BW authorization testing
Hello Experts,
Are there any procedures, testing steps needs to be followed for BW authorization testing. What would be the minimum items to be tested for the authorization.
Any suggestions appreciated.
Thanks,
BWer
Hi
It depends what you are testing (a role, a specific report etc).
1. I usually add a report to a role.
2. then I log in with a user type id and test the
report by selecting and drill down etc.
3. if I find auth errors I solve them usually by doing
an auth trace and fixing the role.
then I repeat from step 1.
Thanks Edan
Similar Messages
-
Hello BW Experts,
What testing strategies, plans can be done for BW authorizations before go-live. Any documentation or hints / links / pointers would be of a great help.
Are there any populars checks that needs to carried out.
Many thanks in advance,
BWerHi,
You need to have Authorization strategy in place explaing what are the type of Access that the user need. These can be as follow:
1. System administrator
2. End user ( who can execute only the reports/ workbook from a particular folder).
3. Is there any other Authorizations required based on Orgnization unit like Business units etc..
Based on these requirements one need to decide what are roles need to created and the user assignment .
Hope this helps.
Cheers,
Balaji -
Hi,
I am trying to establish RFC connection from 4.6c to ecc 6.0 R/3.
(1) I had created RFC connection and enter all the required parameters
(2) Test Connection is successful also it is possible to do remote logon.
(3) but in menu TEST->Authorization is failed.
(4) I had check with Authorization I have SAP_ALL in both system.
Please suggest me solution.
Regards,
AbhijitHi Abhijit,
that means the test is failed.
Just go into your RFC connection in SM59 and see what is the user name and once again right the password for the same and save your RFC.
The remote logon connection is successful when you will not see anything on the screen (i.e. no logon window).
Reward all useful answers.
Regards,
Atish -
Function Module to perform authorization and connect test for given RFC
Hello Experts,
I am working on request, which requires checking the RFC status.ie whether both Connection Test and Authorization test is OK for a given RFC.
Please help me in finding the function module for the above request.
Thanks in advance!!!!!!!
Thanks,
KarthikHi Karthik,
For connection test you can use RFC_PING as said by Thomas, for checking authorization using Uname/PWD etc use RFC_LOGIN.
My Bad - You cannot use RFC_LOGIN, you can try with RFC_LOGIN_INFO and check the parameter "RFC_LOGIN_COMPLETE".
Regards,
Chen
Edited by: Chen K V on Jun 3, 2011 2:16 PM
Edited by: Chen K V on Jun 3, 2011 2:23 PM -
Hi Gurus,
We are having problem with analysis authorizations for a particular query. The report is for the vendor balance, it has balance, cumulative balance as key figures and vendor as characteristics. We wanted to restrict the report by account group level. we have 4 account groups. The account group is a navigational attribute of creditor account group. account group [char] is auth relevant but the creditor account group [char] is not. so we gave respective auth group for accnt grp [char] but the query fails. The analysis log is follows, any help will be appreciated
Authorization Check
Detail Check for InfoProvider ZFIAP_S01
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Content in SQL Format
0ACCNT_GRPV
0TCAACTVT
0TCAACTVT = '03'
AND 0ACCNT_GRPV LIKE *
Characteristic Content in SQL Format
0ACCNT_GRPV I EQ :
I EQ ZCON
I EQ ZCOR
I EQ ZFRN
I EQ ZGAR
0TCAACTVT I CP *
Partially or Fully Authorized (Intersection) Characteristic Content in SQL Format
0ACCNT_GRPV
0TCAACTVT
NOT 0ACCNT_GRPV IN ('ZCON','ZCOR','ZFRN','ZGAR')
AND 0TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Content in SQL Format
0ACCNT_GRPV
0TCAACTVT
NOT 0ACCNT_GRPV IN ('ZCON','ZCOR','ZFRN','ZGAR')
AND 0TCAACTVT = '03'
Characteristic Content in SQL Format
0ACCNT_GRPV I EQ :
I EQ ZCON
I EQ ZCOR
I EQ ZFRN
I EQ ZGAR
0TCAACTVT I CP *
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
2596 ( ZFIAP_S01___F2 )
Authorization Check CompleteHi,
As per SAP Note 642072 (Authorization check on : for char./navigation attribute):
In new BI 7.x releases, the authorization logic has been enhanced and navigation attributes have the same status as 'normal' characteristics. An overlay of characteristic A and navigation attribute B__A no longer occurs. They are now treated as completely seperate objects.
As you said, account group (0ACCNT_GRPV) is a navigational attribute of creditor account group (say 0CREDITOR), so the characteristics here becomes 0CREDITOR__0ACCNT_GRPV. So you have to mark 0CREDITOR__0ACCNT_GRPV as auth relevant by tcode RSD1> go to 0CREDITOR> in attribute tab check 0ACCNT_GRPV as auth relevant and activate it.
As per the trace you posted, it seems currently its just checking for 0ACCNT_GRPV and not 0CREDITOR__0ACCNT_GRPV which is treated as separate entity in BI7.x versions.
Also, for restriction on navigational attributes, you need to create an authorization variable on your navigational attribute (i.e 0CREDITOR__0ACCNT_GRPV ) and make it input ready in your query. This will pull the user's authorized values and input them into the query. Also, maintain the desired authorized values for your navigation attribute (0CREDITOR__0ACCNT_GRPV) in the Analysis authorization assigned to the user. Leaving it blank or no values entered will make the query check for "*".
P.S (edited): Most importantly, the query should have a check on auth relevant characteristics (in your case 0CREDITOR__0ACCNT_GRPV) otherwise it is not possible to restrict the characteristics to specific values and BI will by default check for "*" and atleast ":" has to be added to the analysis authorization for successful execution of query but that does not serve the purpose as ":" shows aggregated data for all account groups. Please see note # 1140831
Hope this helps!
Sandipan
Edited by: Sandipan Choudhury on Mar 11, 2011 12:36 PM -
How to get Query Results based on Analysis Authorization Ranges????
Hi Experts,
I have gone through the lot of SDN Links, however not able to find the answer to my question.
I have an Authorization Issue, NO Authorization
Error : EYE 007 ( Insufficient Authorizations )
<b>Here is the issue:</b>
Need to see the complete query result when I gave the range in Analysis Authorization for Controlling Area 001-005. Controlling Area is auth relevant and right now a variable is inserted in the query for it. If I select Controlling Area 001, the result for Controlling Area 001 is displayed in query. If 002 then also displayed. If I do not enter anything, then I get the <b>Eye 007 error message</b>.
I am not sure how do I display/authorize the entire result in the query for all the Controlling Areas, I have authorized user to see??
<b>Its really urgent, please help..!</b>
Here are the logs:
Authorization Check Log
Date and Execution Time (Local Server)
Execution Date: 06.09.2007
Execution Time: 14:48:41
Executed Query: 0CCA_C11/GBCCA_MP01_Q0002_AP
Executed by User ZBI_TEST_001
Executed with Analysis Authorizations of Another User ZBI_TEST_001
InfoProvider Check
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider 0CCA_C11 with activity 03?
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
InfoProvider Check
Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider 0CCA_C11:
0CO_AREA
0TCAACTVT
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider :
List Is Empty:
There Are No Characteristics That Have to Be Checked in Detail
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
CO_AREA = '0003'
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Authorized
Subselection (SUBNR) Is Authorized
Authorization Check Complete
Authorization Check
Detail Check for InfoProvider 0CCA_C11
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
Subselection (Technical SUBNR) 1
Check Node Definitions and Value Authorizations...
Node- and Value Authorizations Are OK
End of Preprocessing
Filling the Buffer...
...Buffer Filled
Main Check:
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Partially or Fully Authorized (Intersection) Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Set
Characteristic Contents
0CO_AREA
0TCAACTVT
SQL Format:
( CO_AREA < '0001'
OR CO_AREA > '0005' )
AND TCAACTVT = '03'
Characteristic Contents
0CO_AREA I BT 0001 0005
0TCAACTVT I EQ 03
I EQ 16
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
184 ( 0CO_AREA )
Authorization Check CompleteHi,
Have you defined the vaule for 0CO_AREA as BT 001-005 in you Authorization for 0CO_AREA.Also how have you defined your Authorization Variable on the query? Have you define as select options or interval? I thing you need to define it as interval or select options.
Hope it helps,
Cheers,
Balaji -
Analysis Authorization problem (new BI auth concept)
Hi,
I am trying to implement a analysis authorization for controlling the sales organization characteristic.
I am working in a APO system.... when I set a * in the value list for the sales organization ..... I can select characteristic in demanding Planing without problem....
but when I create a whole list of all possible values (selecting from a pop up list) in the analysis authorization like this
I EQ 2000
I EQ 2001
I get a message :
You do not have authorization for all the
characteristic values selected
I will appreciate any idea
Thanks
FedeXHi,
I was able to trace the problem...and now I do not understand why I get as Result : "Not Authorized"
here the last part of that trace log:
Value selection partially authorized. Check of remainder at end
Following Set Is Checked
Contents
SQL Format:
NOT /BIC/YWSO_S
ORG IN ('#','0605','0624','0625','0707','0807','2000','2001','707','807',':')
AND TCAACTVT = '03'
Comparison with Following Authorized Set
Characteristic Contents
0TCAACTVT I CP *
I EQ #
I EQ 0605
I EQ 0624
I EQ 0625
I EQ 0707
I EQ 0807
I EQ 2000
I EQ 2001
I EQ 707
I EQ 807
I EQ :
Result
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
103 ( <charac name> )
Remaining Set
<no info in this column>
I really not identify any difference between the data in Following Set Is Checked and Comparison with Following Authorized Set
well if someone has some idea... I will appreciate it.
Thanks
FedeX
Edited by: FedeX on Apr 1, 2009 4:33 PM -
ISE Fail OPEN configuration/testing
Greetings,
We will be performing a live test of ISE Fail Open on our production system tomorrow night. When the policy nodes are all unavailable we want the switches to allow open access to all devices on all interfaces.
I have done some testing of this on an individual test switch by routing packets to the ISE policy nodes to null 0 to emulate a failure. It appears to be working well, but was hoping for more input from the community before my Live test tomorrow night.
First, I believe these to be the only commands needed to make this work correctly. Does anyone have any comment on this configuration? Am I missing anything? Do these timers seem OK? I'm wondering if the deadtime should be greater in case the nodes or the network connection are flapping?
Global Config:
radius-server dead-criteria time 5 tries 3
radius-server deadtime 5
dot1x critical eapol
Interface Config:
authentication event server dead action reinitialize vlan <normal data vlan>
authentication event server dead action authorize voice
authentication event server alive action reinitialize
Next, this is the behavior I am seeing after the policy nodes go down. Is this as it should be?
1. Absolutely nothing happens until an interface undergoes (re)authentication. All ports remain in current authentication/authorization state.
2. If an interface undergoes (re)authentication, the switch tries to reach one of the configured policy nodes. After 5 seconds there is a message the first node is dead. In another 5 seconds there is a mesage that the second node is dead.
3. After another ~20 seconds, the interface that was attempting (re)authentication goes into Critical Authorization:
TEST#sh auth sess int f1
Interface: FastEthernet1
MAC Address: 1234.5678.90ab
IP Address: Unknown
User-Name: UserName
Status: Authz Success
Domain: DATA
Oper host mode: multi-host
Oper control dir: in
Authorized By: Critical Auth
Vlan Policy: 2
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0A0A010B0000013D093F17CC
Acct Session ID: 0x0000072B
Handle: 0x5A00013E
Runnable methods list:
Method State
dot1x Authc Failed
mab Not run
Critical Authorization is in effect for domain(s) DATA
TEST#
All other interfaces remain in current mode, nothing on them changes so long as they don't attempt to (re)authenticate.
4. If another interface attempts to (re)authenticate, it goes into critical state immediately w/o trying to contact the dead policy nodes.
5. The switch will try every so often (every 5 minutes?) to reach the policy nodes. If one of them is up, all interfaces that were in critical state immediately transition to normal authc/authz modes. Normal timers apply, dot1x endpoints come up almost immediately, mab clients lose connectivity until dot1x times out.
To emulate a global fail for the organization, I plan to stop the ISE services on both of my policy nodes.
Thanks for any comments/insights/input.We appreciate the detailed scenario description, the question itself was very informative.
I used
authentication event server dead action authorize
critical VLAN=accessVLAN
instead of
authentication event server dead action reinitialize vlan -
NO Authorization .. EYE 007 -- Need inputs - still issue is there
Hi Experts,
i am very new to BI Authorization, can anyone help me to solve this issue..
<b>I have gone through the SDN Links,</b>
I have a Authorization Issue,<b> NO Authorization </b>
Error : <b>EYE 007 ( Insufficient Authorizations )</b>
I have follow this steps
An <b>Expert Guide</b> to New SAP BI Security Features <b>BY Marc Bernard</b>
I have followed all the steps which Marc Told..
<b>Steps 1 :-</b>
Define Authorization-Relevant Characteristics ( <b>0DIVISION</b> )
Note : I have 0Division values <b>1000 and 2000,</b> I want to restrict the user on <b>DEVISION = 1000.</b>
<b>Steps 2 :-</b>InfoObjects as authorization-relevant
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
<b>Steps 3 :-</b>Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
0DEVISION restricted with value 1000.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
<b>Steps 4 :-</b>
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZAUTH
S_RS_COPM with * and S_RS_COPM1 WITH *
<b>Steps 5 :-</b>
AND Assign this Role to User.
<b>Steps 6 :-</b> ERROR
When I execute the Report it is showing NO Authorization
Insufficient Authorization
EYE 007.
PLS Anyone can help me to resolve this Problem,
I need very Urgent,
Thanks = Points.
Regards,
JML
Message was edited by:
JMLI have followed the <b>David Roche</b> steps. But still I have the same problem.
The Steps I have given in my Role are
<b>S_RS_AUTH</b>
Here I have given my Authorization Analysis Object ( ZAUTH ) which I have created in RSECADMIN.
<b>S_RS_COMP</b>
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea *
InfoCube *
Name (ID) of a reporting compo *
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
<b>S_RS_COMP</b>
Activity Create or generate
InfoArea *
InfoCube *
Name (ID) of a reporting compo REP*
Type of a reporting component Query
<b>S_RS_COMP1</b>
Activity Display, Execute
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for *
<b>S_RS_COMP1</b>
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo *
Type of a reporting component All values
Owner (Person Responsible) for $USER
I have assigned <b>this Role to User A</b> and I logon with User A and execute the Query then it is showing the Error :- No Authorization.
As per the <b>Chetan Patel ( CP@...)</b>
RSECADMIN>Analysis>Error Log
<b>The Log is .</b>
<b>InfoProvider Check </b>
Building the Buffer...
...Buffer Built
Are there authorizations for accessing InfoProvider ZSD_CS01 with activity 03?
Authorization exists for general access to InfoProvider ZSD_CS01 with activity 03 ( it is showing with <b>Right Mark </b> )
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZSD_CS01:
0DIVISION
Authorization Check
Detail Check for InfoProvider ZSD_CS01
Preprocessing:
Selection Checked for Consistency, Preprocessed and Supplemented As Needed
End of Preprocessing
Filling the Buffer...
...Buffer Filled
<b>Main Check:</b>
Subselection (Technical SUBNR) 0
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0DIVISION
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0TCAACTVT
0DIVISION
SQL Format:
DIVISION = ':'
AND TCAACTVT = '03'
Characteristic Contents
<b>0TCAACTVT I EQ 03
0DIVISION I EQ IN</b>
<b>Not Authorized</b>
<b>All Authorizations Tested</b>
Message EYE007: You do not have sufficient authorization
<b>No Sufficient Authorization</b> for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
220 ( 0DIVISION )
Authorization Check Complete
Can any one help me to Resolve this issue,
<b>i need very argent</b> , we have GOLIVE ......
Regards,
JML. -
Authorization issue during Jump Query in BI
Hi,
We are facing an issue in BI system, whr user is trying to use and query and jump query [also called, report to report interface (RRI) ]
But user is getting authorization error while jumping from main query to the other query?
Could you please help on how to identify what authorization is missing?
Thanks,
Umesh CCharacteristic Content(in SQL Format)
0COMP_CODE
0CREDITOR
0TCAACTVT
( 0COMP_CODE < '0104'
OR 0COMP_CODE > '0105'
AND 0COMP_CODE < '0110'
OR 0COMP_CODE > '0111'
AND 0COMP_CODE < '0129'
OR 0COMP_CODE > '0130'
AND 0COMP_CODE < '0147'
OR 0COMP_CODE > '0149'
AND 0COMP_CODE < '0215'
OR 0COMP_CODE > '0216'
AND 0COMP_CODE < '0234'
OR 0COMP_CODE > '0235'
AND 0COMP_CODE < '0253'
OR 0COMP_CODE > '0254'
AND 0COMP_CODE < '0297'
OR 0COMP_CODE > '0298'
AND 0COMP_CODE < '0304'
OR 0COMP_CODE > '0305'
AND 0COMP_CODE < '0325'
OR 0COMP_CODE > '0331'
AND 0COMP_CODE < '0400'
OR 0COMP_CODE > '0401'
AND 0COMP_CODE < '0403'
OR 0COMP_CODE > '0405'
AND 0COMP_CODE < '0407'
OR 0COMP_CODE > '0408'
AND 0COMP_CODE < '0411'
OR 0COMP_CODE > '0412'
AND 0COMP_CODE < '0414'
OR 0COMP_CODE > '0415'
AND 0COMP_CODE < '0422'
OR 0COMP_CODE > '0424'
AND 0COMP_CODE < '0480'
OR 0COMP_CODE > '0481'
AND 0COMP_CODE < '0483'
OR 0COMP_CODE > '0485'
AND 0COMP_CODE < '0500'
OR 0COMP_CODE > '0503'
AND 0COMP_CODE < '0505'
OR 0COMP_CODE > '0508'
AND 0COMP_CODE < '0510'
OR 0COMP_CODE > '0513'
AND 0COMP_CODE < '0515'
OR 0COMP_CODE > '0516'
AND 0COMP_CODE < '0518'
OR 0COMP_CODE > '0523'
AND 0COMP_CODE < '0525'
OR 0COMP_CODE > '0526'
AND 0COMP_CODE < '0528'
OR 0COMP_CODE > '0529'
AND 0COMP_CODE < '0530'
OR 0COMP_CODE > '0532'
AND 0COMP_CODE < '0537'
OR 0COMP_CODE > '0538'
AND 0COMP_CODE < '0540'
OR 0COMP_CODE > '0545'
AND 0COMP_CODE < '0547'
OR 0COMP_CODE > '0548'
AND 0COMP_CODE < '0550'
OR 0COMP_CODE > '0551'
AND 0COMP_CODE < '0553'
OR 0COMP_CODE > '0555'
AND 0COMP_CODE < '0557'
OR 0COMP_CODE > '0558'
AND 0COMP_CODE < '0560'
OR 0COMP_CODE > '0561'
AND 0COMP_CODE < '0568'
OR 0COMP_CODE > '0569'
AND 0COMP_CODE < '0573'
OR 0COMP_CODE > '0577'
AND 0COMP_CODE < '0579'
OR 0COMP_CODE > '0582'
AND 0COMP_CODE < '0585'
OR 0COMP_CODE > '0586'
AND 0COMP_CODE < '0590'
OR 0COMP_CODE > '0594'
AND 0COMP_CODE < '0602'
OR 0COMP_CODE > '0603'
AND 0COMP_CODE < '0618'
OR 0COMP_CODE > '0626'
AND 0COMP_CODE < '0635'
OR 0COMP_CODE > '0637'
AND 0COMP_CODE < '0642'
OR 0COMP_CODE > '0644'
AND 0COMP_CODE < '0648'
OR 0COMP_CODE > '0649'
AND 0COMP_CODE < '0690'
OR 0COMP_CODE > '0691'
AND 0COMP_CODE < '0731'
OR 0COMP_CODE > '0733'
AND 0COMP_CODE < '0790'
OR 0COMP_CODE > '0791'
AND 0COMP_CODE < '0824'
OR 0COMP_CODE > '0825'
AND 0COMP_CODE < '0870'
OR 0COMP_CODE > '0871'
AND 0COMP_CODE < '0895'
OR 0COMP_CODE > '0896'
AND 0COMP_CODE < '0912'
OR 0COMP_CODE > '0913'
AND 0COMP_CODE < '0962'
OR 0COMP_CODE > '0963'
AND 0COMP_CODE < '1006'
OR 0COMP_CODE > '1007'
AND 0COMP_CODE < '1010'
OR 0COMP_CODE > '1011'
AND 0COMP_CODE < '1024'
OR 0COMP_CODE > '1029'
AND 0COMP_CODE < '1055'
OR 0COMP_CODE > '1056'
AND 0COMP_CODE < '1058'
OR 0COMP_CODE > '1061'
AND 0COMP_CODE < '1097'
OR 0COMP_CODE > '1100'
AND 0COMP_CODE < '1108'
OR 0COMP_CODE > '1109'
AND 0COMP_CODE < '1112'
OR 0COMP_CODE > '1124'
AND 0COMP_CODE < '1126'
OR 0COMP_CODE > '1136'
AND 0COMP_CODE < '1138'
OR 0COMP_CODE > '1139'
AND 0COMP_CODE < '1172'
OR 0COMP_CODE > '1175'
AND 0COMP_CODE < '1179'
OR 0COMP_CODE > '1181'
AND 0COMP_CODE < '1200'
OR 0COMP_CODE > '1224'
AND 0COMP_CODE < '1228'
OR 0COMP_CODE > '1229'
AND 0COMP_CODE < '1231'
OR 0COMP_CODE > '1234'
AND 0COMP_CODE < '1236'
OR 0COMP_CODE > '1237'
AND 0COMP_CODE < '1325'
OR 0COMP_CODE > '1326'
AND 0COMP_CODE < '1503'
OR 0COMP_CODE > '1504'
AND 0COMP_CODE < '1651'
OR 0COMP_CODE > '1663'
AND 0COMP_CODE < '1667'
OR 0COMP_CODE > '1675'
AND 0COMP_CODE < '1677'
OR 0COMP_CODE > '1683'
AND 0COMP_CODE < '1686'
OR 0COMP_CODE > '1688'
AND 0COMP_CODE < '1700'
OR 0COMP_CODE > '1704'
AND 0COMP_CODE < '1707'
OR 0COMP_CODE > '1720'
AND 0COMP_CODE < '1727'
OR 0COMP_CODE > '1731'
AND 0COMP_CODE < '1788'
OR 0COMP_CODE > '1796'
AND 0COMP_CODE < '1800'
OR 0COMP_CODE > '1801'
AND 0COMP_CODE < '1889'
OR 0COMP_CODE > '1895'
AND 0COMP_CODE < '1905'
OR 0COMP_CODE > '1906'
AND 0COMP_CODE < '1910'
OR 0COMP_CODE > '1912'
AND 0COMP_CODE < '1920'
OR 0COMP_CODE > '1926'
AND 0COMP_CODE < '1976'
OR 0COMP_CODE > '1977'
AND 0COMP_CODE < '2001'
OR 0COMP_CODE > '2003'
AND 0COMP_CODE < '2006'
OR 0COMP_CODE > '2019'
AND 0COMP_CODE < '2205'
OR 0COMP_CODE > '2208'
AND 0COMP_CODE < '2300'
OR 0COMP_CODE > '2307'
AND 0COMP_CODE < '2315'
OR 0COMP_CODE > '2325'
AND 0COMP_CODE < '2365'
OR 0COMP_CODE > '2366'
AND 0COMP_CODE < '2380'
OR 0COMP_CODE > '2381'
AND 0COMP_CODE < '2394'
OR 0COMP_CODE > '2395'
AND 0COMP_CODE < '2453'
OR 0COMP_CODE > '2454'
AND 0COMP_CODE < '2489'
OR 0COMP_CODE > '2493'
AND 0COMP_CODE < '2500'
OR 0COMP_CODE > '2505'
AND 0COMP_CODE < '2565'
OR 0COMP_CODE > '2566'
AND 0COMP_CODE < '5154'
OR 0COMP_CODE > '5155'
AND 0COMP_CODE < '5208'
OR 0COMP_CODE > '5210'
AND 0COMP_CODE < '5301'
OR 0COMP_CODE > '5302'
AND 0COMP_CODE < '5502'
OR 0COMP_CODE > '5503'
AND 0COMP_CODE < '5507'
OR 0COMP_CODE > '5508'
AND 0COMP_CODE < '5592'
OR 0COMP_CODE > '5593'
AND 0COMP_CODE < '5595'
OR 0COMP_CODE > '5596'
AND 0COMP_CODE < '5916'
OR 0COMP_CODE > '5917'
AND 0COMP_CODE < '5922'
OR 0COMP_CODE > '5923'
AND 0COMP_CODE < '5992'
OR 0COMP_CODE > '5993'
AND 0COMP_CODE < '6731'
OR 0COMP_CODE > '6732'
AND 0COMP_CODE < '7000'
OR 0COMP_CODE > '7001'
AND 0COMP_CODE < '7483'
OR 0COMP_CODE > '7484'
AND 0COMP_CODE < '8000'
OR 0COMP_CODE > '8004'
AND 0COMP_CODE < '8008'
OR 0COMP_CODE > '8009'
AND 0COMP_CODE < '8036'
OR 0COMP_CODE > '8042'
AND 0COMP_CODE < '8050'
OR 0COMP_CODE > '8051'
AND 0COMP_CODE < '8059'
OR 0COMP_CODE > '8060'
AND 0COMP_CODE < '8100'
OR 0COMP_CODE > '8102'
AND 0COMP_CODE < '8748'
OR 0COMP_CODE > '8750'
AND 0COMP_CODE < '9101'
OR 0COMP_CODE > '9124'
AND 0COMP_CODE < '9126'
OR 0COMP_CODE > '9131'
AND 0COMP_CODE < '9133'
OR 0COMP_CODE > '9148'
AND 0COMP_CODE < '9152'
OR 0COMP_CODE > '9167'
AND 0COMP_CODE < '9169'
OR 0COMP_CODE > '9170'
AND 0COMP_CODE < '9173'
OR 0COMP_CODE > '9178'
AND 0COMP_CODE < '9183'
OR 0COMP_CODE > '9186'
AND 0COMP_CODE < '9188'
OR 0COMP_CODE > '9199'
AND 0COMP_CODE < '9202'
OR 0COMP_CODE > '9204'
AND 0COMP_CODE < '9206'
OR 0COMP_CODE > '9222'
AND 0COMP_CODE < '9224'
OR 0COMP_CODE > '9225'
AND 0COMP_CODE < '9228'
OR 0COMP_CODE > '9230'
AND 0COMP_CODE < '9232'
OR 0COMP_CODE > '9237'
AND 0COMP_CODE < '9239'
OR 0COMP_CODE > '9262'
AND 0COMP_CODE < '9264'
OR 0COMP_CODE > '9269'
AND 0COMP_CODE < '9271'
OR 0COMP_CODE > '9274'
AND 0COMP_CODE < '9276'
OR 0COMP_CODE > '9288'
AND 0COMP_CODE < '9291'
OR 0COMP_CODE > '9311'
AND 0COMP_CODE < '9313'
OR 0COMP_CODE > '9314'
AND 0COMP_CODE < '9316'
OR 0COMP_CODE > '9339'
AND 0COMP_CODE < '9502'
OR 0COMP_CODE > '9503'
AND 0COMP_CODE < '9505'
OR 0COMP_CODE > '9508'
AND 0COMP_CODE < '9512'
OR 0COMP_CODE > '9515'
AND 0COMP_CODE < '9521'
OR 0COMP_CODE > '9523'
AND 0COMP_CODE < '9525'
OR 0COMP_CODE > '9526'
AND 0COMP_CODE < '9529'
OR 0COMP_CODE > '9531'
AND 0COMP_CODE < '9540'
OR 0COMP_CODE > '9541'
AND 0COMP_CODE < '9543'
OR 0COMP_CODE > '9545'
AND 0COMP_CODE < '9550'
OR 0COMP_CODE > '9551'
AND 0COMP_CODE < '9557'
OR 0COMP_CODE > '9558'
AND 0COMP_CODE < '9565'
OR 0COMP_CODE > '9566'
AND 0COMP_CODE < '9568'
OR 0COMP_CODE > '9570'
AND 0COMP_CODE < '9585'
OR 0COMP_CODE > '9587'
AND 0COMP_CODE < '9592'
OR 0COMP_CODE > '9596'
AND 0COMP_CODE < '9610'
OR 0COMP_CODE > '9612'
AND 0COMP_CODE < '9618'
OR 0COMP_CODE > '9619'
AND 0COMP_CODE < '9688'
OR 0COMP_CODE > '9689'
AND 0COMP_CODE < '9790'
OR 0COMP_CODE > '9791'
AND 0COMP_CODE < '9916'
OR 0COMP_CODE > '9917'
AND 0COMP_CODE < '9922'
OR 0COMP_CODE > '9923'
AND 0COMP_CODE < '9992'
OR 0COMP_CODE > '9993' )
AND NOT 0COMP_CODE IN ('#','0001','0100','0107','0120','0126','0138','0145','0152','0171','0175','0180','0181','0188','0195','0197','0200','0206','0213','0221','0229','0232','0240','0244','0247','0257','0261','0263','0265','0267','0280','0285','0290','031
AND ( 0CREDIT
OR = '#'
OR 0CREDIT
OR BETWEEN '#'
AND '0000199999'
OR 0CREDIT
OR BETWEEN '0000300000'
AND '9999999999' )
AND 0TCAACTVT = '03'
Characteristic Content(in SQL Format)
0COMP_CODE I BT 0104 0105
I BT 0110 0111
I BT 0129 0130
I BT 0147 0149
I BT 0215 0216
I BT 0234 0235
I BT 0253 0254
I BT 0297 0298
I BT 0304 0305
I BT 0325 0331
I BT 0400 0401
I BT 0403 0405
I BT 0407 0408
I BT 0411 0412
I BT 0414 0415
I BT 0422 0424
I BT 0480 0481
I BT 0483 0485
I BT 0500 0503
I BT 0505 0508
I BT 0510 0513
I BT 0515 0516
I BT 0518 0523
I BT 0525 0526
I BT 0528 0529
I BT 0530 0532
I BT 0537 0538
I BT 0540 0545
I BT 0547 0548
I BT 0550 0551
I BT 0553 0555
I BT 0557 0558
I BT 0560 0561
I BT 0568 0569
I BT 0573 0577
I BT 0579 0582
I BT 0585 0586
I BT 0590 0594
I BT 0602 0603
I BT 0618 0626
I BT 0635 0637
I BT 0642 0644
I BT 0648 0649
I BT 0690 0691
I BT 0731 0733
I BT 0790 0791
I BT 0824 0825
I BT 0870 0871
I BT 0895 0896
I BT 0912 0913
I BT 0962 0963
I BT 1006 1007
I BT 1010 1011
I BT 1024 1029
I BT 1055 1056
I BT 1058 1061
I BT 1097 1100
I BT 1108 1109
I BT 1112 1124
I BT 1126 1136
I BT 1138 1139
I BT 1172 1175
I BT 1179 1181
I BT 1200 1224
I BT 1228 1229
I BT 1231 1234
I BT 1236 1237
I BT 1325 1326
I BT 1503 1504
I BT 1651 1663
I BT 1667 1675
I BT 1677 1683
I BT 1686 1688
I BT 1700 1704
I BT 1707 1720
I BT 1727 1731
I BT 1788 1796
I BT 1800 1801
I BT 1889 1895
I BT 1905 1906
I BT 1910 1912
I BT 1920 1926
I BT 1976 1977
I BT 2001 2003
I BT 2006 2019
I BT 2205 2208
I BT 2300 2307
I BT 2315 2325
I BT 2365 2366
I BT 2380 2381
I BT 2394 2395
I BT 2453 2454
I BT 2489 2493
I BT 2500 2505
I BT 2565 2566
I BT 5154 5155
I BT 5208 5210
I BT 5301 5302
I BT 5502 5503
I BT 5507 5508
I BT 5592 5593
I BT 5595 5596
I BT 5916 5917
I BT 5922 5923
I BT 5992 5993
I BT 6731 6732
I BT 7000 7001
I BT 7483 7484
I BT 8000 8004
I BT 8008 8009
I BT 8036 8042
I BT 8050 8051
I BT 8059 8060
I BT 8100 8102
I BT 8748 8750
I BT 9101 9124
I BT 9126 9131
I BT 9133 9148
I BT 9152 9167
I BT 9169 9170
I BT 9173 9178
I BT 9183 9186
I BT 9188 9199
I BT 9202 9204
I BT 9206 9222
I BT 9224 9225
I BT 9228 9230
I BT 9232 9237
I BT 9239 9262
I BT 9264 9269
I BT 9271 9274
I BT 9276 9288
I BT 9291 9311
I BT 9313 9314
I BT 9316 9339
I BT 9502 9503
I BT 9505 9508
I BT 9512 9515
I BT 9521 9523
I BT 9525 9526
I BT 9529 9531
I BT 9540 9541
I BT 9543 9545
I BT 9550 9551
I BT 9557 9558
I BT 9565 9566
I BT 9568 9570
I BT 9585 9587
I BT 9592 9596
I BT 9610 9612
I BT 9618 9619
I BT 9688 9689
I BT 9790 9791
I BT 9916 9917
I BT 9922 9923
I BT 9992 9993
I EQ #
I EQ 0001
I EQ 0100
I EQ 0107
I EQ 0120
I EQ 0126
I EQ 0138
I EQ 0145
I EQ 0152
I EQ 0171
I EQ 0175
I EQ 0180
I EQ 0181
I EQ 0188
I EQ 0195
I EQ 0197
I EQ 0200
I EQ 0206
I EQ 0213
I EQ 0221
I EQ 0229
I EQ 0232
I EQ 0240
I EQ 0244
I EQ 0247
I EQ 0257
I EQ 0261
I EQ 0263
I EQ 0265
I EQ 0267
I EQ 0280
I EQ 0285
I EQ 0290
I EQ 0319
I EQ 0323
I EQ 0335
I EQ 0362
I EQ 0431
I EQ 0439
I EQ 0447
I EQ 0467
I EQ 0472
I EQ 0487
I EQ 0534
I EQ 0564
I EQ 0588
I EQ 0597
I EQ 0600
I EQ 0605
I EQ 0610
I EQ 0613
I EQ 0617
I EQ 0630
I EQ 0632
I EQ 0639
I EQ 0646
I EQ 0647
I EQ 0650
I EQ 0651
I EQ 0652
I EQ 0653
I EQ 0654
I EQ 0655
I EQ 0656
I EQ 0658
I EQ 0659
I EQ 0660
I EQ 0661
I EQ 0665
I EQ 0666
I EQ 0668
I EQ 0669
I EQ 0670
I EQ 0671
I EQ 0672
I EQ 0673
I EQ 0677
I EQ 0681
I EQ 0684
I EQ 0686
I EQ 0694
I EQ 0697
I EQ 0703
I EQ 0705
I EQ 0710
I EQ 0718
I EQ 0722
I EQ 0737
I EQ 0747
I EQ 0752
I EQ 0753
I EQ 0754
I EQ 0755
I EQ 0756
I EQ 0757
I EQ 0758
I EQ 0759
I EQ 0760
I EQ 0761
I EQ 0782
I EQ 0797
I EQ 0808
I EQ 0810
I EQ 0816
I EQ 0819
I EQ 0827
I EQ 0834
I EQ 0835
I EQ 0836
I EQ 0837
I EQ 0840
I EQ 0849
I EQ 0860
I EQ 0864
I EQ 0865
I EQ 0868
I EQ 0907
I EQ 0928
I EQ 0935
I EQ 0946
I EQ 0959
I EQ 0965
I EQ 0977
I EQ 0990
I EQ 1000
I EQ 1013
I EQ 1015
I EQ 1020
I EQ 1044
I EQ 1046
I EQ 1050
I EQ 1052
I EQ 1067
I EQ 1069
I EQ 1074
I EQ 1085
I EQ 1087
I EQ 1089
I EQ 1092
I EQ 1102
I EQ 1103
I EQ 1105
I EQ 1106
I EQ 1141
I EQ 1166
I EQ 1170
I EQ 1184
I EQ 1187
I EQ 1239
I EQ 1314
I EQ 1402
I EQ 1562
I EQ 1597
I EQ 1689
I EQ 1690
I EQ 1691
I EQ 1692
I EQ 1693
I EQ 1694
I EQ 1695
I EQ 1696
I EQ 1705
I EQ 1706
I EQ 1725
I EQ 1733
I EQ 1745
I EQ 1751
I EQ 1754
I EQ 1803
I EQ 1819
I EQ 1887
I EQ 2005
I EQ 2185
I EQ 2201
I EQ 2330
I EQ 2332
I EQ 2339
I EQ 2354
I EQ 2368
I EQ 2372
I EQ 2397
I EQ 2437
I EQ 2439
I EQ 2458
I EQ 2512
I EQ 2613
I EQ 2800
I EQ 2801
I EQ 2802
I EQ 2803
I EQ 2805
I EQ 4528
I EQ 5106
I EQ 5110
I EQ 5130
I EQ 5183
I EQ 5185
I EQ 5189
I EQ 5196
I EQ 5203
I EQ 5212
I EQ 5230
I EQ 5240
I EQ 5242
I EQ 5244
I EQ 5265
I EQ 5269
I EQ 5273
I EQ 5276
I EQ 5286
I EQ 5292
I EQ 5306
I EQ 5413
I EQ 5425
I EQ 5427
I EQ 5510
I EQ 5513
I EQ 5523
I EQ 5543
I EQ 5551
I EQ 5565
I EQ 5572
I EQ 5576
I EQ 5587
I EQ 5926
I EQ 5930
I EQ 6737
I EQ 6747
I EQ 6982
I EQ 7481
I EQ 7749
I EQ 8006
I EQ 8007
I EQ 8200
I EQ 8579
I EQ 8644
I EQ 8655
I EQ 8739
I EQ 8765
I EQ 8766
I EQ 8767
I EQ 8821
I EQ 8823
I EQ 8923
I EQ 8925
I EQ 9050
I EQ 9051
I EQ 9055
I EQ 9180
I EQ 9347
I EQ 9351
I EQ 9354
I EQ 9360
I EQ 9361
I EQ 9364
I EQ 9413
I EQ 9425
I EQ 9427
I EQ 9489
I EQ 9500
I EQ 9510
I EQ 9518
I EQ 9533
I EQ 9536
I EQ 9548
I EQ 9554
I EQ 9561
I EQ 9572
I EQ 9574
I EQ 9576
I EQ 9581
I EQ 9601
I EQ 9604
I EQ 9606
I EQ 9616
I EQ 9634
I EQ 9675
I EQ 9683
I EQ 9699
I EQ 9707
I EQ 9722
I EQ 9741
I EQ 9890
I EQ 9926
I EQ 9930
I EQ 9976
I EQ 9982
I EQ 9999
I EQ :
I EQ AT01
I EQ AU01
I EQ BE01
I EQ CA01
I EQ CH01
I EQ DE01
I EQ DK01
I EQ ES01
I EQ FR01
I EQ GB01
I EQ HU01
I EQ IT01
I EQ JP01
I EQ NL01
I EQ NO01
I EQ SE01
I EQ SG01
I EQ TEMP
I EQ TMPN
I EQ US01
I EQ ZA01
0CREDITOR I BT 0000000000 0000199999
I BT 0000300000 9999999999
I EQ #
I EQ :
0TCAACTVT I EQ 03
Not Authorized Selection is not authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR) -
ACS Express radius authentication AD authorization
I work at a University and for some reason we have multiple systems for authentication and authorization. That being said I am trying to use radius to do authentication and AD for authorization for VPNs. I have the radius authentication working against our radius server. I have my ACS express setup to join the AD domain and everything looks good there. I setup the AD server as a radius object in AAA server groups on my ASA. Then I add the server below in the servers in selected groups window. I put all the info in there and when I hit test I click authorization and put in the username that I know is in the domain group I have associated with this on the ACS. The test fails and with authorization failed with invalid password. When I look at the logs on the ACS I see
01/06/2011 20:14:26 acsxp/server Warning Server 0 AD Agent Plain Text Authentication Failed for user: username@domain
01/06/2011 20:14:26 acsxp/server Warning Server 0 Authentication for user username failed for reason = 0
01/06/2011 20:14:26 acsxp/server Error Protocol 0 Request from 172.20.5.2: User username rejected . by RemoteServer: AD (InvalidPassword).
Username and domain are correct I just edited them for posting. It seems like it is trying to authenticate rather than authorize. All I want it to do is say yes the user is in this group or no the user is not in this group? You can't even fill in the password when testing authorization? Maybe I have something setup wrong on the ACS side but when I look at AD under users and identity stores, it says it is joined to the domain. When I do AD domain diagnostics under troubleshooting everything looks good. I have the ASA I am testing from defined as a device and in the ASA device group. Under access services in Radius access services I have one service that I setup that connects to the AD and it found the group so I know it is connecting. Any idea what I am doing wrong or where to look?
Any help would be GREATLY appreciated!
Thanks
JoeHi Joe,
We could take a deeper look at what is happening through some logs and debugs:
1. On ACS Express, under
Reports & Troubleshooting > Troubleshooting > Server Logs
please set the Express Server Trace Level to 5 and the Web Server Trace Level to 4.
Also, for the Log Level under OS Logging, please set its value to "Debug".
If previous old logs are not essential to you, you may also wanna delete all the log files first, so that we capture logs for the last day only.
2. On the ASA, please enable the following debugs
debug aaa authentication
debug aaa authorization
debug radius
3. Then please first recreate a successful authentication attempt, and then recreate the authorization test issue with the same user account for which you tested the successful authentication.
4. After the issue is recreated, please attach the debugs from the ASA and following files from the ACS Server Logs:
acsxp_adagent.log
acsxp_agent_server.log
acsxp_mcd.log
acsxp_server.log
acsxp_server_trace.log
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
User |TMSADM has no RFC authorization for function group SYST
Hi All,
When we release any transports we are getting the above error, this is basically due to the fact that implificaiton of complex password parameters, to supress this we had followed the note 761637.
I had regenerated RFCs and reset TMS user, but still no use any ideas?
This is definely not the issue with Authorization as user TMSADM has right profiles.
Reg,
VVPatch Downloader wrote:Patch Downloader wrote:>
> ... when I reset my TMSADM user though it says it was reset, but SU01 for TMSAMD user is intact , it did not change the user type to SYSTEM, it kept as it was before Communication data.
Then the reset is not working (which would be consistent with the note). You can administrate the connections (SM59) and user (SU01) manually now. Try to change the user type in SU01.
>
> I did not get the user to test the release , but I am checking in the RFC connection for this RFS desitnatation and it failes with same error.
You stated before that releasing the transport was failing, not the authorization test in SM59.
Note that default system settings for the "Connection Test" only verifies that there are no network gremlins between the servers and the RFC settings, it does not verify that the logon was successfull. The "Authorization Test" on the other hand verifies the authentication was successfull and the authorization to perform the RFC call was checked and successfull.
Most likely, the problem is caused either by the user type AND / OR the password is in fact not correct (or is arriving incorrectly - See SAP Note 1023437).
Some other suggestions:
- Check ST22 to see whether more details are available on the error (check source and target destination).
- Check whether the user doing the release is missing an authorization to use the TMS.
- Check the value of your system profile parameters auth/rfc_authority_check and rfc/reject_expired_password?
Cheers,
Julius -
BPS You have no authorization for the requested data
We are implementing Hierarchy node based security for our BPS.
When the user tries to display the planning layout, they get the error message "You have no authorization for the requested data "
I have given authorization to the relavant Infocubes, also checked the all the Authorization Relavant Info Objects and added theses Info Object to the custom authorization created in RSECADMIN.
Also added the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID to the custom authorization.
In pfcg, this authorization has been added to S_RS_AUTH. I have also given activity 02, 03, 16 values and a * to planning areas, functions, packages, groups, levels, folders, ... to the objects R_AREA
R_BUNDLE
R_METHOD
R_PACKAGE
R_PARAM
R_PLEVEL
R_PM_NAME
R_PROFILE
But still we get the same error.
Has anyone encountered this problem? Can you please provide me some clues to resolve this issueThank you very much Grevaz, but that template does not help.
I did run both ST01 trace and BI RSECADMIN trace. RSECADMIN Trace shows the below authorization failure
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
No Check for Aggregation Authorization Required
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR BETWEEN '4012001000'
AND '4012001999'
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Partially Authorized (Average) Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Value selection partially authorized. Check of remainder at end
Following Set Is Checked Comparison with Following Authorized Set Result Remaining Quantity
Characteristic Contents
0FUNDS_CTR
0TCAACTVT
SQL Format:
FUNDS_CTR > '4012001000'
AND FUNDS_CTR <= '4012001999'
AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
AND TCAACTVT = '03'
Characteristic Contents
0FUNDS_CTR Node 1 I EQ #
I EQ :
0TCAACTVT I EQ 02
I EQ 03
Not Authorized
All Authorizations Tested
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
206 ( 0FUNDS_CTR )
Authorization Check Complete
We have created custom authorization and trying to restrict based on hierarchy node.
One point I observed is, when I give access to all nodes with a wildcard * in the custom authorization, then the error disappears and the layout is visble. But our point here is to try to restrict based on the nodes and we cannot give display access to all nodes. -
CUA - Creating a test user with profile
Hi All,
I just set up the CUA in our newly installed solution manager which is the central system and another sandbox system with three clients as the child systems.
I referred to the follwoing for the setup:
http://help.sap.com/saphelp_nw2004s/helpdata/en/cc/50b43be7492354e10000000a114084/frameset.htm
One of the tests for checking the setup is to create a test user with profiles in the central system and distribute it to the child systems. I did the text comparision and saved the user; i still cannot see the user in the child systems.
I checked SCUL and BD87. SCUL shows me grey. BD87 do not show any IDOC that were transferred.
Could anyone help/direct me in fixing this.
Thanks
ShabnaHi,
To make the test simpler I tried it again sending the test user to only one of the child systems. The RFCs between the systems are working fine. I checked /BD64, it shows the whole set up.
When I check /BD87 of the central system I see the following error:
"Could not find code page for receiveing system".
Diagnosis
For the logical destination XXXCLNTXXX, you want to determine the code page in which the data is sent with RFC. However, this is not currently possible, and the IDoc cannot yet be dispatched.
Procedure for System Administration
Possible causes are:
1. The entry no longer exists in the table of logical destinations.
2. The target system could not be accessed.
3. The logon language is not installed in the target system.
I can see the central system as well as the child systems in the logical systems table. And the RFC destination does note shown any errors in the connection as well as authorization test. What else do I check?
Thanks
Shabna -
Authorizations....Sales organization level
Hi all
I want to create the authorizations for the sales organization level. I have made the Sales Organization Object authorization relevant. After that i created an authorization object based on the Sales org object. I created a roles and created a profile based on the authorization object which i created. i assigned the role to the user.
Now when i execute my query in web it is saying that
'No Authorization (Or Everything is Filtered Out)'
On the top of the query execution it is giving me a message as
'You do not have authorizations for component 0CRM_OPMO_Q001'
Now i would like to know, when we create profile in the role, do we need to add any other authorization objects apart from the one which we created. If so, what options do i need to give.
And second when we create a test user for the authorizations testing, what roles we need to give him, one would be the one which we generated. And what are the other roles the user will have.
Please help
answers would be rewarded
regards
vijaykumarIf sounds like you have another authorization object
"checked" on the infocube/ODS.
To check this, you have two options.
(1)RSSMQ, with the user id. Execute the query, then back up (using the green arrow). One page on the back up operation with give you what authorization objects are checked.
(2) Go to transaction: RSSM and enter the infoprovider. Uncheck the authorizations you don't want to have verified.
Also, you on the variable for the authorization object (query) you must enter a value here if you do not have an "*" object.
Cheers!
/smw
Maybe you are looking for
-
My pictures are not showing up in CS4
I have a Canon 40D and CS4. I have had both for well over 6 months and everything worked great. Then 2 days ago my CS4 started acting up. Everytime I opened it, it would open then close right back down. I called a computer guy and he came right out.
-
Device swamped on SG300 switch
Hi, I have a recently purchased 28 port SG300 switch. Everything is working well. Unfortunately there is so much traffic flying around that a 10MB half duplex device is struggling to function as it is overloaded. Removing some of the sources of traff
-
Canon iRC2380i with Mac OS 10.6.3
Hi all, Our office has a number of iMacs running OS 10.6.1 that can print to our Canon iRC2380i using the UFR II driver, but we recently bought a number of new iMacs running 10.6.2 and lost the ability to print (Error -170). Does anyone know if and h
-
URGENT! Where is IMAP portlet "Edit Defaults" link????
Hi all, I've deployed PDK(January). Registered the imap portlet to portal and add a portlet to a newly created page. It iis written in documentation that there is a "Edit Defaults" page to enter server information (other than customization link to en
-
Connectivity of internet on sim2
I have bought Nokia 110. When i operate/run internet on mobile broswer or other broswer on mobile i can easily operate/run internet using sim1 or sim2. But when i connect my mobile to computer it and start the dialing it only connect of sim1. I have