Check Authorization for User ID

Similar Messages

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Result: User equivalence check failed for user "oracle".

  While installing on Solaris-10, ssh, rlogin, scp works fine.
  Running runcluvfy.sh stage -post hwos -n rac-1,rac-2 -verbose returns the above error.
  Result: User equivalence check failed for user "oracle".
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  /bin/ssh & /bin/scp is in use.

  Hello,
  I am facing User equivalence check failed for user "oracle" error on my newly to be built RAC cluster.
  The Oracle users have been created identically and ssh have been setup as per RAC installation manual.
  Still I am facing the below problem. Please help me out
  Node1 > uname -a
  Linux purple-rac-node2 2.6.18-194.el5 #1 SMP Mon Mar 29 22:10:29 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
  Node2 > uname -a
  Linux purple-rac-node1 2.6.18-194.el5 #1 SMP Mon Mar 29 22:10:29 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
  clusterware/cluvfy/runcluvfy.sh stage -post hwos -n purple-rac-node1,purple-rac-node2 -verbose
  Performing post-checks for hardware and operating system setup
  Checking node reachability...
  Check: Node reachability from node "purple-rac-node1"
    Destination Node                      Reachable?
    purple-rac-node2                         yes
    purple-rac-node1                         yes
  Result: Node reachability check passed from node "purple-rac-node1".
  Checking user equivalence...
  Check: User equivalence for user "oracle"
    Node Name                             Comment
    purple-rac-node2                         failed
    purple-rac-node1                         failed
  Result: User equivalence check failed for user "oracle".
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  [oracle@purple-rac-node1 ~]$ id oracle
  uid=501(oracle) gid=501(dba) groups=501(dba),502(oper),503(oinstall)
  [oracle@purple-rac-node2 ~]$ id oracle
  uid=501(oracle) gid=501(dba) groups=501(dba),502(oper),503(oinstall)

• RUNCLUVFY  Result: PRVF-4007 : User equivalence check failed for user "orac

  hello
  try to run runcluvfy.sh I receive the following screen rac2 is passed but rac 1 is failed can sombody help me?
  thanks
  [oracle@rac1 grid]$ ./runcluvfy.sh stage -pre crsinst -n rac1,rac2 -verbose
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Check: Node reachability from node "rac1"
  Destination Node Reachable?
  rac2 yes
  rac1 yes
  Result: Node reachability check passed from node "rac1"
  Checking user equivalence...
  Check: User equivalence for user "oracle"
  Node Name Comment
  rac2 passed
  rac1 failed
  Result: PRVF-4007 : User equivalence check failed for user "oracle"
  WARNING:
  User equivalence is not set for nodes:
  rac1
  Verification will proceed with nodes:
  rac2
  Checking node connectivity...

  Check this older thread which has a lot of information on this:
  User equivalence check failed (RAC setup)

• Result: PRVF-4007 : User equivalence check failed for user "oracle"

  Hi
  I get below error everytime I run ./cluvfy stage -pre crsinst -n node01,node02 -fixup -verbose > a.log
  Checking user equivalence...
  Check: User equivalence for user "oracle"
  Node Name Comment
  node02 passed
  node01 failed
  Result: PRVF-4007 : User equivalence check failed for user "oracle"
  WARNING:
  User equivalence is not set for nodes:
  node01
  Verification will proceed with nodes:
  node02
  node01 is the local node, if I run from node02 It comes back saying the same thing about node2!
  I have checked oracle uid and groups all set correctly and ssh working fine ...
  I have ran the same command for grid user and getting the same error !!

  i know what it was, i should have done ssh localnode date for once at least!!
  I only did ssh remotenode date :)

• PRVF-4007 : User equivalence check failed for user "grid"

  Oracle Version 11.2.0.3.0 patched to 11.2.0.3.1
  I had installed GIU and RAC db on 2 node cluster
  but since yesterdy has this issue when running the commands
  [grid@vmorarac2 ~]$ cluvfy comp ocr -n all -verbose
  Verifying OCR integrity
  ERROR:
  PRVF-4008 : User equivalence unavailable on all the specified nodes
  Verification cannot proceed
  vmorarac1 and vmorarac2 r the two nodes
  as a grid user, from vmorarac1 i ran ssh vmorarac2 and it failed with above error and vice versa
  so i did the following
  from vmorarac1
  ssh vmorarac2
  yes and enter key
  exec /usr/bin/ssh-agent $SHELL
  /usr/bin/ssh-add
  i did the same on other node
  but the problem still exists.
  Edited by: 912919 on 23-May-2012 06:58

  Hi,
  The subject of thread "*PRVF-4007 : User equivalence check failed for user "grid*"
  Now..
  {code}
  PRVF-4657 : Name resolution setup check for "vmorarac-scan.pbi.global.pvt" (IP address: 152.144.199.201) failed
  PRVF-4664 : Found inconsistent name resolution entries for SCAN name "vmorarac-scan.pbi.global.pvt"
  PRVF-4664 : Found inconsistent name resolution entries for SCAN name "vmorarac-scan.pbi.global.pvt"
  {code}
  If you can see are different issue.
  If you are using DSN to resolve hostname "vmorarac-scan.pbi.global.pvt" check with "nslookup" if the name is resolved correctly.
  If you are using Hosts File to resolve hostname "vmorarac-scan.pbi.global.pvt" you must configure only one ip (152.144.199.201) to resolve "vmorarac-scan.pbi.global.pvt" this entrie must be on host file of all nodes of cluster.
  Levi Pereira

• User equivalence check failed for user "oracle".

  Hi,
  I am trying to install the Oracle Clusterware 10g as part of my RAC setup.
  I have configured RHEL 4 in 2 nodes (rac and rac2). But when I run the runcluvfy utility, I get the below error:
  [oracle@rac cluvfy]$ ./runcluvfy.sh stage -pre crsinst -n rac,rac2
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Node reachability check passed from node "rac".
  Checking user equivalence...
  User equivalence check failed for user "oracle".
  Check failed on nodes:
  rac
  WARNING:
  User equivalence is not set for nodes:
  rac
  Verification will proceed with nodes:
  rac2
  The problem is only with the first node(rac). The second node passes succesfully.
  ssh works fine. Not sure what is wrong!
  Thanks!

  Did you do Configure SSH for User Equivalence ?
  Or
  Did you Establish User Equivalence ?
  If yes.. please check...
  $ ssh rac hostname
  rac
  $ ssh rac2 hostname
  rac2
  You should Establish User Equivalence before...
  exec /usr/bin/ssh-agent $SHELL
  /usr/bin/ssh-add
  If You don't configure ssh for user equivalence
  http://www.oracle.com/technology/pub/articles/smiley_rac10g_install.html
  Or
  read SSH User equivalence is not set up on the remote nodes

• User equivalence check failed for user "oracle" while running cluvfy

  Hi All,
  I am getting User equivalence error as follows while executing cluvfy. I want to install CRS on this server.
  oracle@node200$ ./runcluvfy.sh stage -pre crsinst -n node200,node201,node202
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Node reachability check passed from node "node200".
  Checking user equivalence...
  User equivalence check failed for user "oracle".
  Check failed on nodes:
  node202,node201,node200
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  Pre-check for cluster services setup was unsuccessful on all the nodes.
  I have sucessfully configured ssh and able to do ssh from all the nodes without prompting for the password. Also oracle uid and gid on all the servers are same.
  I also checked in .kshrc file and there is no tty entry in that file. and I have also setup /etc/hosts.equiv file on all the node.
  I still get the user equivalance error. Can anybody help me in this ?
  Regards,
  Raj.

  Hi,
  thanks.
  i need some more help because first time i am working on RAC,
  i am also having User equivalence check failed for user "oracle"
  i got two machines, one is IBM machine and one is DELL machine installed with solais 10 (AIX installation). both machines are not connected by private network now. and no shared external HDD available now. it will take one week time to set up the HW. the user equivalence check depends the above two factors?
  now public network is available and node reachability test "passed"
  could you please tell me what may be the reason for the user equivalence check in my case. details are given below
  i have oracle user in both machine. user creation done through SMC. home directory is /export/home/oracle
  the following are the details.
  1) $ ssh pc000905 id -a oracle
  Enter passphrase for key '/home/oracle/.ssh/id_rsa':
  uid=100(oracle) gid=300(oinstall) groups=301(dba)
  $ ssh pc026376 id -a oracle
  Enter passphrase for key '/home/oracle/.ssh/id_rsa':
  uid=100(oracle) gid=300(oinstall) groups=301(dba)
  2) user nobody exists.
  3) all files n .ssh directory have same permissions.
  4) ssh and scp is working with out password(rsa and dsa keys generated).
  5) oracle user is using bourne shell
  6)soft link of /usr/bin/ssh and /usr/bin/scp are created to /export/home/oracle/bin
  7)ForwardX11 is "yes" in sshd_config
  8) created a config file in .ssh directory and ForwardX11 is "no" in that file
  8) umask =022 in both nodes.
  error displaying is
  $/export/gome/cluvfy/runcluvfy.sh stage -pre crsinst -n pc026376,pc000905
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Node reachability check passed from node "PC026376".
  Checking user equivalence...
  User equivalence check failed for user "oracle".
  Check failed on nodes:
  pc026376,pc000905
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  Pre-check for cluster services setup was unsuccessful on all the nodes.
  $

• User equivalence check failed for user "oragrid" in HP-UX

  Dear Friends,
  while cluster verification utility i gotthe below error.
  $ ./runcluvfy.sh stage -pre crsinst -n aeadsverp11-adp.adp.ae,aeadsverp12-adp.adp.ae -fixup -verbose
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Check: Node reachability from node "aeadsverp11-adp"
  Destination Node Reachable?
  aeadsverp11-adp yes
  aeadsverp12-adp yes
  Result: Node reachability check passed from node "aeadsverp11-adp"
  Checking user equivalence...
  Check: User equivalence for user "oragrid"
  Node Name Comment
  aeadsverp12-adp failed
  aeadsverp11-adp failed
  Result: PRVF-4007 : User equivalence check failed for user "oragrid"
  ERROR:
  User equivalence unavailable on all the specified nodes
  Verification cannot proceed
  Pre-check for cluster services setup was unsuccessful on all the nodes.
  I had configred ssh and scp on both nodes.
  $ ssh aeadsverp11-adp.adp.ae date
  Wed Sep 28 04:26:55 MDT 2011
  $
  $ ssh aeadsverp12-adp.adp.ae date
  Wed Sep 28 13:28:26 WAT 2011
  ssh is wrking fine without any issues on both nodes.
  Please advice.
  Thanks,
  Rajendra

  Hi,
  Just ignore it and proceed with installation.
  Its an bug.
  Kind Regards,
  Rakesh

• Defining Authorizations for User to restrict the data in report.

  Hi Gurus,
  I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
  Ex.
  i have functinal location info object checked as authorization relavent with below data.
  FL001
  FL002
  FL003
  FL004
  FL005
  FL006
  FL007
  FL008
  FL009
  We have users like below.
  User1
  User2
  User3
  Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
  If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
  So, Please help me providing the completed steps. I have done somting but failed.
  Thanks in advance
  Peter.

  Hello Peter,
  Please go through the following links
  Authorization :
  http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  SAP Authorization Concept :
  http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
  Thanks.
  With regrads,
  Anand Kumar

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Authorization for User to Jump the Query

  Hi,
  The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
  I need to give the proper authorization to user1 same like user2.
  How can I solve this issue.
  Thanks in advance.
  Regards,
  Ravi Sankar

  I dont understand what you mean with "(log is able to generate for this user in RSSM)"
  In RSSM you can create authorization objects....
  If you want to give some authorizations for  a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
  The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
  I hope this helps
  Regards

• Checking authorization of user status

  Hej there!
  In our CRM-system I would like to check whether a user has authorization to set a particular user status in a servicecontract.
  I know it is possible to check whether a user is authorised for a status scheme via object S_USERSTAT, but I can't find an authorization object which checks on a particular value within the status scheme.
  Is it possible to make such a check via an authorization object or BADI or ....???
  Regards,
  Henry Helderop

  Hi Henry,
  I have no access to a CRM system.
  In other systems like R/3 or APO user status are handled with object B_USERSTAT or B_USERST_T.
  There you can check on values for
  o activity
  o authorization key
  o object type
  o status profile
  maybe this is the way to restrict the access to service contracts.
  Regards
  Ferdi

• Authorizations for users to change their own data

  Hi
  All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
  We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
  How to design role which should apply to all user requirements and they should get their Personnel no by default
  Kind Regards
  Vinod

  Hi,
     For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
  (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
  1. Authorization level:  *               
  2. Interpretation of assignment
     User - personnel no:  I  
  3. Infotype           :  0002
  4. Subtype            :  *
  A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96