Centralize/De-Centralize using Trusted connections
Hi experts,
I have a question regarding Trusted Connections for Centralized GRC implementation. According to some of the SAP guidelines we are using trusted connections (Note: 1701047 and several others). Now the problem that this is creating is that if I use trusted connections for all Connection Settings (AUTH, PROV, ROLMG and SUPMG) then all users need to be created locally (GRC) and in the target system. We have played with the config for S_RFCACL but independent of what we do since is trusted we haven’t found a way to bypass the user creation everywhere. Later we try just having 2 connections (one trusted and another non trusted) for each system but this is creating duplicate values (every data element on trusted and non-trusted version). Is there a way to go around this?
Did you read the file SSLNOTES.txt included with JavaMail?
If you're connecting to a server with a self-signed certificate, you'll need to
load that certificate into your trust store, or you'll need to provide your own
trust manager. The InstallCert program, referenced from the JavaMail FAQ,
might help.
Similar Messages
-
Hide a company to a windows group connect with trusted connection
I mean, how can I do, to create two groups in the windows active directory, and do users member of the first group and other to the second groups.
Now, when a user from the first group connect with client sap b1 with trusted connections doesn't see all companies (databases) but only those that I decide. The same thinks with the second group.
I don't want to use the 'sa' connections, because in the sap b1 8.8 the connections will be on server.Not sure if understood correctly.
If you want to assign to each user only specific companies and you are using trusted connection to sql, you may modify
tmsp_getcomplist stored procedure in sbo_common for example as
USE [SBO-COMMON]
GO
/****** Object: StoredProcedure [dbo].[TmSp_GetCompList] Script Date: 09/04/2009 10:01:56 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER proc [dbo].[TmSp_GetCompList]
--With Encryption
as
begin
set nocount on
declare @comps int
set @comps = 0
select @comps = count(1) from SRGC
if (@comps <= 0)
begin
exec TmSp_RefreshCompList
end
declare @user as nvarchar(100)
SELECT @user = SYSTEM_USER
select * from SRGC
where dbUser = convert(varchar(50), CURRENT_USER)
and
(@user <> 'John' or (@user = 'John' and dbname = 'Demo') )
end
User John in this example will wee only demo company and the rest users will see all companies. Hope it helps. -
BPMON Alerts Detail Info - how to switch to use TRUSTED RFC ?
Hello Experts,
we have configured BPMON for our customer and it works fine, alerts are flowing in.
Now the users start using it and they complain about having a logon prompt popup every time the hit "Detail info" button to jump into satellite system to see alert details. It's very annoying when they need to check many alerts simultaneously.
So I investigated and found that the function is using LOGIN type RFC for the logon and it seems that SAP designed it to work this way, as SAP's own DEMO shows same thing.
Question: Is there a legitimate way to make BPMON function use TRUSTED RFC to show alert details instead of LOGIN RFC ?
By "legitimate" I mean, I know the LOGIN RFC can be "adjusted" to behave like TRUSTED, but that is not "legal" fix especially in production.
Appreciate any comments.
Thanks
ElenaHi Elena
I assume you are using Login RFC in SolMan setup.
If you switch current RFC to Trusted RFC, if the user has Trusted RFC profile and same user exist in both system, user can use trusted connection.
Please go to transaction SolMan setup, and side bar menu managed system configuration and open managed config screen to target system. In the 3 rd step of the wizard, there is a place to configure RFC.
In case if BPMon, Read RFC is used for data collection(as of SAP TMW is used instead of READ).
And then there are 3 RFC TMW, Trusted and last one(RFC for Solution manager).
When you press the detail info button, last RFC is used. To this RFC type, you can assign RFC Login( this will ask login screen by default) or Trused RFC. I think you assin RFC login right now. That's why you have popup.
If you switch this to Trused one, Trused RFC is used.
Best Regards
Keiji -
Trusted Connections in 8.8 PL16
Hi,
I have upgraded a site to PL16 and am trying to cinfigure to use trusted connections. The SQL Sever & the license server are on separate boxes
The site's IT provider have created a user code for us which has "log on as a service" rights and is a member of the user group that has DB Owner rights to the SAP databases and SBO-Common.
The License server will not accept the user with the message User credentials are not valid. Can anyone help with the minimum requirements for thos user in order to get it configured?
They are currently unable to use any lauots as these are all set up to use trusted & I don't want to have to edit them all!
ThanksHi,
you may try to apply the solution from this link:
http://www.sqldev.org/sql-server-data-access/integrated-securitywindows-authentication-does-not-work-in-windows-7-vista-59375.shtml
JimM -
8.8 Connection Settings & Trusted Connections
Hi,
Has anyone managed to get 8.8 to use trusted connections from clients rather than a database user?
I have a customer who has two databases, and two groups of users, one that can access one database & one that can access the other, with a few users accessing both.
This has previously been managed using user groups.
We are now having issues as we cannot seem to get anything to save in the Trusted Connections username & password.
Ideally we would like to specify user groups.
I have seen a couple of related threads, but not found anyone who has a resolution?
ThanksYou're welcome Julie.
To know how to use SQL server authentication, pls read the solution in the note 677884. let me know if you can't open the note.
if you use trusted connection:
SQL Server will use WindowsAuthentication to validate your access to the SQL server instance. Depending
on how you are connecting you may use the Trusted_Connection or Integrated Security options in the connection string. It does not mean that you will have permissions to connect or permissions on any securables (although by default local administrators will be allocated System Administrator privileges). These will still need to be granted either directly or indirecty (e.g through a role or windows security group) to that user.
the sa user id login properties can use windows authentication or sql server authentication.
You may check these links to find out the differences between windows authentication and sql server authentication:
http://databases.about.com/od/sqlserver/a/authentication.htm
http://database.ittoolbox.com/documents/windows-authentication-vs-sql-server-authentication-18609
You could to try to create new login id in SQL server 2008 and select windows authentication. you will succeed to create if you have created valid window credential e.g. sboserver\julie_j. you use this new sql login id in the connection strings of license manager.
if the workstation user have had valid window credential to login to the sboserver, then the user is able to run SBO.
JimM -
Trusted Connection Problem while creating a project in MDM WD Confg.Manager
Hi Experts,
We have the Netweaver instance (CE7.2) and MDM instance (MDM7.1SP07) installed in the same machine.
In our current scenario we are trying to create a projects in the MDM WD Configuration Manager for displaying the MDM records.
Things Done:-
1) Created allow.ip file and added the IP address of the server and also added the IP address of the Local Host (127.0.0.1).
2) Same user exists in the Netweaver and as well as in the MDM repository with same case.
3) Created a necessary MDM Destination.
4) After adding the entry in the allow.ip file, i have restarted the MDM server too.
Now when i create a project in the Config. Manager, after selecting the MDM destination i get a Trusted Connection error.
Cannot retrieve language list from repository [null] on server [null]. UserConnectionException: Can not connect with UserSessionContext to repository 'Inbox' on the server 'ctsinsapnw7'., Can not connect with UserSessionContext to repository 'Inbox' on the server 10.239.31.178'., Can not resolve JCA connection. Cause exception: Connection Failed: Cannot create JCA connection. Cause exception: Failed to create trusted connection to MDM server '10.239.31.178' for user 'mdmuser' because server is not defined as trusted, error code: ConnectionNotTrusted, com.sap.mdm.internal.protocol.manual.ServerException: The connection is not trusted
Is there anything to be done. Any help on resolving this will be very much appreciated.
Regards,
Prasanna Kumar R YPlease make sure of below things...
1. Location of allow.ip file.
Default location is exe folder where your MDM server executable are available.
2. If not using default location,
Then check the entry of 'TrustedFiles Dir" property in mds.ini file.
3. Is server stops completely?
Its very important to restart the server.
Sometime console may show that the server is stopped but server might be running.
If possible please check whether server stopped, using Console on different machines.
4. Check the log of MDM server while starting and stopping the MDM server.
Please pest the log messages in this thread to help you better. -
How to display RFC-Logon-Screen for non trusted connection in Web-Dynpro?
Dear Web-Dynpro-Specialists,
i got a issue while creation of an WebDynpro-Tool, which is using RFC connections for reading data.
In some cases the RFC connection is not a trusted one connection, so a login is nessessary, but in
this cases not a window is coming up for login....
Any idea how i can get this window for login, in order to collect the nessessary Data for my tool?
Additional Information concerning the RFC connection:
While running my Web-Dynpro i run this Method:
METHOD get_table_entries.
CLEAR rt_entries[].
CALL FUNCTION 'RFC_GET_TABLE_ENTRIES'
DESTINATION iv_destination
EXPORTING
gen_key = iv_table_key
table_name = iv_table_name
TABLES
entries = rt_entries
EXCEPTIONS
internal_error = 1
table_empty = 2
table_not_found = 3
OTHERS = 4.
CASE sy-subrc.
WHEN 1.
RAISE internal_error.
WHEN 2.
RAISE table_empty.
WHEN 3.
RAISE table_not_found.
WHEN 4.
RAISE unknown_error.
ENDCASE.
ENDMETHOD.
Thanks a lot in advance
Best regards
Carsten KlattHi!
You can use the function module RFC_MODIFY_R3_DESTINATION to create, modify and delete RFC connections. You will need the system ID (e.g. ABC), client (e.g. 123), system number (e.g. 00) and the host name of the server. In this example the following code would create or modify the RFC destination ZRFC_DESTINATION.
CALL FUNCTION 'RFC_MODIFY_R3_DESTINATION'
EXPORTING
destination = 'ZRFC_DESTINATION'
action = 'M'
systemid = 'ABC'
systemnr = '00'
server = 'serverhostname'
language = sy-langu
client = '123'
user = 'USERNAME'
password = 'PASSWORD'
description = 'Dummy RFC Connection'
EXCEPTIONS
authority_not_available = 1
destination_already_exist = 2
destination_not_exist = 3
destination_enqueue_reject = 4
information_failure = 5
trfc_entry_invalid = 6
internal_failure = 7
snc_information_failure = 8
snc_internal_failure = 9
destination_is_locked = 10
OTHERS = 11.
With the following code you can delete this connection:
CALL FUNCTION 'RFC_MODIFY_R3_DESTINATION'
EXPORTING
destination = 'ZRFC_DESTINATION'
action = 'D'
EXCEPTIONS
authority_not_available = 1
destination_already_exist = 2
destination_not_exist = 3
destination_enqueue_reject = 4
information_failure = 5
trfc_entry_invalid = 6
internal_failure = 7
snc_information_failure = 8
snc_internal_failure = 9
destination_is_locked = 10
OTHERS = 11.
Please keep in mind that deleting an RFC connection is usually noted in the system log.
If you want to reuse your connection for multiple servers, you could run into trouble since connection data is cached.
Sincerely,
Stefan -
How to establish a trusted connection with JDBC for SQL SERVER 2000
Hi!I am using jdk 1.4 and eclipse 3.3.
I create a servlet in eclipse with in-build tomcat.
When I run it ,it was working perfectlly has it was suppose to work.
In this servlet I connect to a sql 2000 database using jdbc-odbc bridge driver.
But when I tried to deploy the servlet on tomcat 5.5 manully on the same machine ,it gave me error saying
[Microsoft][SQLServer JDBC Driver][SQLServer]Login failed
for user 'sa'
I searched around some post and found that ok ,I need trusted connection
But I have 2 Questions
1). Why was in eclipse I was able to connect to the SQL server and why not in the servlet which I deployed manully on tomcat.
2). How do I create a trusted connection with JDBC for SQL server 2000
Thnaks for your help in advance.Hi! duffymo ,QussayNajjar ,dvohra09 .
Thank for help.
The ideas are really great.
I am trying generate reports for my company.
When I used eclipse the code worked perfectly.
below is code which I used
out.println("Calling For Class Name<br>");
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
out.println("Calling For Class Name success Now calling database <br>");
1). jdbcConnection = DriverManager.getConnection("jdbc:odbc:SQLJasper");
2). jdbcConnection = DriverManager.getConnection("jdbc:odbc:Driver={SQL Server};Server=ServerName;Database=tempdb");
3). jdbcConnection = DriverManager.getConnection("jdbc:odbc:Driver={SQL Server};Server=ServerName;Database=tempdb","UID=UserName","Password=Password");
out.println("connecting to database success<br>");
I had tried to connect the database using this three way.
In 1st I tried using DSN name .
Next 2 self explainer for expert like you.
I used to 2nd variant to connect in eclipse and it worked fine.
I not an expert in java ,I just doing some research on jasperReport.
My best guest is that eclipse is using some library files of which I have no clue.
Thank's for your help,I appretiate it.
Once again thank a billion.
Sorry for the messy righting. -
Trusted Connection - C# Console App
I have been developing a C# Console Application in VS2008, and am having trouble figuring out how to use a Trusted Connection when generating the report, rather than passing it my SQL Authentication username and password. It's connecting to SQL Server 2005. ODBC (RDO).
As of now, the application runs the report with two dates being passed, then exports it as a PDF. It works when passing it the connectioninfo, but how can I make it windows authenticated? I have used the following lines to get it to work using SQL authentication.
crConnectionInfo.ServerName = "server";
crConnectionInfo.DatabaseName = "db";
crConnectionInfo.UserID = "user";
crConnectionInfo.Password = "pass";
Edited by: djhorn on Feb 1, 2010 5:28 PMRunning CR XI with .NET 2008 gives me the ebee jeebes. All kinds of problems will come down eventually for you. Honest. (Reports created in CR XI and run with CR 10.5 are OK as long as you are not using features that are not present in CR 10.5 (dynamic parameters, LOVs, etc.)).
10.5 is OK, but integrated security is not handled by the report (or the CR APIs) as such. It is handled by the app / process which you will have to run under a system account that could validate the users. If the database is on a different server than the app, this constitutes a double hop and will not work. The Article I referenced (https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b021e47e-be1d-2b10-c6b2-efa9db3abd6b) applies to CR 11.5 as well as CR 2008 (v 12.x). So, for you going to CR 2008 may be the best option(?). An eval of CR 2008 is available from here:
http://www.sap.com/solutions/sapbusinessobjects/sme/freetrials/index.epx
Ludek -
hi all,
i would like to know how trusted connection to manage the connectivity to MDM and perform MDM data manipulation.
for example,
i have an ID that can access to data manager with restriction, which this ID can only view record but not alter any record seen in Data manager.
If trusted connection is set based on this ID, can we still perform any update of MDM data?
Thanks!
ShantiAs sudhanshu mentioned, an MDM trust works on an IP address level. If an MDM server trusts an IP address then ALL logins from that IP adress are automatically authenticated without providing a password.
The trust is therefore something to setup between MDM and (for example) a portal server. It's not something to setup between MDM and each client / enduser.
If you setup the trust between MDM and the portal then you still have to maintain user mapping on the portal, but no passwords are required. The MDM username specified in the user mapping will still be used to log the user into MDM, so they will still be restricted to whatever MDM permissions they would have if they used (for example) the Data Manager and had to specify a username AND password to login.
HTH,
Mark -
SAPGUI for JAVA - "pre"define a trusted connection in "trustClassification" file on Linux
Hello,
I would like to deploy a new version of SAPGUI 730 for JAVA (JAVAGUI or PlatinGUI). And this time, to prevent my user from choosing the wrong "trust level classification" for the productive system, I would like to deploy a "trustClassification" file with a predefined trusted connection.
In the help webpage called "Security policy", different configuration files are proposed :
- <system preferences>/trustClassification
- <user preferences>/trustClassification
I easily found the "<user preferences>" directory in "/home/<user>/.SAPGUI" but this is not relevant for a central deployment with hundreds of people.
And until now, I didn't find the "<system preferences>" directory. Can someone tell me what is it ?
I'm using Linux Ubuntu 12.
Regards,
SimonHello Simon,
when you open About dialog and press the "more info" button, you get a long list of information.
Beginning of the "Path Information", you will see a line starting with "SAP GUI system prefs".
The value should be what you are looking for.
Best regards
Rolf-Martin -
Hi,
How to create trusted connections?Steps:
1. First establish the RFC Connections between the systems.
2. Then in the trusting system register the system that the system wants to trust using
the tcode SMT1
3. Then go to the system that has been registered as trusted in the trusting system and
execute the tcode SMT2 to chk whether you have created the trusted connection
successfully. Return code zero indicates your connection is successful. -
Invalid Login Using Trusted Authentication
My productive database server always report "Invalid Login Using Trusted Authentication" in udump. Could you tell me what is mean? would it influent oracle running?
Can we test a single connection using SQL authentication and If still persist, you have to double check that credential
if it is still trying to connect SQ Server and identify if it is hitting the
same DB on the same server or other DBs since I do think this errors is related to other DBs
Kindly work out it and please let know me your feedback
Shehap (DB Consultant/DB Architect) Think More deeply of DB Stress Stabilities -
Hello
I have a single computer that is going to be shared between 5 people. In an effort to save time. I wanted the users to have a single shared LOCAL login to the computer.
Then each user could pull up an RDS session through RDWEB on our 2012 r2 RDS farm.
However, when I attempt to log in more than one user through RDWEB I receive:
Another user of your computer is currently using this connection. This user must disconnect before you can log on.
I have done some research on this, and followed this advice, and did the following steps on all my RDS session host and broker servers
Enable Multiple RDP Sessions
- Log into the server using Remote Desktop.
- Open the start screen (press the Windows key) and type gpedit.msc and open it
- Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Disabled.
- Double click Limit number of connections and set the RD Maximum Connections allowed to 999999.
However, it did not solve the problem. Anyone have suggestions?Hi Michael,
In addition you can try below registry setting for multiple remote session.
HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Terminal Server
fSingleSessionPerUser REG_DWORD 0x00000000
Note: By default the registry value is set to 1, but you need to change to 0.
Also if you are making connection through gateway then recheck whether the setting is enabled on gateway side for multiple session.
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Transfering .csv file from SAP to NON-SAP using FTP connection
Dear All,
I am able to place the .CSV file successfully to other system using FTP connection, but when i open the file I could see the gaps between each record. I mean 1st line with the 1st record and 2nd line having a GAP and 3rd line with the 2nd record and so ..on as shown below
1 1/1/2009 0 41000027
2 1/1/2009 0 41000027
3 1/1/2009 0 41000027
I have declared an internal table as below
TYPES: BEGIN OF ty_charlist,
line(5000) type c,
END OF ty_charlist.
DATA: w_charlist TYPE ty_charlist,
t_charlist TYPE TABLE OF ty_charlist.
And concatenating each field seperated by ','
CONCATENATE res1 res2 res3 res4 res5 res6 res7 res8 res9 res10 res11 res12 res13 res14 res15 res16 res17 res18 res19 res20 res21 res22 res23 res24 res25 res26 res27 res28 res29 res30 res31 res32 res33 res34 res35 res36 res37 res38 res39
INTO w_charlist-line SEPARATED BY ','.
APPEND w_charlist TO t_charlist.
Now T_CHARLIST contains 50 records which needs to be placed on other system. I can see 50 records but gap is coming
Here res1, res2 and so on are declared as TYPE STRING..
Please do help me this issue
Thanks
PravaHello dprava ,
Try to be assisted with these examples .
1. [http://wiki.sdn.sap.com/wiki/display/ABAP/FTPfiletransferinBackground]
2. [Reg: FTP Connection; - SAP examples programs
Thank you,
Boaz
Maybe you are looking for
-
Unable to Update - Disk cannot be read from or written too
Every time i got to update the music library onto the IPOD it says "The ipod cannot be updated. The disk could not be read from or written to." I have the newest version of itunes installed and i believe the ipod is up to date. The ipod is recognized
-
ITunes Match is duplicating files on hard drive
Almost every song/album I have ever purchased and downloaded will not play from the local file, but instead insists or 'redownloading' from the Music Match Cloud. Eg: The album "Communards" by "The communards". As you can see iTunes is under the impr
-
How can i get FaceTime back on my macbook air?
I accidentally moved the FaceTime from my dock to the trashcan and i emptied my trashcan. How can i get it back?
-
After offer release, employee has to fill personal details through URL-E-recruitment
Dear All, Client is Indian, After Offer release through e-recruitment. HR want to send URL mail to selected candidate. Through this URL candidate has to fill all personal details(Family details, IT Declarations, Blood group etc.) How to store this da
-
'Assertion has failed' Error when using Save for Web (PSCS)
This problem is due to the Save for Web preferences becoming corrupted. Delete the Safe For Web Preferences by holding down CTRL+ALT whilst clicking on File>Save for Web. (the Save foe Web preference file is saved at: C:\Documents and Settings\~usern