Basic Authorization

Similar Messages

• Call secure RestFul WebService with basic authorization via https

  Hi,
  is there a way to call a secure RestFul WebService with basic authorization via https from APEX?
  Database: Oracle 11g XE
  APEX: 4.2.1
  I have a solution by calling the WebService from Java which was called from the database via scheduled job (execute).
  As my hosting partner does not support Java I am looking for another option.
  Regards
  Markus

  Hi,
  I think its not possible, in this link you can find in more detail why.
  Its related with the use of wallets to acess https requests.
  http://www.apexninjas.com/blog/2011/06/https-access-with-utl_http-on-oracle-xe-has-anyone-managed-to-do-this/
  Edit: Because you are using Oracle XE
  Edited by: carlos.pereira on Jan 23, 2013 6:15 PM

• Basic Authorization  concept

  Hi Friends,
  I want to be clear in basic authorization terminologies.
  Can any one give the definition for the each below mentioned basic authorization terminologies with some example?
  1.Object class
  2.Authorization
  3.Authorization Object
  4.Authorization Field
  5.Field Value
  6.Profile
  7.Role
  8.Composite role
  9.Reference role
  10.Derived role
  Thanks in advance.
  Regards,
  Venu

  Hi Venu,
  Lets come from the top to bottom ...
  at the highest level you have the Role. A role can be defined as follows.
  <b>Role</b>
  The collection of activities that a person performs to participate in one or more business scenarios in an organization.
  Access to the transactions, reports, Web-based applications, and other objects contained in roles is through user menus.
  Also in a simple manner can be defined as a set of transaction codes in one bundle.
  Note : when a Tcode is assigned to a Role hte related authorization objects get autmaticaly assigned to the role. I hope its clear until now.
  So every Tcode i sassigned to a specific set pof Authorization objects and every authorization object has a set of Auth fields assigned to it. They can be che3cked in any role in transaction PFCG.
  for better programming SAP has classified a set of authorization objects into OBJECT classess. its not much of importance to you as its a system thing.
  One more thing is every role has a profile assigned to it when its created and Generated. Usually profiles are the concept until 4.0 system of SAP...later the roles concept came into existence and hence they are defunct exept a few standard SAP profiles like SAP_ALL and stuff which can be assigned to Users directlky. Else Profiles are also automatic assignment and get linked to a uswer once a user is assigned a particular properly generated role.
  Coming to other terms, a group of single roles can be bundles into a single <b>composite role</b>. Hence its justa group of single roles.
  In authorization concept, wehave the Parent Child relations hip in roles.
  That is... when a Role is created we call it the master role and its properties can be inherited by a cild role.
  the scenario is if we r having 4 company codes in an org, and i am supposed to create roles for each comp code seperately..so i try to create a master role and create 5 child roles with inheritance properties. this way any change to master role gets drilled down to child roles without having to change all the rolese seperately.
  This is the concept of <b>derived roles</b>.
  i wish this info has helpfed you...
  Br,
  Sri
  Thanks for the points...

• HTTPService basic authorization headers...

  Hi,
  I am trying to programatically add the Authorization header to a HTTPService call, but apparently the flash player 9 and 10 remove this header. crossdomain.xml with
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM
  "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
    <allow-access-from domain="*"/>
    <allow-http-request-headers-from domain="*" headers="Authorization"/>
  </cross-domain-policy>
  Does not work either.
  My code is as follows:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
      <mx:Script>
      <![CDATA[
      import mx.controls.Alert;
      import mx.rpc.events.ResultEvent;
      import mx.rpc.events.FaultEvent;
      import mx.utils.Base64Encoder;
         private function addAuthHeader(serv:*, username:String,password:String):void {
               //add the header to request
               var encoder : Base64Encoder = new mx.utils.Base64Encoder();
               encoder.insertNewLines = false;
               encoder.encode(username + ":" + password);
               var prop:String = "Basic "+ encoder.toString();
               serv.headers = {"Authorization":prop};
               //serv.headers["Authorization"] = "Basic " + encoder.toString();
               serv.send();
             private function getURL():void {
                addAuthHeader(myService, "admin", "crypticpassw");
              private function widgetResultHandler(event:ResultEvent):void
                  myText.text = event.result as XML;
              private function widgetFaultHandler(event:FaultEvent):void
                  Alert.show(event.fault.message, "Oeps..." + event);
      ]]>
      </mx:Script>
  <mx:HTTPService id="myService"
              url="http://localhost:8080/test/search/firstpage.xml"
              resultFormat="e4x"
                      result="widgetResultHandler(event);"
                      fault="widgetFaultHandler(event);"/>
  <mx:Button id="go" label="GO" click="getURL()" x="97" y="145"/>
  <mx:TextArea id="myText" x="97" y="48" width="223" height="89"/>
  <mx:Label x="97" y="22" text="Stop the custom search"/>
  </mx:Application>
  Can anyone tell me how I can get this functionality to work. The numerous examples on the web all look like mine, but none works because the header is removed before sending the request to the server.
  Kind regards,
  Marc de Kwant

  Hi,
  I am trying to programatically add the Authorization header to a HTTPService call, but apparently the flash player 9 and 10 remove this header. crossdomain.xml with
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM
  "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
    <allow-access-from domain="*"/>
    <allow-http-request-headers-from domain="*" headers="Authorization"/>
  </cross-domain-policy>
  Does not work either.
  My code is as follows:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
      <mx:Script>
      <![CDATA[
      import mx.controls.Alert;
      import mx.rpc.events.ResultEvent;
      import mx.rpc.events.FaultEvent;
      import mx.utils.Base64Encoder;
         private function addAuthHeader(serv:*, username:String,password:String):void {
               //add the header to request
               var encoder : Base64Encoder = new mx.utils.Base64Encoder();
               encoder.insertNewLines = false;
               encoder.encode(username + ":" + password);
               var prop:String = "Basic "+ encoder.toString();
               serv.headers = {"Authorization":prop};
               //serv.headers["Authorization"] = "Basic " + encoder.toString();
               serv.send();
             private function getURL():void {
                addAuthHeader(myService, "admin", "crypticpassw");
              private function widgetResultHandler(event:ResultEvent):void
                  myText.text = event.result as XML;
              private function widgetFaultHandler(event:FaultEvent):void
                  Alert.show(event.fault.message, "Oeps..." + event);
      ]]>
      </mx:Script>
  <mx:HTTPService id="myService"
              url="http://localhost:8080/test/search/firstpage.xml"
              resultFormat="e4x"
                      result="widgetResultHandler(event);"
                      fault="widgetFaultHandler(event);"/>
  <mx:Button id="go" label="GO" click="getURL()" x="97" y="145"/>
  <mx:TextArea id="myText" x="97" y="48" width="223" height="89"/>
  <mx:Label x="97" y="22" text="Stop the custom search"/>
  </mx:Application>
  Can anyone tell me how I can get this functionality to work. The numerous examples on the web all look like mine, but none works because the header is removed before sending the request to the server.
  Kind regards,
  Marc de Kwant

• How to pass Basic Authorization without poped dialog

  The following is the actionscript and crossdomain.xml
                  public function init():void{
                        var service:HTTPService=new HTTPService();
                        service.url="http://127.0.0.1:8080/manager/test/tomcat-users.xml";
                        service.method="POST";
                       service.headers["Authorization"]="Basic "+getAuthorization();
                        service.addEventListener(ResultEvent.RESULT,handler);
                        service.addEventListener(FaultEvent.FAULT,handler);
                        service.send();
                    public function handler(e:Event):void{
                        trace(e);
                    public function getAuthorization():String{
                        var encoder:Base64Encoder=new Base64Encoder();
                        encoder.encode("admin:12345");
                        return encoder.toString();
  <cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" secure="false"/>
  <allow-access-from domain="*" to-ports="*"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
  </cross-domain-policy>
  why is there still a dialog poped up for authorization.Anything else need to be done?

  give me the reason is also OK

• How to determine role authorization of user in MAM?

  Hi everyone,
  I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM.  I have the following question on user authorization:
  In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP?  For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has?  Is there a SyncBo that will give me such info?  I checked the JavaDocs for the SyncBo's, but they have NO descriptions.  The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090).  There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole().  Are any of these usable?
  Are there any good documents that I can look at to determine what each SyncBo's does? 
  Many thanks!
  Jeffrey

  Hi Jeffrey!
  Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
  (1) SAP Backend:
  (1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
  (1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
  (2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
  (3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
  Let me know, if you are looking for any other additional info.
  Thank You
  Gisk

• Inserting authorizations from template

  Hi all,
  Does anyone know what are the basic authorizations needed for reporting and planning activities. I do not mean the basic analysis authorizations - I mean the basis authorizations - those you usually insert from a template such as S_RS_TREPU.

  Hi,
  you don't have to use:
  S_RS_ICUBE
  S_RS_ICUBE
  S_RS_ISET
  S_RS_MPRO
  S_RS_ODSO
  Because you have to set at less one authorization with the following authorization IO:
  0TCAACTVT
  0TCAIPROV
  0TCAVALID
  Don't forget:
  S_DEVELOP
  S_RO_BCTRA in ECC side for activate (remote) Datasource
  S_RS_BITM NEW
  S_RS_BTMP NEW
  S_USER_AGR
  S_RS_BC
  S_RS_BCS
  S_RS_AUTH (Data)
  S_RS_IOBJ
  S_GUI
  S_RS_DS: Authorizations for working with the DataSource or its sub-objects (as
  of SAP NetWeaver 2004s)
  &#56256;&#56452; S_RS_ISNEW: Authorizations for working with new InfoSources or their subobjects
  (as of SAP NetWeaver 2004s)
  &#56256;&#56452; S_RS_DTP: Authorizations for working with the data transfer process and its subobjects
  &#56256;&#56452; S_RS_TR: Authorizations for working with transformation rules and their subobjects
  &#56256;&#56452; S_RS_CTT: Authorizations for working with currency translation types
  &#56256;&#56452; S_RS_UOM: Authorizations for working with quantity conversion types
  &#56256;&#56452; S_RS_THJT: Authorizations for working with key date derivation types
  &#56256;&#56452; S_RS_PLENQ: Authorizations for maintaining or displaying the lock settings.
  &#56256;&#56452; S_RS_RST: Authorization object for the RS trace tool
  &#56256;&#56452; S_RS_PC: Authorizations for working with process chains
  &#56256;&#56452; S_RS_OHDEST: Open Hub Destination
  &#56256;&#56452; S_RS_DAS: Authorizations for working with Data Access Services
  &#56256;&#56452; S_RS_BTMP: Authorizations for working with BEx Web templates
  &#56256;&#56452; S_RS_BEXTX: Authorizations for the maintenance of BEx texts
  &#56256;&#56452; Authorization objects for the administration of analysis authorizations:
  &#56256;&#56452; S_RSEC: Authorization for assignment and administration of analysis
  authorizations
  &#56256;&#56452; S_RS_AUTH: Authorization object to include analysis authorizations in
  roles
  &#56256;&#56452; Changed Authorization Objects:
  &#56256;&#56452; S_RS_ADMWB (Data Warehousing Workbench: Objects)
  hope it helps

• PI  Developer Authorizations for ABAP and Netweaver

  Hello,
  I was wondering if anyone had the basic authorizations for a developer in PI? I also need to know what they need access to in the Configuration Tool? I have the Security Guide but I was looking for a little more specifics? Anyone that could help would be fantastic.
  James

  Hi James,
  I find this one useful
  http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
  As for the Config tool, i don't think developer should have access to it. It should be restricted to BASIS Team only
  Cheers !!
  Zaheer

• SRT : Authorization Error

  Hi Experts,
  I have SAP_All authoriztion in my ECC user ID.
  If i test my Webservices using that ID it is working.
  But I am trying to access the same webservices from another ECC user ID which doesn't have SAP_All authoriztaion.
  It has the basic authorization.
  I am getting this error -
     An error has occurred. Maybe the request is not accepted by the server:
  'SRT Authorization Error'.
  What is the type of authorization should that ECC user ID must have to access the web Services?
  If it is not related with authorization issue. What settings needs to be done while creation of Web Services?
  Kindly help me to resolve the Issue.
  Regards,
  Ragunathan.R

  Hi,
  Search for "SAP_BC_WEBSERVICE*" roles and give appropriate roles to your user (i.e. SAP_BC_WEBSERVICE_ADMIN etc)
  Regards,
  Gourav

• IT0008 Authorization

  Hi Experts,
  Is there a provision for providing authorization for entering salary details IT0008. How to provide autorization ,If so what are the ways to define the levels of authorization?
  Request if anyone can help me out with this.
  Have a nice day.
  Regards,
  Sriram

  Hi,
  Usually we have basis team to handle this, but after a while even you can do it. the important tcode is pfcg and su01.
  The most basic authorization you can set up is restriction to infotype, operation,  personnel area, personnel sub area. For example you can only view basic pay for employee group x, but you can edit basic pay for employee group y. if you need further restriction then you have to add authorization object. There are also different type of authorization like, you can create 0008 (system wont use this record though) but you need other people to save it (so the system can start using the new record). Please let me know if you need anything else.
  Regards

• Nexus 5K and 7K RADIUS Authorization with Steel Belted RADIUS

  I am attempting to provide very basic authorization via Steel Belted RADIUS for a Nexus deployment.
  Here is the code from the Nexus:
  radius-server host [server]  key [key]
  radius-server host [server]  key [key]
  ip radius source-interface mgmt0
  aaa group server radius GEN_AAA
      server [server]
      server [server]
      use-vrf management
      source-interface mgmt0
  aaa authentication login default group GEN_AAA
  aaa authentication login console group GEN_AAA
  aaa accounting default group GEN_AAA
  aaa authentication login error-enable
  On the Steel Belted RADIUS server the client is setup as a basic IOS 11.1 or later (Nexus is not an option).  The group setup for the relevant user group has a return code of:
  shell:roles*"network-admin"
  shell:priv-lvl=15
  When I authenticate from a Catalyst 6509 with IOS 12.2 the authorization based on the shell:priv-lvl works fine.  Only those users in the 'special' group have admin (lvl 15) access.
  With the Nexus gear I authenticate fine but the RADIUS user is always put in the network-operator role (default) regardless of the 'special' group shell:roles*"network-admin" return code defined.
  In other words it seems to work fine for IOS devices (Catalyst 6500 and 3750E so far) but not at all for Nexus gear.  Unfortunately I am not in a position to suggest and implement ACS or another AAA server that supports TACACS.
  Is there any way to pull this off with SBR?
  Any help is much appreciated.

  Hello Nusrat,
  I appreciate the pointer.  If I was using TACACS for AAA, authorization sets would be a consideration.  However, authorization is not permitted when using RADIUS for AAA on the Nexus platform.
  In any case I was able to resolve the issue with the assistance of the customer and their support contact at Juniper.  For the VSA feature to begin working a change to the INI file and a restart of the SBR services was required.  Placing the desired group of users in the network-admin group is functioning as desired.
  NOTE:
  In addition to the configuration in the original post the following should be added to stop any 'standard' users defined on the SBR server from logging in with network-operator privileges:
  no aaa user default-role
  If no role is provided from the RADIUS server via the Cisco-AVPAIR VSA (ex. Cisco-AVPAIR = shell:roles*network-admin) by default a Nexus box places the user in the network-operator role.  This role has complete read access on the system allowing, among other things, a read view of the configuration.  The above command stops any role mapping resulting in non-configured users / groups on the RADIUS box not being able to log in period.

• Necessary Authorizations for BI Consultant

  Dear All,
      What are the necessary Authorizations for BI 7.0 Consultant to work on a BI development system ?
       I have created source system (ECC Dev system), installed Bex analyser and I would like to verify if there are any standard tasks to be performed to make the system ready for BI consultant and required authorizations to perform all the activities.
  Thanks,
  Nick.

  Hi,
  The basic authorizations you need are RSA1, then you need to have access to all the infoareas, objects. You need access to modify, create, activate objects. In addition you'll need access to maintain master data for master data objects, monitor job loads, process chain access, query creation and change access. Query execute access. Authorizations to replicate datasources, activate them and access for creation, change and activation of DTPs, Infopackages and Transformations is also needed.
  These are some of the basic authorizations you need in the development system.
  For all other systems, you only need display authorizations for all objects.For data viewing, it'll be based on what security you get. Based on the client strategy in some places, you might get authorization to create, change and activate infopackages and DTPs. But to maintain the integrity of the Process chains and the environments, the best practice would be create these objects in dev and then transport them.
  Cheers,
  Kedar

• Assigning Capabilities for authorization

  I have a link on end user page which i want to enable/disable based on one capability. I created a capability without giving any administrative capability but that didn't work. As soon as I give any admin capability within this capability it works. I don't want to give any admin/extra capabilities.
  Also I saw the scenario if I add this capability to admin roles it works. I don't want to create admin roles just for this basic authorization.
  Is there any other way apart from capability e.g. groups so that I can create group and assign user and use that for authorization like other products do.
  Let me know if there is a simple way to use user authorization without giving any unwanted privilege to user; and which has to be only used on end user interface.
  TIA

  Hello,
  thank you for the answer but the link you provided explains how to administer the licenses.
  My requirement is to allow a specific user to use transaction SU01 to create new users, but
  only with the special license type ('54' in this case).
  So far I was unable to find what  Authorization Object is used to control that (if any).
  Regards,
  Hubert

• Service Desk: error while sending message to SAP

  Hello Gurus,
  I have configured Service Desk in Solution Manager. When i create a message in one of my Satellite Systems the message appears in Solman but when i try ro send the message to SAP i get the following error.
  "You do not have authorization to Send or Compare a notification"
  The user has SAP_ALL and NEW and the same has been maintained in AISUSER table. After i get the error i executed SU53 but there are no missing authorization.
  Can someone please tell me what the problem could be?
  Regards
  Anil Verma B

  Hi,
  Apart from the SAPOSS, SAP-OSS, SAP-OSS-LIST-01  rfcs, pls ensure the basic authorizations for solman has been verified and given.
  SAP_SUPPDESK_ADMIN
  SAP_SUPPDESK_CREATE
  SAP_SV_FDB_NOTIF_BC_ADMIN
  Please also verify if you had the BADI settings done correctly as per note
  1140822    SAP customer number for installation number &1 unkn
  Hope this helps.
  Cheers
  Sh

• Returning playbook for repair

  Can someone tell me what is an RMA - and where the heck do I find it?  Trying to return my nearly new playbook for repair and have had nothing but headaches.
  Thanks,

  RMA, Return Manufacture Authorization, or something  like that. It basically authorizes your return of the device.
  Call your PlayBook support number and go over the issue with the support tech and they issue the RMA.
  www.blackberry.com/playbook
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code