dim strPW 'User Password variable
  if auth.username.value = "" Then
  msgbox ("ERROR: No User account information provided. Please Try Again!")
  cmdSubmit_OnClick = False
  Elseif auth.password.value = "" Then
  msgbox ("ERROR: No User account information provided. Please Try Again!")
  cmdSubmit_OnClick= False
  Else
  strUser = auth.username.value
  strPW = auth.password.value
  Authenticate strUser, strPW
  End If
  End Function
  Public Sub Authenticate (Byref strUser, Byref strPW)
  On Error Resume Next
  Const ADS_SECURE_AUTHENTICATION = &H1
  Const ADS_SERVER_BIND = &H200
  Dim strPath 'LDAP path where the Users accounts are listed
  Dim LDAP 'Directory Service Object reference variable
  Dim strAuth 'Parses the User Name and Password through the DSObject
  strPath = "LDAP://fanzldap.au.fjanz.com/rootDSE"
  Set LDAP = GetObject("LDAP://company/rootDSE")
  Set strAuth = LDAP.OpenDSObject(strPath, strUser, strPW, ADS_SECURE_AUTHENTICATION Or ADS_SERVER_BIND)
  If Err.number <> 0 Then
  intTemp = msgbox(strUser & " could not be authenticated", vbYES)
  if intTemp = vbYes Then
  'window.location.reload()
  End If
  Else
  For Each obj in strAuth
  If obj.Class = "user" Then
  If obj.Get("samAccountName") = strUser Then
  msgbox ("Success! " & strUser & " has been authenticated with Active Directory")
  window.close()
  Set wShell = CreateObject("Wscript.shell")
  wShell.run "Firstletterali.vbs"
  End If
  End If
  Next
  End If
  End Sub
  </script>
  <head>
  <body style="background-color:#B0C4DE">
  <img src=Title.jpg><br>
  <HTA:APPLICATION
  APPLICATIONNAME="User Login"
  BORDER="thin"
  SCROLL="no"
  SINGLEINSTANCE="yes"
  WINDOWSTATE="normal">
  <title>NAS Authentication</title>
  <body onload="vbs:setSize()">
  <div class="style2">
  <h3>NAS Archive Authentication</h3>
  </div>
  <form method="post" id="auth" name="auth">
  <span class="style3"><strong>User Name:&nbsp; </strong></span>
  <input id="Username" name="Username" type="text" style="width: 150px" /><br>
  <span class="style3">
  <strong>Password:&nbsp;&nbsp;&nbsp;&nbsp; </strong></span>
  <input id="password" name="password" type="password" style="width: 150px" /><br><br>
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input type="submit" value="Submit" name="cmdSubmit" />
  <input type="button" value="Exit" onclick="self.close()">
  </form>
  </body>
  </html>
  using the above I can succefully authenticate users but I cant work out how to then use that authenticattion to map the next to available drive letters to a network source.
  The code I have for that is
  Option Explicit
  Dim strDriveLetter, strRemotePath, strRemotePath1, strDriveLetter1
  Dim objNetwork, objShell
  Dim CheckDrive, DriveExists, intDrive
  Dim strAlpha, strExtract, intAlpha, intCount
  ' The section sets the variables
  strRemotePath = "\\mel\groups\Team\general"
  strRemotePath1 = "\\mel\groups\Team\specific"
  strDriveLetter = "B:"
  strDriveLetter1 = "H:"
  strAlpha = "BHIJKLMNOPQRSTUVWXYZ"
  intAlpha = 0
  intCount = 0
  err.number= vbEmpty
  ' This sections creates two objects:
  ' objShell and objNetwork and then counts the drives
  Set objShell = CreateObject("WScript.Shell")
  Set objNetwork = CreateObject("WScript.Network")
  Set CheckDrive = objNetwork.EnumNetworkDrives()
  ' This section operates the For ... Next loop
  ' See how it compares the enumerated drive letters
  ' With strDriveLetter
  On Error Resume Next
  DriveExists = False
  ' Sets the Outer loop to check for 24 letters in strAlpha
  For intCount = 1 To 24
  DriveExists = False
  ' CheckDrive compares each Enumerated network drive
  ' with the proposed drive letter held by strDriveLetter
  For intDrive = 0 To CheckDrive.Count - 1 Step 2
  If CheckDrive.Item(intDrive) = strDriveLetter _
  Then DriveExists = True
  Next
  intAlpha = intAlpha + 1
  ' Logic section if strDriveLetter does not = DriveExist
  ' Then go ahead and map the drive
  'Wscript.Echo strDriveLetter & " exists: " & DriveExists
  If DriveExists = False Then objNetwork.MapNetworkDrive _
  strDriveLetter, strRemotePath
  call ShowExplorer ' Extra code to take you to the mapped drive
  ' Appends a colon to drive letter. 1 means number of letters
  strDriveLetter = Mid(strAlpha, intAlpha,1) & ":"
  ' If the DriveExists, then it is necessary to
  ' reset the variable from true --> false for next test loop
  If DriveExists = True Then DriveExists = False
  Next
  WScript.Echo "Out of drive letters. Last letter " & strDriveLetter
  WScript.Quit(1)
  'Sub ShowExplorer()
  'If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
  'If DriveExists = False Then objShell.run _
  '("Explorer" & " " & strDriveLetter & "\" )
  'If DriveExists = False Then WScript.Quit(0)
  'End Sub
  On Error Resume Next
  DriveExists = False
  ' Sets the Outer loop to check for 24 letters in strAlpha
  For intCount = 1 To 24
  DriveExists = False
  ' CheckDrive compares each Enumerated network drive
  ' with the proposed drive letter held by strDriveLetter1
  For intDrive = 0 To CheckDrive.Count - 1 Step 2
  If CheckDrive.Item(intDrive) = strDriveLetter1 _
  Then DriveExists = True
  Next
  intAlpha = intAlpha + 1
  ' Logic section if strDriveLetter1 does not = DriveExist
  ' Then go ahead and map the drive
  'Wscript.Echo strDriveLetter1 & " exists: " & DriveExists
  If DriveExists = False Then objNetwork.MapNetworkDrive _
  strDriveLetter1, strRemotePath1
  call ShowExplorer ' Extra code to take you to the mapped drive
  ' Appends a colon to drive letter. 1 means number of letters
  strDriveLetter1 = Mid(strAlpha, intAlpha,1) & ":"
  ' If the DriveExists, then it is necessary to
  ' reset the variable from true --> false for next test loop
  If DriveExists = True Then DriveExists = False
  Next
  WScript.Echo "Out of drive letters. Last letter " & strDriveLetter1
  WScript.Quit(1)
  Sub ShowExplorer()
  If DriveExists = False Then Wscript.Echo strDriveLetter & " Has been mapped for archiving"
  If DriveExists = False Then objShell.run _
  ("Explorer" & " " & strDriveLetter & "\" )
  If DriveExists = False Then WScript.Quit(0)
  End Sub
  Now the above script will find the next availabe letter and map one location to it...I still havent worked out to create another loop for it to do it again. It obviously also requires that you already be authenticated to map to that location.
  I looking for some help on how to marry these to scripts together.
  Thanks
  Ali

  Hi Ali
  Here is some code that will enumerate two free adjacent drive letters. It starts searching from "C" all the way to "Z" for two drives letters that are adjacent and returns the results in an array then echos the results. You can easily adapt this code to
  map your network drives to each drive letter. Hope that helps
  Cheers Matt :)
  Option Explicit
  Dim objFSO
  On Error Resume Next
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  ProcessScript
  If Err.Number <> 0 Then
  WScript.Quit
  End If
  On Error Goto 0
  'Functions Processing Section
  'Name : ProcessScript -> Primary Function that controls all other script processing.
  'Parameters : None ->
  'Return : None ->
  Function ProcessScript
  Dim driveLetters, driveLetter
  If Not GetFreeDrives(driveLetters) Then
  Exit Function
  End If
  For Each driveLetter In driveLetters
  MsgBox driveLetter, vbInformation
  Next
  End Function
  'Name : GetFreeDrives -> Searches for a pair of free adjacent drive letters.
  'Parameters : adjacentDrives -> Input/Output : variable assigned to an array containing the first two free adjacent drives.
  'Return : GetFreeDrives -> Returns True if Successful otherwise returns False.
  Function GetFreeDrives(adjacentDrives)
  GetFreeDrives = False
  Dim drive, driveLetter, drivesDict, i
  Set drivesDict = NewDictionary
  driveLetter = "C"
  'Add the drives collection into the dictionary.
  For Each drive In objFSO.drives
  drivesDict(drive.DriveLetter) = ""
  Next
  'Check drive letters C: to Z: for two free adjacent drive letters and set the "driveLetter" variable to the first one.
  For i = Asc(driveLetter) To Asc("Z")
  If Not drivesDict.Exists(Chr(i)) And Not drivesDict.Exists(Chr(i + 1)) Then
  driveLetter = Chr(i)
  Exit For
  End If
  Next
  'If two free adjacent drive letters were not found then exit.
  If driveLetter = "" Then
  Exit Function
  End If
  adjacentDrives = Array(driveLetter, Chr(Asc(driveLetter) + 1))
  GetFreeDrives = True
  End Function
  'Name : NewDictionary -> Creates a new dictionary object.
  'Parameters : None ->
  'Return : NewDictionary -> Returns a dictionary object.
  Function NewDictionary
  Dim dict
  Set dict = CreateObject("scripting.Dictionary")
  dict.CompareMode = vbTextCompare
  Set NewDictionary = dict
  End Function

• Can you authenticate users from 2 different AAA-servers for one specific tunnel-group?

  I need to authenticate users from two separate AD LDAP databases on the same tunnel-group. I would like them to use the same tunnel-group and thereby using the  same group-alias. I tried creating a new aaa-server group and putting both LDAP servers into group but apparently the ASA does not roll through the separate servers in the aaa-server group and will stop if the first server states that the authentication failed.
  I also tried assigning multiple aaa-server groups into the tunnel-group authentication-server-group but that also did not work. I finally tried to create a separate tunnel-group and assigning it the same group-alias but the ASA will not allow me to assign the same group-alias to different tunnel-group. What is the best way to accomplish this without having to create a new group-alias that will show up and possible confuse the dumb users requiring this access? Please help.

  If you don't want ANY drop down I believe you can do it in a kludgy sort of way.
  Eliminate all the group aliases (which are used to populate the dropdown) and make a local database of the users for the sole purpose of assigning / restricting them to a non-default tunnel-group which authenticates to the secondary LDAP server. 
  You can also send out a non-published URL that points to a second tunnel-group not in the dropdown.
  Of course, we can accomplish this if the AAA server is ISE. ISE 1.3 can authenticate users to multiple AD domains (with or without trust relationships) or a single domain with multiple join points in the Forest.
  The ISE answer makes me wonder - could you establish trust between the domains and authenticate users that way?

• Authenticate user by LDAP server

  Environment: WLS6.0 Netscape Directory Server 4.1
  I have successful protect a servlet and authenticate user by "File Realm". But I can't authenticate user by "Security Realm(LDAP). Pls tell me any configure I miss.
  ======weblogic.xml entites========
  <security-rike-assignment>
  <role-name>manager</role-name>
  <principal-name>joan</principal-name>
  <principal-name>awang</principal-name>
  </security-role-assignment>
  (the user joan has defined in "File Realm", and there is a user in LDAP: uid=awang, ou=IT, dc=CMD)
  And why the user "awang" can't access the servlet (the username field enter "awang"; the password filed enter "awang123")
  =====config.xml entities=====
  <LDAPRealm AuthProtocol="simple" Crdential="awang123" GroupDN="dc=CMD" GroupIsContext="false" LDAPURL="ldap://127.0.0.1:389" Name="defaultLDAPRealmForNetscapeDirectoryServer" Principal="uid=awang, ou=IT, dc=CMD" UserAuthentication="local" UserDN="dc=CMD" UserNameAttribute="uid"

  You can use jsp's and servlets.
  Have a .jsp (i.e. login.jsp) that has 2 fields username / password and a submit button i.e.
  <form method="post" action="/servlet/LoginServlet">
  <input type="text" size="15" name="username" value="">
  <input type="password" size="15" name="password" value="">
  <input type="submit" name="Submit" value="Authenticate">
  </form>In your servlet (i.e. LoginServlet) is where you retrieve the username / password by doing something like:
  public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String username = request.getParameter("username");
    String password = request.getParameter("password"); 
  }You would now do your LDAP authentication. see http://java.sun.com/products/jndi/tutorial/ldap/security/ldap.html
  Depending on whether the authentication was successful or not you would redirect the user to an error page or to the next .jsp (i.e changePassword.jsp) where they can change their password.

• Server Behaviours...Authenticate User

  I am trying to create a login page using macromedia, I got
  the form setup with text box's and button.. then I try and go to
  server behavior and authenticate user... but that choice is not
  there..
  How do I get that choice ?

  > Yes a site has been setup and it's setup to use ASP.net
  VB. Testing server is
  > also setup.
  and this is an .asp page that's been saved to within this
  site folder...
  Alan
  Adobe Community Expert, dreamweaver
  http://www.adobe.com/communities/experts/

• How can authenticate users´portal in OIM?

  I have installed Aqualogic Interaction 6.5, and I want import and authenticate users from OIM(or another LDAP)? What i can do?
  I read that i must install Oracle webcenter identity services? It´s true? Where i can adquire?
  thanks

  I have not tried with 6.5, btu I think you just need to install one of the identity services which allow you to sync and authenticate against various sources (LDAP, AD, etc). See here for more info http://edocs.bea.com/alui/integration/

• Cisco ip phone and wired user authenticate form ISE

  Hi dears,
  I configurate wired users from Cisco ISE. The authentication protocol is Eap-fast, the external device is DC. The wired user authenticate from ISE normally. I use labminutes web sites for configuration video.
  Now the customer also want the cisco phone is authenticate from ISE. the physical connection is that: the cable connect to phone from switch. and one cable is connec from phone to pc.(standard physiacl connection.)
  I create new authentication policy and use mab, and  new authorization police.
  The problem is : the phone is authenticate is normally but the wired user want to authenticate but it can not authenticate.
  Can someone provide me a best practice configuration on ise and switch for phone and wired user authentication. or please say the source of problem.
  Thanks.

  interface GigabitEthernet1/0/48
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 14
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize vlan 20
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  do you need ISE configuration??

• Cisco WLC 2504 and ways to authenticate users

  Hi All,
       What is the ways to make user authenticate to WLC 2504 and what is the best and simple way and what is the differences btw each method _i mean for example need radius server or something else to be exist_ ?
       and any one can give me case study for this issue
  System consist of Cisco 2504 and Cisco LAP 1140
  Thanks

  To implement radius based authentication is the best practice for the small & enterprise environment.
  Information About RADIUS
  Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides centralized security for users attempting to gain management access to a network. It serves as a backend database similar to local and TACACS+ and provides authentication and accounting services:
  •Authentication—The process of verifying users when they attempt to log into the controller.
  Users must enter a valid username and password in order for the controller to authenticate users to the RADIUS server. If multiple databases are configured, you can specify the sequence in which the backend database must be tired.
  •Accounting—The process of recording user actions and changes.
  Whenever a user successfully executes an action, the RADIUS accounting server logs the changed attributes, the user ID of the person who made the change, the remote host where the user is logged in, the date and time when the command was executed, the authorization level of the user, and a description of the action performed and the values provided. If the RADIUS accounting server becomes unreachable, users are able to continue their sessions uninterrupted.
  RADIUS uses User Datagram Protocol (UDP) for its transport. It maintains a database and listens on UDP port 1812 for incoming authentication requests and UDP port 1813 for incoming accounting requests. The controller, which requires access control, acts as the client and requests AAA services from the server. The traffic between the controller and the server is encrypted by an algorithm defined in the protocol and a shared secret key configured on both devices.
  You can configure multiple RADIUS accounting and authentication servers.For example, you may want to have one central RADIUS authentication server but several RADIUS accounting servers in different regions. If you configure multiple servers of the same type and the first one fails or becomes unreachable, the controller automatically tries the second one, then the third one if necessary, and so on. 
  For more Information : http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_security_sol.html#wp2149947

• How to authenticate external and internal users on different AD

  What is the recommended way to authenticate external users as well as internal employees in a customer facing application?
  We have external users in an Active Directory in the DMZ and our employees in our internal DMZ.  Unfortunately we don't have an identity management system in place and wondering if there is a way we could authenticate user against two active directories without creating a trust between them.
  We are implementing EP7.0
  Thanks in Advance.

  You can also use user partitioning. A feature of the UME which allows for having different user persistence options for different users. What you could do in this case have the external user stored in the local db or an LDAP for the external users and the internal users stored in an internal LDAP directory. For more details about <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/e0/b60b404b2b1e07e10000000a1550b0/frameset.htm">user partitioning</a>, please see the docs.
  regards,
  Patrick

• Authentication and authorization for AD users in UCM11g

  Hi all
  we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
  Thanks
  Somesh

  As you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
  As for SSO, refer to the:
  http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
  and
  http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
  Procedure steps are:
  Create a user account for the hostname of the web server machine in Active Directory
  Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
  Generate the keytab file
  Create a JAAS Login File named krb5Login.conf
  Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
  Configure the Identity Assertion Provider
  Adjust Weblogic Server startup arguments for Kerberos authentication
  Redeploy CS (and optionally other servers) server with the documentation given deployment plan
  Check web browser configuration (IE and Firefox only)
  Take a deep breath and test
  If successful have a cake and cup of coffee else goto step one
  Regards,
  Boris

• DAC server start-up error and Can't authenticate user

  HI,
       we have installed DAC server in Linux machine and client on windows. By using DAC client we restored the backup of DAC repository, DAC client was working fine still restoration and after restoring it’s not logging in. It throws error like "Can't authenticate user"
  while starting DAC services in Unix server it throws an error like
  ANOMALY INFO An exception occurred. Shutting down server...
  MESSAGE:::/u01/DAC/jdk/jre/lib/i386/xawt/libmawt.so: libXext.so.6: cannot open shared object file: No such file or directory
  EXCEPTION CLASS::: java.lang.UnsatisfiedLinkError
  Note: since DAC client is not separately available for windows we have installed dac server also and while installing and after installing we never configured to connect to the dac server which is in Linux, we have configured only DB.
  we have successfully installed OBIEE, Informatica, and DAC version is 10.1.3.4.1.
  How to start the DAC services?
  How to configure dac client to connect to DAC server and how to solve this "Can't authenticate user" issue?
  Pls help in this regard.
  Thanks in advance.

  EddyLau wrote:
  Hi,
  I encounter the "Can't authenticate user" error in DAC first setup after installation when it prompt up to ask for setting up administrator id and password.
  here's my sql statement to create database schema for dac in oracle database.
  grant dba, connect, resource, create view, create session to SSE_ROLE;
  create user DEV_DAC identified by "password";
  grant DEV_DAC to SSE_ROLE;
  grant dba, connect, resource, create view, create session, grant any role to DEV_DAC;
  I tried dropping the data schema and create it again but still fail to authenticate.
  did I grant enough privileges to the database schema?
  Please help.
  Thanks,
  EddyLogin to DEV_DAC using the credentials from SQL Developer or sql
  Then do select * from W_ETL_USER -- here you will see 2 Administrator id's listed
  now run the command Delete From W_ETL_USER
  Now login to dac client with Administrator and pwd which you have set earlier.
  Mark as helpful or correct if it helps
  Thanks,
  RM

• Define and assign user authorization groups in FI

  Hi All,
  In order to allow some specific group of users to post in AUGR allowed periods, how do I define and assign user authorization groups in FI?
  Thanks,
  Teo

  Hi Teo,
  Here i am giving some authorisations in fi
  F_AVIK_BUK FI Payment Advice: Authorization for Company Codes
  F_BKPF_BED FI Accounting Document: Account Authorization for Customers
  F_BKPF_BEK FI Accounting Document: Account Authorization for Vendors
  F_BKPF_BES FI Accounting Document: Account Authorization for G/L Accounts
  F_BKPF_BLA FI Accounting Document: Authorization for Document Types
  F_BKPF_BUK FI Accounting Document: Authorization for Company Codes
  F_BKPF_BUP FI Accounting Document: Authorization for Posting Periods
  F_BKPF_GSB FI Accounting Document: Authorization for Business Areas
  F_BKPF_KOA FI Accounting Document: Authorization for Account Types
  F_BKPF_VW FI Acc. Document: Change/Display Default Vals for Doc.Type/PKey
  F_BL_BANK FI Authorization for House Banks and Payment Methods
  F_BNKA_BUK FI Banks: Authorization for Company Codes
  I hope it will help.
  BR,
  Satya

• Query problem - authorization and user entry variable as filter

  hi,
  I made two variables for the characteristic 0COMP_CODE.
  The first variable is a user entry variable for the selection.
  The second variable is my authorization variable with multiple single values.
  This two variables are defined as filter in the query.
  The problem is as follows:
  A user is authorized to see the data from three companies. For example companies 1, 2 and 3.
  Now he enters on the selection for the 0COMP_CODE the value 2 to see only the data of this company. The query result gets me confused. It shows all data of the companies 2 and others. It basicly shows more companies than he has selected.
  Other companies of the authorization variable are shown.
  It works if the user has the authorization over all companies.
  Did someone has the same problem?
  Thanks for your help/advice.
  regards,
  Pascal

  Hi Pascal,
  this is an issue. The main problem is that you just can't influence via the exit for a vairable "ready for input".
  What could be done is define a dummy element (hidden in the final display) in your query like a restricted KeyFigure to a variable based on COMP_CODE; let's say VAR1 ready for input.
  You char COMP_CODE would then be filtered by a variable not ready for input processed by user exit, VAR2.
  The exit would ready VAR1. If there any value complying with the authorized one then populate VAR2 with it, otherwise remove it (you could use STEP_3 to raise a message "you aren't authorized to use comp_code XYZ" and return to the initial variable screen). If VAR1 is empty, then populate VAR2 wit all corresponding aithorized values.
  The main issue is that
  1- this is bypassing the standard functionality of authorization variables
  2- any report would have to be designed like that!
  What we have done is to add nav_attr / and added more IObjs in the InfoProviders related to 0COMP_CODE reflecting a country, region or any other group of comp_code authorization and then have based our authorizations on those nav....
  hope this helps...
  Olivier.

• Authorizations needed for MAM 2.5 for RFC user and business users

  Hello all,
  We are using MAM 2.5 application but we are facing authorizations issues.
  It seems we have not enough authorizations on RFC user used between middleware system and back-end system located on the RFC destination MAM on the middleware.
  And we don't find any SAP document related to this customizing.
  Moreover is there any other or same document deals with authorizations needed on the back-end for each user using MAM on its mobile device ?
  Thank in advance,
  Eric GOURDOU

  Hello,
  Can you send me the errors you have?
  If you have a trusted connection, then each users need the authorization S_RFCACL .
  Other than that, I never had to set any authorization for the plant maintenance scenarios of MAM.
  Thank you,
  Julien.
  msc mobile Canada
  http://www.msc-mobile.com

• ABAP Code To Authenticate Users

  Hi,
  How can I code a ABAP program/function which will authenticate a user based only on their user id?  Do not want to use their password.
  I want the entire authentication process to happen in the ABAP code.
  Any ideas?
  Thanks,
  Audrey

  Hi,
  To check the authorization of the user of an ABAP program, use the AUTHORITY-CHECK statement:
  AUTHORITY-CHECK OBJECT '<object>'
                          ID '<name1>' FIELD <f1>
                          ID '<name2>' FIELD <f2>
                          ID '<name10>' FIELD <f10>.
  <object> is the name of the object that you want to check. You must list the names (<name1>, <name2> ...) of all authorization fields that occur in <object>. You can enter the values <f 1 >, <f 2 >.... for which the authorization is to be checked either as variables or as literals. The AUTHORITY-CHECK statement checks the user’s profile for the listed object, to see whether the user has authorization for all values of <f>. Then, and only then, is SY-SUBRC set to 0. You can avoid checking a field by replacing FIELD <f> with DUMMY. You can only evaluate the result of the authorization check by checking the contents of SY-SUBRC. For a list of the possible return values and further information, see the keyword documentation for the AUTHORITY-CHECK statement. For further general information about the SAP authorization concept, refer to Users and Authorizations.
  There is an authorization object called F_SPFLI. It contains the fields ACTVT, NAME, and CITY.
  SELECT * FROM SPFLI.
     AUTHORITY-CHECK OBJECT 'F_SPFLI'
                          ID 'ACTVT'  FIELD '02'
                          ID 'NAME' FIELD SPFLI-CARRID
                          ID 'CITY'   DUMMY.
     IF SY-SUBRC NE 0. EXIT. ENDIF.
  ENDSELECT.
  If the user has the following authorizations for F_SPFLI:
  ACTVT 01-03, NAME AA-LH, CITY none,
  and the value of SPFLI-CARRID is not between "AA" and "LH", the authorization check terminates the SELECT loop.
  Hope it helps u.
  Thanks&Regards,
  Ruthra.R