Chain authorization

Similar Messages

• Monitoring process chains: authorizations

  Hi,
  We have an issue about monitoring of BW process chains.
  We have a support desk in our IT department doing first-level support on basically all our it systems.
  The support desk have only limited SAP knowledge (they can do simple things like unlocking users, etc.).
  Currently our BW developers are also responsible of day-to-day monitoring of BW process chains.
  We would like to move this task to the support desk.
  The support desk will be responsible of identifying problems and maybe doing simple corrective actions (restarting a process chain?).
  In case of "real" problems the support desk will hand over the issue to our BW developers.
  We have tried to create a role giving access to transaction rspcm for the support desk.
  But we have not been able to restrict the authorizations.
  From rspcm it is possible to go into process chain maintenance, and we would like to make sure that no one makes changes to the process chains by accident.
  We would like to have a role giving "display only" access to monitoring process chains.
  Anyone with experience in doing this?
  /Casper

  Hi Vijay,
  We have tried adding only the transaction RSPCM (object S_TCODE) and the object S_RS_ADMWB as suggested by you.
  The problem is that when "clicking" on a process chain in transaction RSPCM authorizations for transaction RSPC is required.
  We have then added transaction RSPC to object S_TCODE.
  When displaying the process chain, the user is not able to maintain info packages (this must be controlled by S_RS_ADMWB?).
  But the user are still able to maintain the other process types (attribute change run as an example) ???
  Are we missing another auth.object?
  Best regards,
  Casper

• Authorizations setting for running the process chain

  Hai
  Iam planning to run the process chain for loading the data into ODS. But i dont have authorization for it.
  so what are the authorizations i need to run the process chain in my system. And how can i set all those authorizations to my user-id.  I have all authorization rights .
  Pls let me knw
  kumar

  Hi,
  Authorizations for Process Chains
  Use
  You use authorization checks in process chain maintenance to lock the process chain, and the processes of the chain, against actions by unauthorized users.
  ·        You control whether a user is allowed to perform specific activities.
  ·        You control whether a user is allowed to schedule the processes in a chain.
  The authorization check for the processes in a chain runs when the system performs the check. This takes place upon scheduling or during synchronous execution. The check is performed in display mode. The check is performed for each user that schedules the chain; it is not performed for the user who executes the chain. The user who executes the chain is usually the BI background user. The BI background user automatically has the required authorizations for executing all BI process types. In attribute maintenance for the process chain, you can determine the user who is to execute the process chain.
  See also: Display/Maintenance of Process Chain Attributes ®  Execution User.
  Features
  For the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
  To work with process chains, you require authorization for authorization object S_RS_PC. You use this authorization object to determine whether process chains can be displayed, changed or executed, and whether logs can be deleted. You can use the name of the process chain as the basis for the restriction, or restrict authorizations to chains using the application components to which they are assigned.
  Display/Maintain Process Chain Attributes
  Use
  You can display technical attributes, display or create documentation for a process chain, and determine the response of process chains during execution.
  Features
  You can display or maintain the following attributes for a process chain:
  Process Chain ® Attribute ® ...
  Information
  Description
  ( Rename)
  You can change the name of the process chain.
  Display Components
  Display components are the evaluation criterion in the process chain maintenance. Assigning the process chains to display components makes it easier to access the chain you want.
  To create a new display component, choose Assign Display Components in the input help window and assign a technical name and description for the display component in the Display Grouping dialog box that appears.
  Documents
  You can create and display documents for a process chain.
  For more information, see Documents.
  Last Changed By
  Displays the technical attributes of the process chain:
  ·        When it was last changed and who by
  ·        When it was last activated and who by
  ·        Object directory entry
  Evaluation of Process Status
  If you set this indicator, all the incorrect processes in this chain and in the overall status of the run are evaluated as successful; if you have scheduled a successor process upon error or always.
  The indicator is relevant when using metachains: Errors in the processes of the subchains can be evaluated as “unimportant” for the metachain run. The subchain is evaluated as successful, despite errors in such processes of the subchain. If, in the metachain, the successor of the subchain is scheduled upon success, the metachain run continues despite errors in “unimportant” processes of the subchain.
  Mailing and alerting are not affected by this indicator and are still triggered for incorrect processes if they have an upon error successor.
  Polling Indicator
  With this indicator you can control the response of the main process for distributed processes. Distributed processes, such as the load process, are characterized as having different work processes involved in specific tasks.
  With the polling indicator you determine whether the main process needs to be kept until the actual process has ended.
  By selecting the indicator:
  -         A high level of process security is guaranteed, and
  -         External scheduling tools can be provided with the status of the distributed processes.
  However, the system uses more resources; and a background process is required.
  Monitoring
  With the indicator in the dialog box Remove Chain from Automatic Monitoring?, you can specify that a process chain be removed from the automatic monitoring using CCMS.
  By default CCMS switches on the automatic process chain monitoring.
  For more information about the CCMS context Process Chains, see the section BW Monitor in CCMS.
  Alerting
  You can send alerts using alert management when errors occur in a process chain.
  For more information, see Send Alerts for Process Chains.
  Background Server
  You can specify here on which server or server group all of the jobs of a chain are scheduled. If you do not make an entry, the background management distributes the jobs between the available servers.
  Processing Client
  If you use process chains in a client-dependent application, you can determine here in which client the chain is to be used. You can only display, edit, schedule or execute the chain in this client.
  If you do not maintain this attribute, you can display, edit, schedule or execute the process chain in all clients.
  Process variants of type General Services that are contained in a process chain with this attribute set will only be displayed in the specified client.
  This attribute is transported. You can change it by specifying an import client during import. You must create a destination to the client set here in the target system for the import post processing (transaction RSTPRFC)  The chain is activated after import and scheduled, if necessary, in this client.
  Execution User
  In the standard setting a BI background user executes the process chain (BWREMOTE).
  You can change the default setting so that you can see the user that executes the process chain and therefore the processes, in the Job Overview. You can select the current dialog user who schedules the process chain job, or specify a different user.
  The setting is transported.
  The BI background user has all the necessary authorizations to execute all BI process types. Other users must assign themselves these authorizations so that authorization errors do not occur during processing.
  Job Priority
  You use this attribute to set the job priority for all of the jobs in a process chain.
  Hareesh

• Authorization issues in executing the chain

  Hi Techies,
  When im triying to execute the chain, the chain allows me to do so and went well but all the jobs corresponding it were running under my ID. Later I tried to schedule the chain on ALEREMOTE, but it throws error saying ALEREMOTE do not have authorization to execute the infosources as it hits its first infosource.
  We made the Trace On and tried to find any unauthorized hits in it, but the trace went well wthout any error.
  Need to confirm:
  1. ALEREMOTE was assigned with CPIC User role, does this effects?
  2. In BW Global Settings, for the field BW suer ALE entry have ALEREMOTE, where earlier it was not there. After making this entry, the chain does not even allow to trigger on my ID and on ALEREMOTE.
  3. If this entry effects, whats the significance of this field.
  Regards,
  Subhash.

  Hi Subhash,
  for the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
  To work with process chains, you require authorization for authorization object S_RS_PC. You use this authorization object to determine whether process chains can be displayed, changed or executed, and whether logs can be deleted. You can use the name of the process chain as the basis for the restriction, or restrict authorizations to chains using the application components to which they are assigned.
  http://help.sap.com/saphelp_nw70/helpdata/en/35/c7e442e3c15704e10000000a155106/frameset.htm
  The BI background user has all the required authorizations to execute all BI process types. Other users have to assign themselves these authorizations so that authorization errors do not occur during processing.
  http://help.sap.com/saphelp_nw70/helpdata/en/d3/53e03b8235953ee10000000a114084/frameset.htm
  Hope this helps.
  Regards
  Andreas

• Authorizations and Process Chains

  Hi All,
  Can any one help me in learning Authorizations and Process Chains. Could you please send me some real time documents on the following.
  1. How would we get the requirements from the client to create Authorizations? What info will they give us basically to create them?
  2. The same with Process Chains.
  Could someone plese send me the requirements documents(on authorizations and process chains) they get from the client to know it from a real time perspective.
  My email ID: <b>[email protected]</b>
  Many thanx in Advance...
  Best Regards,
  Nimma.

  Hi A.M.S,
  Thanx for ur reply.
  However, I am looking for some real time specifications which we get from client just to know how the requirements will come to us and then the steps to be followed and so on...
  I would be grateful if you could send me some of them.
  Best Regards,
  Nimma.

• INTERRUPT process types authorization in process chain

  Hi all ,
  I include INTERRUPT step in one of my process chains but I'm not able to change it on live system because of unsufficient authorization .  We have sufficient authorization just for START variant on process chains on production system however we also need to have schedule authorization for INTERRUPT process since I need to schedule it several times in live system. Does anyone know about the process to gather required authorization
  Thanks in advance ...

  .

• Authorization objects for Process chain and Data source in BW 3.x

  Hi,
            Can any one tell me the authorization objects regaring process chain and Data source in BW 3.x versions. I guess we have auth objects for both of them in BW 3.5 that is S_RS_PC AND S_RS_DS .
  Can any one help me solving this issue
  Thanks
  Bharat

  Hi bharat
  I dont thin these objects are part of 3.0
  check from SU03 weather these objects are present in 3.o box
  In 7.0 they exist:
  http://help.sap.com/saphelp_bw33/helpdata/en/8b/134c3b5710486be10000000a11402f/frameset.htm
  TO see weather these objects exist:
  Go to Tools -> Administration ->User maintenance ->Information System -> Authorization objects -> Authorization objects by Complex Selection Criteria -> By Object Class. For the object class, enter either RS (for Business Information Warehouse objects)
  OR
  S_BCE_68001413 (Tcode for this rep)
  Thanks,
  Raj

• Authorization objects for Process chain and Data sources in BW 3.x version

  Hi,
            Can any one tell me the authorization objects regaring process chain and Data source in BW 3.x versions. I guess we have auth objects for both of them in BW 3.5 that is S_RS_PC AND S_RS_DS .
  Can any one help me solving this issue
  Thanks
  Bharat

  its the same thread again
  /community [original link is broken]
  Thanks,
  Raj

• Authorization for Process Chains in BW 3.5 (2004)

  Hi all,
    I wanted to know if there is any way to limit actions on process chains.  I would like to give some users display only access to process chains.  Is that possible?
  Thanks

  Hi,
  In your system go to
  'Transport Connection' tool-->
  Click on 'Object Changeability' pushbutton-->
  And for Object types RSPC and ISIP make "changeable/Not Changable" .
  Note: This will work only if your system is lockect aganist the changes as it is normally in Production.
  Also check the below links:
  1) Authorisation for process chains
  2) Authorization Object for Process Chain
  3)http://help.sap.com/saphelp_nw2004s/helpdata/en/35/c7e442e3c15704e10000000a155106/frameset.htm
  4) http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm

• Process chains scehduling authorization

  Hey guys
  just gave an outsourced team authorizations to work around with their process chains (objet S_RS_PC), but they still don't have authorizations to modify the scheduling... do you know which object is missing in their authorzation profile ?

  Hi,
  Goto PFCG -> Create profile -> Goto Authorization tab ->Change authorization -> Edit ->Insert auth. from template ->Select S_RS_ROPAD     BW Role: Administrator (Productive System)
  Hope that helps.
  Regards
  Mr Kapadia

• Authorization issues while acitvation of process chain

  hi
  No delete authorization for job BI_PROCESS_ATTRIBCHAN 16320601
  I couldn't get it..
  sachin

  Hi Sachin,
  Can you be more informative in regards the issue??
  Regards
  GPK

• Error while activating Process Chains

  Hi all,
  while activating the Process Chains, i am getting the following error "Job BI_PROCESS_PSAPROCESS could not be scheduled. Termination with returncode 8"
  when i double click on the error msg, i got the following help msg: "
  <i>Message no. RSPC065
  Diagnosis
  Program RSPROCESS is to be scheduled as job BI_PROCESS_PSAPROCESS under user ALEREMOTE.</i>
  Can any one please show some way to solve this problem? please do this favor, i have been suffering with error for a long time.
  Points will be given
  Thanks
  Ganesh

  Hi,
  Just analyze the error message that you get while activating the PC, don't give any server name.If you are trying to run process chain using Flat file, it won't work,
  and you should have source system R/3 or you have own datasources in BW system itself at that toime you can use PC to extract data. If your source system is Flat ile, it won't work. other wise you should place your flat file in application server, using AL11 tcode.
  <b>OSS : 511475</b>
  <b>Symptom</b>
  You cannot schedule or perform any batch jobs with the BW or source system background user.
  The error RSPC 065 occurs in the process chains:"Job could not be scheduled, termination with return code 8"
  <b>Other terms</b>
  RSPC065
  <b>Reason and Prerequisites</b>
  The user type is
  "CPIC" up to 4.6B
  "Communication" as of 4.6C
  This user type may not execute or start any batch jobs, irrespective of the user authorizations.
  <b>Solution</b>
  Set the type of background user to
  "Background" up to 4.6B
  "System" as of 4.6C
  This user type corresponds to the "Communication" type and may also perform background functions.
  Through the Customizing, the BW user is automatically created by mistake as a communication user.Depending on your BW system release, you can solve this problem as follows:
  BW 2.0B
             Import Support Package 24 for 2.0B (BW2.0B patch24 or SAPKW20B24) into your BW system. The Support Package is available once note 456551 with the short text "SAPBWNews BW 2.0B Support Package 24", which describes this Support Package in more detail, has been released for customers.
  BW 2.1C
             Import Support Package 16 for 2.1C (BW2.1C patch16 or SAPKW21C16) into your BW system. The Support Package is available once note 456566 with the short text "SAPBWNews BW 2.1C Support Package 16" has been released for customers.
  BW 3.0A
             Import Support Package 8 for 3.0A (BW3.0A patch08 or SAPKW30A08) into your BW system. The Support Package is available once note 452632 with the short text "SAPBWNews BW 3.0A Support Package 08" has been released for customers.
  <b></b>

• BI IP Executing planning sequence via process chain not possible

  Hi,
  we use BI IP and have defined a process chain (RSPC) with value type process planning sequence. When we execute it, we get error message
  "Inconsistent input parameter (parameter: <unknown>, value <unknown>)"
  When we execute this planning sequence via the modeller or via SE38 RSPLS_PLSEQ_EXECUTE everything works fine. I thougt the cause could be the user of the job itself (job is executed with different user, and variant of planning sequence is user-dependent!), but I changed the user in the job itself as well without results.
  any thoughts?
  regards
  D
  null

  Hi,
  I executed with my user and have a SAP_ALL authorization. Perhaps it could be because we use authorisation with the old method (4.0) (-> I'm not sure on this). I also think it has to do with authorization. I'll check this out with our authorization consultant.
  D

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• IOS SSL VPN WITH RADIUS Authorization

  Hi
  I'm trying to authenitcate and authorize  the users loggining into SSLVPN via ACS and although the ACS loggs and "TEST" command on the router shw succeeful authentication i receive the flollowing debug
  *Jun  6 22:39:50.157: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4346
  Rack1R1(config)#                          
  *Jun  6 22:40:09.409: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4357
  Rack1R1(config)#                          
  *Jun  6 22:40:21.409: WV-AAA: AAA authentication request sent for user: "SSLUSER"
  *Jun  6 22:40:21.409: RADIUS/ENCODE(00000000):Orig. component type = INVALID
  *Jun  6 22:40:21.409: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
  *Jun  6 22:40:21.409: RADIUS(00000000): Config NAS IP: 150.1.1.1
  *Jun  6 22:40:21.409: RADIUS(00000000): sending
  *Jun  6 22:40:21.409: RADIUS(00000000): Send Access-Request to 10.0.0.100:1645 id 1645/27, len 60
  *Jun  6 22:40:21.409: RADIUS:  authenticator AC 16 B3 54 46 72 37 05 - 4C 00 19 21 81 97 40 6E
  *Jun  6 22:40:21.409: RADIUS:  User-Name           [1]   16  "SSLUSER@SSLVPN"
  Rack1R1(config)#                          
  *Jun  6 22:40:21.409: RADIUS:  User-Password       [2]   18  *
  *Jun  6 22:40:21.409: RADIUS:  NAS-IP-Address      [4]   6   150.1.1.1                
  *Jun  6 22:40:21.669: RADIUS: Received from id 1645/27 10.0.0.100:1645, Access-Accept, len 282
  *Jun  6 22:40:21.669: RADIUS:  authenticator 2D 2C B0 39 89 4C 41 88 - 40 32 E2 09 0D 7F 6B 0C
  *Jun  6 22:40:21.669: RADIUS:  Framed-IP-Address   [8]   6   255.255.255.255          
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  28 
  *Jun  6 22:40:21.669: RADIUS:   Cisco AVpair       [1]   22  "webvpn:svc-enabled=1"
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  29 
  *Jun  6 22:40:21.669: RADIUS:   Cisco AVpair       [1]   23  "webvpn:svc-required=1"
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  50 
  *Jun  6 22:40:21.669: RADIUS:   Cisco AVpair       [1]   44  "webvpn:split-include=6.6.6.0 255.255.255.0"
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  35 
  *Jun  6 22:40:21.669: RADIUS:   Cisco AVpair       [1]   29  "webvpn:keep-svc-installed=1"
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  31 
  *Jun  6 22:40:21.669: RADIUS:   Cisco AVpair       [1]   25  "webvpn:addr-pool=SSLVPN"
  *Jun  6 22:40:21.669: RADIUS:  Vendor, Cisco       [26]  41 
  *Jun  6 22:40:21.669: RADIUS:  Service-Type        [6]   6   Outbound                  [5]
  *Jun  6 22:40:21.669: RADIUS:  Class               [25]  36 
  *Jun  6 22:40:21.669: RADIUS:   43 41 43 53 3A 30 2F 34 37 30 2F 39 36 30 31 30  [CACS:0/470/96010]
  *Jun  6 22:40:21.669: RADIUS:   31 30 31 2F 53 53 4C 55 53 45 52 40 53 53 4C 56  [101/SSLUSER@SSLV]
  *Jun  6 22:40:21.669: RADIUS:   50 4E                                            [PN]
  *Jun  6 22:40:21.673: RADIUS(00000000): Received from id 1645/27
  *Jun  6 22:40:21.673: RADIUS(00000000): Unique id not in use
  Rack1R1(config)#                          
  *Jun  6 22:40:21.673: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored
  *Jun  6 22:40:21.673: AAA/AUTHOR (0x0): Pick method list 'RAD'
  Rack1R1(config)#                          
  *Jun  6 22:40:23.673: WV-AAA: AAA Authentication Failed!
  Rack1R1(config)#                          
  *Jun  6 22:40:24.069: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4359
  Rack1R1(config)# 
  router Configuration
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Rack1R1
  boot-start-marker
  boot-end-marker
  ! card type command needed for slot/vwic-slot 0/1
  logging message-counter syslog
  enable password cisco
  aaa new-model
  aaa authentication login RAD group radius
  aaa authorization network RAD group radius
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  no ip domain lookup
  ip domain name INE.com
  ip host cisco.com 136.1.121.1
  ip host www.cisco.com 136.1.121.1
  ip host www.google.com 136.1.121.1
  ip host www.ripe.net 136.1.121.1
  no ipv6 cef
  multilink bundle-name authenticated
  crypto pki trustpoint TP-self-signed-3354934498
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3354934498
  revocation-check none
  rsakeypair TP-self-signed-3354934498
  crypto pki certificate chain TP-self-signed-3354934498
  certificate self-signed 01
    30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33333534 39333434 3938301E 170D3132 30363036 31333030
    32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353439
    33343439 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B1E5 889BEB9A 31DFC0D4 7C7F698F 0F52E404 0849263A BD443A96 13C6A440
    DCBD4345 EF301E91 0D4AADD9 3C2A17F2 E26E5E96 90F96809 D8FCCF32 7EB58100
    74E4772C 6395E03C 1B7F1AF5 482F861F DD62D079 F9977FE2 0E544E18 5FAAF290
    DF665B45 EF10D3EC D924E87A 5F827F07 06DE8961 F361C3FA EDBE5F68 452221C8
    B9570203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
    551D1104 13301182 0F526163 6B315231 2E494E45 2E636F6D 301F0603 551D2304
    18301680 140B00B8 FD9B58CF 8A6F51BE 25DEC6C5 85E14495 05301D06 03551D0E
    04160414 0B00B8FD 9B58CF8A 6F51BE25 DEC6C585 E1449505 300D0609 2A864886
    F70D0101 04050003 81810006 4192E2DB ABAF533E 9C4BF24E DF6BFD45 144A6AE9
    C874E311 27B23E7B E8DB18C3 4FFB4ACA 4B09F63E 62501578 D8F58D73 D08F016F
    49C99B8D DA1073E5 A141C1C7 505BD191 FC58EA7F 54BD9B98 579E1726 7C1CA619
    A45DDABC 8F315EE9 D20A30A8 2BD5D67D B744BD69 353B4670 E5BA4540 47059E60
    9DC4C940 E91AACBB 4EAFFA
          quit
  username admin privilege 15 password 0 admin
  username SSLUSER@SSLVPN password 0 cisco
  archive
  log config
    hidekeys
  crypto ipsec client ezvpn EZVPN_CLIENT
  connect auto
  mode client
  xauth userid mode interactive
  ip tcp synwait-time 5
  interface Loopback0
  ip address 150.1.1.1 255.255.255.0
  interface Loopback6
  ip address 6.6.6.6 255.255.255.0
  interface FastEthernet0/0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface FastEthernet0/1
  no ip address
  duplex auto
  speed auto
  interface FastEthernet0/1.11
  encapsulation dot1Q 12
  ip address 136.1.11.1 255.255.255.0
  interface FastEthernet0/1.121
  encapsulation dot1Q 121
  ip address 136.1.121.1 255.255.255.0
  interface FastEthernet0/0/0
  interface FastEthernet0/0/1
  interface FastEthernet0/0/2
  interface FastEthernet0/0/3
  interface Virtual-Template1 type tunnel
  no ip address
  tunnel mode ipsec ipv4
  interface Vlan1
  no ip address
  router rip
  version 2
  passive-interface FastEthernet0/1.11
  network 136.1.0.0
  network 150.1.0.0
  no auto-summary
  ip local pool SSLVPN 40.0.0.1 40.0.0.254
  ip forward-protocol nd
  ip route 10.0.0.0 255.255.255.0 136.1.121.12
  ip http server
  ip http secure-server
  ip dns server
  ip access-list extended SPLIT
  permit ip 136.1.11.0 0.0.0.255 10.0.0.0 0.0.0.255
  ip radius source-interface Loopback0
  radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key CISCO
  control-plane
  line con 0
  exec-timeout 0 0
  privilege level 15
  logging synchronous
  line aux 0
  exec-timeout 0 0
  privilege level 15
  line vty 0 4
  password cisco
  scheduler allocate 20000 1000
  webvpn gateway SSLVPN
  ip interface Loopback0 port 443
  http-redirect port 80
  ssl encryption rc4-md5
  ssl trustpoint TP-self-signed-3354934498
  logging enable
  inservice
  webvpn install svc flash:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 1
  webvpn context SSLVPN
  title "**SSLVPN  **"
  ssl encryption rc4-md5
  ssl authenticate verify all
  aaa authentication list RAD
  aaa authentication domain @SSLVPN
  aaa authorization list RAD
  gateway SSLVPN
  inservice
  end
  Any Idea?

  Hi,
  As I understand , you need to know if you can assign static ip to a user and also is there any other way of assiging a ip other than local pool.
  There are three ways of assinging an ip address to VPN client: using local pool, AAA server,DHCP.
  You can use the following link  for more information:-
  Assigning static ip  for user present locally on ASA:-
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
  For user present on Active Directory:-
  http://technet.microsoft.com/en-us/library/cc786213%28WS.10%29.aspx
  The following is the link for assigning ip address using DHCP:-
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml
  I hope it helps.
  Thanks,
  Shilpa