Bi Roles (Developer & Security Admin) in Development System

Similar Messages

• Security on a monitored system

  Hey Experts
  Is there any way to control the security, authorizations, roles for a monitored system from Solution Manager?

  Through CUA, you can manage security admin to remote systems.
  Solman doesn't provide functionality to manage security to satellite systems.
  Thanks,
  Digesh

• Developing security Roles and profiles

  Hi Team,
  Can you guys let me know how to develop security roles and profiles. We are rolling out for a company in Japan, and the congif is completed. We are in the process of developing test cases ans also security roles and profiles for users? Can somebody guide and help me on this?
  Regards,

  Hi,
  Use Tcode = PFCG -->then create any customized roles and profiles for any users on module based.
  user masters: USR01 to 09, UST04,
  profiles: USR10, USR11, UST10S, UST10C,
  authorisations: USR12, USR13, UST12.
  password exceptions USR40.
  History tables(may not be applicable but FYI): users: USH02, USH04,
  profiles: USH10, auths USH12.
  R/3 Security Tcodes
  End User Transaction Code  Menu Path   Purpose
  SU3  System > User Profile> Own Data  Set address/defaults/parameters
  SU53  System > Utilities > Display Authorization Check  Display last authority check that failed
  SU56  Tools --> Administration --> Monitor --> User Buffer  Display user buffer
  Role Administration Transaction Code  Menu Path   Purpose
  PFCG
  Tools --> Administration --> User Maintenance --> Roles  Maintain roles using the Profile Generator
  PFUD   Work on SAP check indicators and field values
  Select: Copy SAP check IDu2019s and field values
  Installation
  1. Initial Customer Tables Fill
  Upgrade
  2a. Preparation: Compare with SAP values
  2b. Reconcile affected transactions
  2c. Roles to be checked
  2d. Display changed transaction codes
  SU24
  Same as for SU25:
  Select: Change Check Indicators > Maintain Check Indicators>Maintain 
  Regards,
  Srini Nookala

• Where to check whether the user is Admin  or developer?

  how to check whether the user is Admin or developer????? after he sign's in......I want to use role based login!!!!

  Login into a workspace or login into an application?
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.opal-consulting.de/training
  http://apex.oracle.com/pls/otn/f?p=31517:1
  -------------------------------------------------------------------

• How to manage and prevent database lock for database admin and development

  how to manage and prevent database lock for database admin and development
  [email protected]

  Hi,
  can someone advise me some good book or even better a PDF or a white paper on the Web where it's explained well how to design and manage a relational database (that is normal forms, tuning, design, implemantation...)?
  I've been working on Oracle databases for a few years as pl sql programmer, but I'd like to read something describing well the relational database theory, because I've been asked to work as database designer.There are many books available in the market, please go through this link -- http://www.amazon.com/gp/bestsellers/books/549646/ref=pd_ts_b_nav
  I've been told to read "Fundamentals of Database Systems" by Ramez Elmasri, but I ask here for some more advices.I would strongly recommend reading this book, it was my best reference during my college study and even after starting my DBA career.
  Thanks,
  Hussein

• EJB security supress in development and testing

  Hi,
  I'm not quite sure if its a right place for the post but it seems to me as a good one for a start. I think that my problem should be quite common and I'm really surprised that I can't find the answer :/, perhaps I search for a wrong thing, but let's get down to business :).
  I have JEE project which includes EJB module and enterprise client.
  EJB is secured, when I try to access its methods via the client I have to provide proper credentials and everything works perfetly well.
  However, during the developement cycle 2 issues may arise.
  1. It can be frustrating that each time I need to access (i.e every debug), secured method I have to provide user credentials.
  2. I don't know how programmaticaly provide credentials in order to make unit tests.
  So,
  is it possible to "supress security" during developement, so that no security checks are made ??
  Maybe there are different solutions ??
  Or my assumptions are wrong ??

  Thanks, the solution works :)
  If anyone has a same issue, I provide ejb-jar.xml.
  <?xml version="1.0" encoding="UTF-8"?>
  <ejb-jar xmlns = "http://java.sun.com/xml/ns/javaee"
  version = "3.0"
  xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
  <enterprise-beans>
  <session>
  <ejb-name>CartBean</ejb-name>
  <ejb-class>cart.secure.ejb.CartBean</ejb-class>
  </session>
  </enterprise-beans>
  <assembly-descriptor>
  <security-role>
  <role-name>kuku</role-name>
  </security-role>
  <method-permission>
  <unchecked></unchecked>
  <method>
  <ejb-name>CartBean</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  </assembly-descriptor>
  </ejb-jar>
  Only one thing, that bothers me remains, that is why I had to define the bean in the descriptor ??
  If I didn't put <enter ... than I go the following error:
  Deploying application in domain failed; Error loading deployment descriptors for module [cart-secure] -- Referencing error: This bundle has no bean of name [CartBean]

• ChaRM transport route, one development, 2 QA, 2 PRD system landscape

  Hello,
  We have a customer who has an ERP system with a transport route which is the following:
  One single Development system which feeds, 2 QA systems and then 2 PRD systems.
  We are to implement ChaRM and we want to customize the tickets so that every time you execute the import action of a transport request into QA (and later into PRD) both systems QA1 and QA2 are updated and later on with PR1 and PR2.
  We would like to know how to support this scenario in Solution Manager using ChaRM.  How do we set up the logical component at SAP, how we define the transport route and layers, and how we define the actions in the SDHF ticket.
  I appreciate your help.
  Regards
  Esteban

  Hello,
  We set up a testing environment for change request management. In a solution manager we created five clients.  One single development which feeds two quality systems, and final two production system.  As it was said in the thread we used transport groups in the transport route.  The development system feeds this transport group which feed to import queus in quality systems.  We tested this transport route and transports worked well and arrives into both production 1 and production 2 systems.
  Then created a logical component for that landscape, with five sytems.  Then we created a maintenance project using that logical component.  We created a maintenance cycle and then a task list was created which shows two delivery system, and the two productive  systems.  All the groups have the right actions.
  However when we created a SDHF correction the system creates the task list only for 3 systems, not for the five of them. 
  we see that only action groups are created for development, quality 1, and production 1.  No entries for quality 2 and production 2 
  We try to run the action which is in the general part of the task list to execute the import in multiple systems, it cames out with the correct selection of importing in quality 2 system because it is the transport group.  However an error is raised saying that the actions for  quality 2 are not there in the task list which is true.  Finally, as short term solution, we were able to import into quality 2 and later on pr1 but done manually in the stms transactions which is not what we want to do.
  Regards
  Esteban Hartzstein
  Edited by: Esteban Hartzstein on Aug 24, 2010 2:06 AM
  Edited by: Esteban Hartzstein on Aug 24, 2010 2:07 AM

• Risks of two development groups in the same system

  Hi,
  I need your help.
  I'm looking for a document about the risks having two development groups in the same system.
  The point is: An external party will come soon and start the implementation of a mini H2R in the same system as we (the internal team) are working for SD, MM, CO,... As the developments are cross-client, I'm asked to write a document explaining the risks in such cases like:
  conflicts: working on the same objects
  authorisations: each group should be assigned to different packages
  planning: the go-live should be at the same time
  transports: there can be conflicts on a transport-level
  If you have any documentation that can help me, please let me know.
  Kind regards, Gilles.

  I hope this is not considered a link farm:
  Potential conflicts between already released transports:
  Program to validate transport sequence
  Uwe Schieferstein's blog on "Dangerous Liaisons in User-Exits and How to Avoid Them":
  /people/uwe.schieferstein/blog/2008/11/11/dangerous-liaisons-in-user-exits-and-how-to-avoid-them
  Just two of many things to observe...
  Thomas

• How does my role as a SAP SECURITY ADMIN dfiffre frm upgrade n implementati

  hi Gurus ,
  i am new to this Security i just want to know how does my role as a security admin differ ..in a implementation project and in a upgrade project ........pls answer this ..............n can i get any doc abt the tables n the objects .............related to security .......................  any links or docs u can mail me at [email protected]
  thank you

  A few inputs from my end....
  Implementation --> starting from role naming conventions to role design,sod conflicts, master child relations and documentation.
  Upgrade --> If from 4.0 versions to higher versions then its something similar where we convert profiles to Roles and then redesign them to SOD conflicts..
  But in case of higher upgrades then the java component access and the segregation of duties for these components as well have to be considered...
  Hope it helps...
  Vbr,
  Sri
  Award points for helpful answers

• SQL Developer security

  Hello,
  Is it possible to "secure" the SQL Developer environment to allow end-users to do queries only? i.e. if an end-user has SQL Developer, potentially data can be modified, inserted, deleted, not to mention tables dropped or even the database.
  Thank you
  Cecilia

  They will have privileges to do whatever you've granted them. SQL Developer has nothing to do with it.

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• Role for SMARTFORMS tcode in DEV system?

  Hi all,
  I gave access for an ABAP Developer in QA and MIRROR system with a Z_ARCHITECT_MIRROR[Super role with access to all transactions] role.
  Whic is restricted in PROD system.
  There is a SAP role which contains access for SMARTFORMS tcode in PROD.
  As far as I know this is not possible in PROD system??
  Would like to know if there is a solution for this?
  Regards,
  Bharath.
  Edited by: SAP Learner on Apr 14, 2008 4:07 PM

  as long as your PRD system is locked against changes (tx. SCC4) there should not be a problem when the abaper can view smartforms.
  check the settings of your PRD-system (no changes allowed in SE06) and no customizing and repository changes allowed in client XXX in tx. SCC4 and you should be safe.

• Is there a way I can permanently disable the security lock thing in System Preferences?

  Aside from logging and using the root account on a daily basis, is there a way to permanently be rid of the security lock thing in System Preferences?
  Yosemite has a bug (?) where if an Admin account has its password set to blank (empty), you can't remove the security lock...
  You can click it, it'll ask for Username and Password (Why?), and when you click on 'Unlock', it unlocks for a brief moment and instantly locks itself again...
  This is beyond infuriating. Do advise.

  Thanks for taking the time to reply.  However I'm quite aware that the sleep/wake button disables the screen.  Unfortunately, mea maxima culpa, I sometimes accidentally hit shuttle before I've pressed the sleep/wake button, often when I am trying to do more than one thing at once.  Sometimes I accidentally hit shuffle at other times too,eg when waking up the phone. 
  This is especially exasperating when listening to classical pieces with multiple movements.  I will look for an alternative music player for the iphone, as I don't think the default music application and I are a good match.
  Thanks again,
  Tim Blackwell

• Security-role and security-role-assignment not working in WL7.0

  Hello all..
  Some EJB components that worked fine in WebLogic 6.1 no longer work in
  WL7.0. It has to do with the security-role and security-role-assignment
  descriptor elements no longer allowing anonymous users to be included in the
  authorization for a bean.
  For example, in WL6.1 placing these items in ejb-jar.xml:
  <assembly-descriptor>
  <security-role>
  <role-name>Employees</role-name>
  </security-role>
  <method-permission>
  <role-name>Employees</role-name>
  <method>
  <ejb-name>CustomerEJB</ejb-name>
  <method-name>*</method-name>
  </method>
  </method-permission>
  and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
  <security-role-assignment>
  <role-name>Employees</role-name>
  <principal-name>guest</principal-name>
  <principal-name>system</principal-name>
  </security-role-assignment>
  worked fine for clients creating their context using a simple
  InitialContext() constructor without specifying SECURITY_PRINCIPAL or
  SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
  the security-role-assignment element above told WebLogic that "guest" was in
  the Employees role for purposes of this EJB archive.
  Worked in WL6.1, no longer works in WL7.0. Client receives typical
  permission exception:
  java.rmi.AccessException: Security violation: insufficient permission to
  access method 'create'
  If I explicity connect as "system" things are fine, or I can create a new
  user in the default realm in WebLogic, put a matching <principal-name>
  element in the section above, and connect as that user. Note that if I leave
  off the <security-role> section completely, or set the required role name to
  "everyone", the anonymous access works fine. Apparently the anonymous user
  is a member of "everyone" behind the scenes even though "everyone" does not
  appear in the realm list of groups or roles.
  So, my question boils down to this: Is there a "magic" username in WL7 like
  "guest" was in WL6.1 that can be mapped to the required role name, or must
  every client connection use a true weblogic-created user with appropriate
  role assignments used to map it to the required role name.
  -Greg
  P.S. Note that none of the EJB examples provided with WL used
  <security-role>..
  Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
  www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

  Below are the screen shots for PFCG:

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.