Configuring IDM menus for different roles for same user?
Looking forward to Sun IDM 8.x and Sun Role Manager 4.1 installation. Couple of points before the decision are -
1. If a user A has two roles R1 and R2 (for Sun IDM) then how does Sun IDM decide how the IDM console should appear (menus etc.) to the user based on whether he's logging in with Role R1 or R2? The login screen doesn't contain any input entry for choosing the role with which to log-in. With that in mind, is it even possible to have multiple roles for same login id? Or does the user have to maintain two seperate login identities?
2. Same question for Role Manager
3. Does Sun Role Manager 4.1 provide Roles merging feature?
Thanks,
AG
IDM combines the two roles. So if a user has the two roles and role R1 grants access to menu items 1,2,3 and role R2 grants access to menu items 3,4,5, the user will have access to menu items 1,2,3,4,5. If you want to separate these two roles, you will need two different login users - but what exactly are you trying to achieve there?
Can't help you with Role Manager, sorry.
Similar Messages
-
Need help in setting up Group Policy for same user in local system and Terminal server
Hi All,
Currently our remote users are using our network using VPN client over internet.
They are generally at their home computer and doing VPN as they have to work only in one RDP server for application.
We actually have a OU created for these RDP users and assign then some strict policy like they can not use any other .exe,they can not user any explorer ,they can not even use windows explorer when they are on RDP they just use one exe of their application.
Now what my management want is they want their home computers in Domain and want them to login via their same credentials they are using for RDP but they don't want them to restrict in their home computers with any strict policy.
Now my confusion is how can I configure different policies for same users or same OU.
Can any one guide me please...you can achieve this fairly easily with group policy.
create an OU and put your remote desktop servers in that OU.
configure both user and computer policies in a group policy and link it to that ou.
you need to enable loopback mode - you may want it in merge or replace depending on your other policies you have. Probably replace though I would guess. this is set in the computer configuration > admin templates > system / group policy section.
now remove the policy you have currently setup for your users on the users OU containing the rdp users. If you want you can move these users back to your main users OU.
when your users login to the RDP server the settings in the user section of the GPO linked to the RDP Servers OU will apply.
when the user logs in to their own computer the policies from the user OU and computer OU will apply - but not the more restrictive RDP OU.
hope that makes sense.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn: -
Hi,
I've created a third product level called "partner" other than the two that come as standard.
I'm running through the process of taking an existing user from the starter product to the partner product, and am subscribing the user to partner before removing the starter subscription. There seems no problem with a user having both a starter and unlimited
subscription, but am getting the following error when subscribing to partner.
"Subscriptions limit reached for same user"
This is using a subscriptions put. The same code works fine when upgrading to unlimited.
What can cause this?
AndyHi Miao,
The function to promote someone to partner is:
public async Task<ActionResult> ToPartner(string id)
//add partner subscription
var prodId = await APIMHandler.GetProductIdFromName("Partner");
var subscriptionId = Guid.NewGuid().ToString();
//set apim role to partner
var partnerId = (await APIMHandler.GetGroups()).First(a => a.name == "Partners").id;
await APIMHandler.AddUserToGroup(id, partnerId);
if (await APIMHandler.SubscribeToProduct(subscriptionId, id, prodId))
//disable starter subscription
await ApimDelegationController.HandleFreeSubscriptionRemoval(id);
//set local role to partner
await UserManager.AddToRoleAsync(id, "Partners");
return RedirectToAction("Index");
Where subscribetoproduct is:
public static async Task<bool> SubscribeToProduct(string subscriptionId, string UserId, string productId)
//The REST API and the delegation are inconsistent in how they represent ids.
if (!UserId.StartsWith("/users/"))
UserId = "/users/" + UserId;
if (!productId.StartsWith("/products/"))
productId = "/products/" + productId;
var client = new HttpClient();
client.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", "SharedAccessSignature " + CalculateAcessToken(ApimIdentifier, ApimPrimaryKey));
var uri = ApimBaseUrl + "subscriptions/" + subscriptionId.ToString() + "?api-version=" + ApiVersion;
var response = await client.PutAsJsonAsync(uri, new { userId = UserId, productId = productId, state = "active" });
if (response.StatusCode == System.Net.HttpStatusCode.Created)
return true;
if (response.StatusCode == System.Net.HttpStatusCode.Conflict)
var error = await response.Content.ReadAsStringAsync();
return false;
if (response.StatusCode == System.Net.HttpStatusCode.BadRequest)
var error = await response.Content.ReadAsStringAsync();
return false;
var errorf = await response.Content.ReadAsStringAsync();
throw new Exception(string.Format("Error in SubscribeToProduct: return status {0}. Content: {1}", response.StatusCode.ToString(), errorf));
The status code is "BadRequest" and the error provided earler is returned.
So at this time the user is added to the "partners" group, but I can't subscribe them to the Partner subscription, which is accessible to members of the partner group.
Andy -
Trusted RFC not working for different user , working for same user
Dear All,
I have two SAP system - One Solman (7.0) and another ECC 6.0 (SR3) on HPUX box with Oracle DB (Unicode).
I want to establish Trust relationship between these system.
I have configured the same, as per the following link:
http://help.sap.com/saphelp_nw04/helpdata/en/8b/0010519daef443ab06d38d7ade26f4/content.htm
and note 128447.
My requirement is one user X in solman client 001,
will execute some test plan (Tcode stwb_2) which will take the control to ECC 6.0 client 200, execute the tcode as user Y and come back in Solman again.
The user X (SAP_ALL) exists in Solman - client 001 and user Y (SAP_ALL) exists in ECC 6.0 - client 200.
In ECC 6.0 client 200, I have created a role ZRFCACL with the following and assigned to the user Y (as per the above help / note):
Role : ZRFCACL
Auth. Obj: S_RFCACL
Value assigned to fields are:
RFC_SYSID : SOL
RFC_CLIENT: 001
RFC_USER : X
RFC_EQUSER: N
RFC_TCODE : *
RFC_INFO : *
ACTVT : 16
Whenever the user X is trying to execute the test from solman, he is getting the error : "No authorization to log on as trusted system (RC = 0)"
Each time the user is trying the above, in ECC 6.0, the following dump is occuring:
CALL_FUNCTION_SINGLE_LOGIN_REJ under username SAPSYS
I have assigned the role ZRFCACL to user X in Solman also.
Next, I have performed the following check:
created one user M in both system
created the role ZRFCACL2 in ECC 6.0 client 200 as follows and assigned the role to user M:
Role : ZRFCACL2
Auth. Obj: S_RFCACL
Value assigned to fields are:
RFC_SYSID : SOL
RFC_CLIENT: 001
RFC_USER : ''
RFC_EQUSER: Y
RFC_TCODE : *
RFC_INFO : *
ACTVT : 16
Assigned SAP_ALL to user M in both system (So the user M in Solman does not have ZRFCACL2).
This time, the trust relationship worked and no dump got generated.
I have also checked the thread Trusted RFC do not work
but unable to resolve the issue.
Any suggestion where the things are going wrong in this / what else I need to check or this is not possible at all?
Thanks in advance for your help.
SudipHi Valdecir,
Thanks for the reply. I am providing the detail of the generated dump below:
Please check in case any clue is there.
Runtime Errors CALL_FUNCTION_SINGLE_LOGIN_REJ
Date and Time 12.08.2008 18:59:32
Short text
No authorization to logon as trusted system (Trusted RC=0).
What happened?
Error in the ABAP Application Program
The current ABAP program "SAPMSSY1" had to be terminated because it has
come across a statement that unfortunately cannot be executed.
What can you do?
Note down which actions and inputs caused the error.
To process the problem further, contact you SAP system
administrator.
Using Transaction ST22 for ABAP Dump Analysis, you can look
at and manage termination messages, and you can also
keep them for a long time.
Error analysis
An RFC call (Remote Function Call) was sent with the invalid user ID "98819 "
. Or the calling system is not registered as trusted system in the
target system.
How to correct the error
The error code of the trusted system was 0.
Meaning:
0 Correct logon as trusted system mode
1 No trusted system entry for the calling system "SOL " or the
security key entry for the system "SOL " is invalid
2 User "98819 " does not have RFC authorization (authorization object
(S_RFCACL) for user "98819 " witl client 001.
3 The timestamp of the logon data is invalid
The error code of the SAP logon procedure was 1.
Meaning:
0 Login was correct
1 Wrong password or invalid user ID
2 Locked user
3 Too many attempted logons
5 Error in the authorization buffer (internal error)
6 No external user check
7 Invalid user type
System environment
SAP-Release 700
Application server... "gcbeccd"
Network address...... "10.10.4.158"
Operating system..... "HP-UX"
Release.............. "B.11.23"
Hardware type........ "ia64"
Character length.... 16 Bits
Pointer length....... 64 Bits
Work process number.. 1
Shortdump setting.... "full"
Database server... "gcbeccd"
Database type..... "ORACLE"
Database name..... "RD3"
Database user ID.. "SAPSR3"
Char.set.... "C"
SAP kernel....... 700
created (date)... "Apr 5 2008 00:55:24"
create on........ "HP-UX B.11.23 U ia64"
Database version. "OCI_102 (10.2.0.1.0) "
Patch level. 146
Patch text.. " "
Database............. "ORACLE 9.2.0.., ORACLE 10.1.0.., ORACLE 10.2.0.."
SAP database version. 700
Operating system..... "HP-UX B.11"
Memory consumption
Roll.... 16192
EM...... 4189840
Heap.... 0
Page.... 0
MM Used. 1194640
MM Free. 2992576
User and Transaction
Client.............. 000
User................ "SAPSYS"
Language Key........ "E"
Transaction......... " "
Transactions ID..... "489F2BD6C36D0F12E10000000A0A049E"
Program............. "SAPMSSY1"
Screen.............. "SAPMSSY1 3004"
Screen Line......... 2
Information on caller of Remote Function Call (RFC):
System.............. "SOL"
Database Release.... 700
Kernel Release...... 700
Connection Type..... 3 (2=R/2, 3=ABAP System, E=Ext., R=Reg. Ext.)
Call Type........... "synchron and non-transactional (emode 0, imode 0)"
Inbound TID.........." "
Inbound Queue Name..." "
Outbound TID........." "
Outbound Queue Name.." "
Client.............. 001
User................ 98819
Transaction......... "SMSY"
Call Program........."SAPLSRTT"
Function Module..... "SCCR_GET_RELEASE_NR"
Call Destination.... "SM_RD3CLNT200_TRUSTED"
Source Server....... "gcbsolm_SOL_00"
Source IP Address... "10.10.4.206"
Additional information on RFC logon:
Trusted Relationship "X"
Logon Return Code... 1
Trusted Return Code. 0
Note: For releases < 4.0, information on the RFC caller are often
only partially available.
Information on where terminated
Termination occurred in the ABAP program "SAPMSSY1" - in
"REMOTE_FUNCTION_CALL".
The main program was "SAPMSSY1 ".
In the source code you have the termination point in line 67
of the (Include) program "SAPMSSY1".
Source Code Extract
Line
SourceCde
37
endmodule.
38
39
module %_rfcdia_call output.
40
"Do not display screen !
41
call 'DY_INVISIBLE_SCREEN'.
42
perform remote_function_diacall.
43
endmodule.
44
45
module %_cpic_start.
46
if sy-xprog(4) = '%RFC'.
47
perform remote_function_call using rfctype_external_cpic.
48
else.
49
call 'APPC_HD' id 'HEADER' field header id 'CONVID' field convid.
50
perform cpic_call using convid.
51
endif.
52
endmodule.
53
54
55
form cpic_call using convid type c.
56
communication send id convid buffer header.
57
if sy-subrc eq 0.
58
perform (sy-xform) in program (sy-xprog).
59
else.
60
message a800.
61
endif.
62
endform.
63
64
form remote_function_call using value(type).
65
data rc type i value 0.
66
do.
>>>>>
call 'RfcImport' id 'Type' field type.
68
if sy-xprog = 'JAVA'.
69
system-call plugin
70
id 'JAVA' value 'FORW_JAVA'
71
id 'RC' value rc.
72
if there is no rollout on the JAVA side which
73
rolls both, JAVA and ABAP, we return to the
74
C-Stack and reach this point
75
76
in case there was an rollout, the ABAP-C stack is lost
77
and we jump direkt to this point
78
79
here we trigger the rollout on this Abap side with
80
the following statement
81
system-call plugin
82
id 'JAVA' value 'ROLL_OUT'
83
id 'RC' value rc.
84
else.
85
perform (sy-xform) in program (sy-xprog).
86
rsyn >scont sysc 00011111 0.
Contents of system fields
Name
Val.
SY-SUBRC
0
SY-INDEX
1
SY-TABIX
0
SY-DBCNT
1
SY-FDPOS
0
SY-LSIND
0
SY-PAGNO
0
SY-LINNO
1
SY-COLNO
1
SY-PFKEY
SY-UCOMM
SY-TITLE
CPIC and RFC Control
SY-MSGTY
SY-MSGID
SY-MSGNO
000
SY-MSGV1
SY-MSGV2
SY-MSGV3
SY-MSGV4
SY-MODNO
0
SY-DATUM
20080812
SY-UZEIT
185932
SY-XPROG
SAPRFCSL
SY-XFORM
READ_SINGLE_LOGIN_DATA
Active Calls/Events
No. Ty. Program Include Line
Name
2 FORM SAPMSSY1 SAPMSSY1 67
REMOTE_FUNCTION_CALL
1 MODULE (PBO) SAPMSSY1 SAPMSSY1 30
%_RFC_START
Chosen variables
Name
Val.
No. 2 Ty. FORM
Name REMOTE_FUNCTION_CALL
%_DUMMY$$
0000
0000
2222
0000
SY-REPID
SAPMSSY1
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5454555322222222222222222222222222222222
310D339100000000000000000000000000000000
SYST-REPID
SAPMSSY1
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5454555322222222222222222222222222222222
310D339100000000000000000000000000000000
HEADER
000000000000
000000000000
TYPE
3
0000
0003
SY-XPROG
SAPRFCSL
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
5455445422222222222222222222222222222222
3102633C00000000000000000000000000000000
%_ARCHIVE
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
RC
0
0000
0000
SY-XFORM
READ_SINGLE_LOGIN_DATA
000000000000000000000000000000
000000000000000000000000000000
544455444445444445445422222222
2514F39E7C5FCF79EF414100000000
%_SPACE
0
0
2
0
No. 1 Ty. MODULE (PBO)
Name %_RFC_START
%_PRINT
000 0###
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2222333222222222222222222222222222222222222222222222222222222222222222222222222222222222223000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
RFCTYPE_INTERNAL
3
0000
0003
Internal notes
The termination was triggered in function "ab_xsignon"
of the SAP kernel, in line 2491 of the module
"//bas/700_REL/src/krn/rfc/absignon.c#9".
The internal operation just processed is "CALY".
Internal mode was started at 20080812185932.
Calling system.....: "SOL "
Caller.............: "98819 "
Calling client.....: 001
RFC user ID........: "98819 "
RFC client.........: 200
Trusted return code: 0
Logon return code..: 1
Transaction code...: "SMSY "
Active state.......: "-782823270"
Note: At releases < 4.0, the information for the caller is not
available.
Active Calls in SAP Kernel
Lines of C Stack in Kernel (Structure Differs on Each Platform)
(0) 0x4000000003b2b450 CTrcStack + 0x1b0 at dptstack.c:227 [dw.sapRD3_DVEBMGS00]
(1) 0x4000000004d2c470 Z16rabaxCStackSavev + 0x1d0 [dw.sapRD3_DVEBMGS00]
(2) 0x4000000004d32160 ab_rabax + 0x3570 [dw.sapRD3_DVEBMGS00]
(3) 0x4000000002b43cb0 SignOnDumpInfo + 0x280 at absignon.c:2491 [dw.sapRD3_DVEBMGS00]
(4) 0x4000000002b3f2f0 ab_xsignon + 0xb30 at absignon.c:876 [dw.sapRD3_DVEBMGS00]
(5) 0x4000000002aa4cb0 ab_rfcimport + 0x1ad0 at abrfcfun.c:3599 [dw.sapRD3_DVEBMGS00]
(6) 0x40000000040f4a80 Z8abjcalyv + 0x500 [dw.sapRD3_DVEBMGS00]
(7) 0x400000000402f190 Z8abextriv + 0x440 [dw.sapRD3_DVEBMGS00]
(8) 0x4000000003f538b0 Z9abxeventPKt + 0xb0 at abrunt1.c:281 [dw.sapRD3_DVEBMGS00]
(9) 0x4000000003f360a0 ab_dstep + 0x280 [dw.sapRD3_DVEBMGS00]
(10) 0x4000000001cb4600 dynpmcal + 0x900 at dymainstp.c:2399 [dw.sapRD3_DVEBMGS00]
(11) 0x4000000001cab0e0 dynppbo0 + 0x280 at dymainstp.c:540 [dw.sapRD3_DVEBMGS00]
(12) 0x4000000001cb1ec0 dynprctl + 0x340 at dymainstp.c:358 [dw.sapRD3_DVEBMGS00]
(13) 0x4000000001c9dff0 dynpen00 + 0xac0 at dymain.c:1628 [dw.sapRD3_DVEBMGS00]
(14) 0x4000000001fea460 Thdynpen00 + 0x510 at thxxhead.c:4830 [dw.sapRD3_DVEBMGS00]
(15) 0x4000000001fb4de0 TskhLoop + 0x4e20 at thxxhead.c:4518 [dw.sapRD3_DVEBMGS00]
(16) 0x4000000001faae40 ThStart + 0x460 at thxxhead.c:1164 [dw.sapRD3_DVEBMGS00]
(17) 0x4000000001569ec0 DpMain + 0x5f0 at dpxxdisp.c:1088 [dw.sapRD3_DVEBMGS00]
(18) 0x4000000002c10630 nlsui_main + 0x30 [dw.sapRD3_DVEBMGS00]
(19) 0x4000000002c105c0 main + 0x60 [dw.sapRD3_DVEBMGS00]
(20) 0xc00000000002be30 main_opd_entry + 0x50 [/usr/lib/hpux64/dld.so]
List of ABAP programs affected
Index
Typ
Program
Group
Date
Time
Size
Lang.
0
Prg
SAPMSSY1
0
11.04.2005
09:27:15
22528
E
1
Prg
SAPLSCCA
1
05.07.2005
13:10:18
52224
E
2
Prg
SAPRFCSL
0
13.02.2005
17:31:45
17408
E
3
Typ
RFCSYSACL
0
13.02.2005
17:31:45
7168
4
Typ
SYST
0
09.09.2004
14:18:12
31744
Directory of Application Tables
Name Date Time Lngth
Val.
Program SAPMSSY1
SYST . . : : 00004612
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x0001\0\0\0
Program SAPRFCSL
RFCSYSACL . . : : 00001760
SOL RD3
ABAP Control Blocks (CONT)
Index
Name
Fl
PAR0
PAR1
PAR2
PAR3
PAR4
PAR5
PAR6
Source Code
Line
116
CLEA
00
0035
SAPMSSY1
60
117
CLEA
00
0036
SAPMSSY1
60
118
CLEA
00
0037
SAPMSSY1
60
119
MESS
00
001C
SAPMSSY1
60
120
ENDF
00
0000
SAPMSSY1
62
121
00
0000
SAPMSSY1
62
122
PERP
00
0001
SAPMSSY1
64
123
PERP
02
0000
SAPMSSY1
64
124
WHIL
00
0002
0000
0000
0000
0000
0000
0000
SAPMSSY1
66
128
WHIL
00
0003
0000
0000
0000
0000
0000
0000
SAPMSSY1
66
132
BRAN
05
001E
SAPMSSY1
66
133
CALY
00
0003
0038
002A
0005
002B
0000
0000
SAPMSSY1
67
>>>>>
CALY
02
0000
0039
8000
0000
0000
0000
0000
SAPMSSY1
67
141
COMP
00
0002
0010
003A
SAPMSSY1
68
143
BRAF
02
000E
SAPMSSY1
68
144
SRFC
01
0000
003A
003B
SAPMSSY1
69
146
SRFC
01
0000
003C
C000
SAPMSSY1
69
148
SRFC
02
0000
0000
0000
SAPMSSY1
69
150
SRFC
01
0000
003A
003D
SAPMSSY1
81
152
SRFC
01
0000
003C
C000
SAPMSSY1
81
Thanks & Regards
Sudip -
Can Exchange have 2 different mailboxes for same user
hey guys,
I need to know whether Exchange 2010/2013 can have two mailboxes for the same user e.g.
1st mailbox is configured to send and receive emails for: xxxxpride.co.ke and
2nd mailbox is configured to send and receive emails for: xxxxsolutions.co.ke
is this possible? if not how should i go about this scenario?
will it mean I have to run two different exchange and AD servers which will have a different public IP?No you can not have 2 mailbox for one user. Because, mailbox is associated with AD account and you need authentication to send emails.
In this case you can do following
1. Create a different user account with 2nd email address and Forward that 2nd email to first one. So User is reading 2 email in one mailbox. TO send email from 2nd mailbox assign the send as permission to first account.
2. Add the Alias email address in your first mailbox. (By doing so) User will recieve the emails for both address but cant send from 2nd email address.
You can have multiple domains configured to recive and send emails in one exchange server.Yes certainly
we can create multiple recipient for multiple domains.. Under authoritative domains section of hub transport. External Relay and Internal relay and authoritative domains can be created. you can create email address policies for each domain as well. See the
link below to understand more.
http://technet.microsoft.com/en-us/library/aa996314%28v=exchg.150%29.aspx
UMESH DEUJA MCP,MCTS,MCSA,CCNA -
EP: Does it support diff content for same user (Intranet vs internet)....
Hi,
Can a user say "abc" can have different content displayed while he logins from Internet or intranet.
I am trying to find an answer to above question:
We want to have one single production portal and this portal will be behind the outer firewall, DMZ and
If one user "abc" when trying to login from internet, he can access only the vendor information of the company and when the same user "abc" login from intranet, he can access both vendor information and HR information.
My research so far:
help.sap.com &
The SDN topic:
Landscape with two Production Portals., was intresting and informative.
In the link below, the slide 17, describes for the two different users can have two diff content.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/7c3ba590-0201-0010-f4b1-953e107b9b57
The multitenant EP was intresting, got an impression, it supports for different ABAP clients. question, Can Multi tenant portal implemented for same ABAP client and have the user abc have different content coming from the internet vs intranet?
Based on Note 863837, multi tenant portal capabilities will removed from nw04s SP08, any idea what this note talking about
Second question: Planning to install Apache in DMZ. Does Apache installation is supported on the Virtual machine.
Any leads or answers are well appreciated and will be rewarded.Holger,
Thanks for the reply, that was useful.
I posted this message in service markeplace, and got a reply from SAP, and they do not have out of box solution. Since the project is on aggressive schedule, may be this issue, which involves lot of devlopment needs to tackle in next proect cycle.
Qustion regarding the Apache was also resolved. Reply from SAP is posted below.
Thanks,
Durga
HI Mr Durga,
Can a user say "abc" can have different content displayed while he
logins from Internet or intranet.
This feature is not provided with the standard Delivered NWO4 suite.
I would ask you to take this query in the sdn forum,as these type of
questions are answered by SAP consulting guys.
As far as multitenant EP is concerned,
Based on ramp-up experience and customer feedback, SAP has decided to
not release the IT scenario variant "Implementing a Multitenant Portal"
for general availability after SAP NetWeaver 2004s ramp-up.
Refer to the documentation link
http://help.sap.com/saphelp_nw2004s/helpdata/en/44/
615ad7dfeb4688e10000000a11466f/frameset.htm
Second question:
Does Apache installation is supported on the Virtual machine.
Installation of Apache as DMZ is not Recommended by SAP.
SAP Recommends SAP Web Dispacher.
But SAP supports to a certain extend,if the client is using Apache.
Please refer to the attached Note
Note 480520 Integration of SAP J2EE Engine 6.20 / 6.40 with Apache -
Authorization sales documents varrying per transaction for same user.
Dear Gurus,
I have a query in defining the transaction authorizations for a user on the transaction level.
Requirement is as follows.
I want to give the transaction code VA01 to a user to create 2 sales orders say OR, RE so while authorizing document types i will allow both the document types only to that user to create.
But at the same time for the same user i want to allow the transaction code VA02 also with some more document types say OR, RE, CR, FD. means I want to allow the change mode of 4 documents but 2 documents for create transaction.
there fore the user can never create the CR and FD sales order but can make changes for all 4 documents OR, RE, CR and FD.
Please tell me while defining the role and authorizations for a user how can I fulfill the above requirement?
Anyhow I have to fulfill the above requirement. So Please suggest me all the possible solutions. by any possible way to complete the authorization.
Please reply me soon guurs.
regards,
SanjayHi Sanjay
As you are asking for all possible way I am suggesting you two ways:
1. Take help of BASIS team
2. Use user exits: Create a Z table for all the users you want such authorization and code the following code in user exit USEREXIT_SALESORDER_SAVE under MV45AFZZ.
Z table structure:
1. User id
2. Tcode
3. Order type
Code for user exit:
If tcode = VA01 and ordertype = OR, RE.
Check Z table.
If entry not found.
Exit without saving.
end if
endif.
If tcode = VA02 and ordertype = OR, RE,CR, FD.
Check Z table.
If entry not found.
Exit without saving.
end if
endif.
try and revert -
How do I configure a proxy for all users via GPO on Server 2012 R2?
I would like to configure a proxy that applies to all users that log into our server running Server 2012 R2. I can manually set up the proxy (on an individual account basis) via Internet Options in Control Panel but this proxy needs to be configured for
all users. Is it possible to do this in Group Policy Management for Server 2012 R2?
Thank you
Silas Horton> Have you checked *User configuration\Policies\Windows Settings\Internet
> Explorer Maintenance\Connection\Proxy Settings *in group policy?
He cannot check this because it is't available anymore starting with
Server 2012/Windows 8/IE 10...
> Hope it helps.
No, it doesn't :)
Better check User configuration - Preferences - Control Panel Settings -
Internet Settings
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
I have created a java app and deployed in ToolsAndFramework of endeca and since that app can be accessed through a directl url so want to implement an security filter which will use the same user validation as is used in experience manager.
Sorry to hear that, but this forum is for us, users, and what you need is someone from Xperia Care to find your motherboard and send it back, I don't think it'll be possible to retrieve any data from a broken motherboard.
"I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994) -
Assigning different authorization to same user based on Query
Hi experts,
I am redefining my issue,
Is there any way i can assign different authorizations to the same user but based on either Query/Workbook.
lets say i have two Analysis authorizations A & B and two Queries X and Y.
If the Query/Workbook is X then Add Authorization A to user ABC.
else if the Query/Workbook is Y then Add authorization B to user ABC.
this is because i have two set of workbooks the same user can access and authorization for these two set is different based on the workbook.
I tried using the auth objects 0TCTWORKBK,0TCTQUERID OR 0TCTQUERY but no success so far.
thank in advance.
Edited by: youmenbi on Feb 12, 2008 1:20 AM
Edited by: youmenbi on Feb 12, 2008 1:31 AMHi
We have set same kind of authorizations based on the users. The Cost Center Manager is assigned a role and the authorizations for each of the Report/Layout/Workbook is based on his/her profile...some are Read only, some or Read & Write...etc.
If you go through that route......and assign each of the Reports/Layouts/Workbooks to Users....you may succeed.
I know it is a bit time consuming but that is one alternative we could think of as it addressed seamlessly any changes in CC Managers.
Regards
Srinivas -
Short Name for same user results in different service authorization
New to Mac Server. Not new to Unix, command line, or sys admin.
I have a Mini Server, with two users; me and my wife.
Both Accounts have two short names each: Initals+Lastname, and First Name only
With iChat on the server, my account can login using both short names.
Her account can only login to iChat using the Initals+Lastname, not First Name.
Actually her account can log in to iChat using any variation of short names (I've added extra ones), but not the short name of just her first name.
Both users have identical permissions everywhere I can see, both are authorized for iChat.
The short name works if I remove permissions on iChat (I don't want to do this)
Both users are OD users, not local. I only have an admin account for local access.
Here is a snippet of the Jabber log:
jabberd/c2s[40845]: [11] SASL authentication succeeded: mechanism=DIGEST-MD5; authzid=[email protected], TLS negotiated
jabberd/c2s[40845]: odauth_check_servicemembership: checking user "kaarinas" access for service "chat"
jabberd/c2s[40845]: odauth_check_servicemembership: mbrcheck_servicemembership returned 0
jabberd/c2s[40845]: odauth_check_servicemembership: user "kaarinas" is authorized to access service "chat"
jabberd/c2s[40845]: [11] SASL authentication succeeded: mechanism=DIGEST-MD5; authzid=[email protected], TLS negotiated
jabberd/c2s[40845]: odauth_check_servicemembership: checking user "kaarina" access for service "chat"
jabberd/c2s[40845]: odauth_check_servicemembership: mbrcheck_servicemembership returned 0
jabberd/c2s[40845]: odauth_check_servicemembership: user "kaarina" is not authorized to access service "chat"
I'm stumped as to why one short name would work, the other not. Looking for hints on how to hunt down and solve the problem.This isn't working for me. There was never a local "intern2" account, but I deleted the one in the ldap anyway, made and removed the local intern2 account. I then remade the intern2 account in the ldap directory(which increased the uid), rebooted the server, and the error remains the same as what you report.
Jun 8 13:36:00 server jabberd/c2s[212]: od_auth_check_service_membership: user "intern2" is not authorized to access service "chat"
There are 12 other accounts connected just fine. The issue is with this new intern account only.
Server 10.6.6. -
Frontier is a telco that has changed to Yahoo mail recently.
Thunderbird on Ubuntu 14 LTS behaves somewhat differently than on a Windows machine; I can open Account Settings and will see 2 duplicate account entries in the left panel, but when I clcik on either accounts Server Settings, I only get a blocking message that says "Account Name in Use. Please enter a different account name." I'm unable to determine which is imap or pop, or delete anything...
Thanks for any help in advance!Update to my original discussion:
If the problem persists, rinse & repeat steps from the original post.
Alternate Solution: If problem still persists and your imap email is not syncing correctly, call customer support of your email provider (in my case it was GoDaddy). Tell them the problem and ask them to do a "ReSync". Make sure your imap email account is set up on your iPhone before they perform the resync. I tried this and its been a week since I had any problems. If you're lucky this could fix other problems that are not listed in this discussion thread.
Good luck & Cheers. -
Where can I find details on how to globally configure FireFox 10 for networked users
I am trying to set configuration options in Windows7-32 and Firefox-10. I am having some troubles, and cannot seem to locate configuration details for the latest version of Firefox. Particularly in regards to where the configuration files are stored, and the options for modifying behavior for AllUsers.
salwolfe wrote:
Until recently, I was able to watch both SnagFilms and Hulu within the Safari Browser successfully. In both movie sites, I no longer get video and am asked to download Adobe Flash Player (which I already have 14.0.0.125) but my system indicates that Plug-In PPADI has not been installed?...
The problem is that your Flash Player is not current. Check this to see what the current version is (vs what you have) and here to get the latest version. There is supposed to be a major security issue in the version you've got so Apple is blocking its use. In any case, don't get Flash Player from anywhere except Adobe. -
We're on zcm 10.3.1. Our students need to log in to either class
computers or to a TS session. On the TS we need them with user rights,
and on the class computers they get administrator rights.
We set up 2 dlu's. Both are associated with the users (relationship
tab). One has the TS exluded and all class computers included (details
tab) with admin rights for the students.
The other policy has the TS included, all other pc's exluded and with
user rights.
When both of these dlu's are enabled the newest one wins. Obviously,
this is not what we look for.
Is this by design? Are we missing anything?
Thanks,
Limor Kosovsky
The Hebrew University of JerusalemLimor,
Create first policy (for example for classes), configure it as you want.
copy it to the second one (TS), make changes according to your needs (in my case i did not touch the "relationship tab" and the "Login Restrictions" tab in the "details").
in "System Requirements" for classes add filter that include/exclude computers.
in "System Requirements" for TS add filter that include/exclude computers.
of course each computer should be included in one filter and excluded in another. -
Duplicate User Folder, Application Folder, Library, etc, etc for same user
I just ran Omnidisksweeper and my Volumes folder is the largest with my active drive in it with my Users folders (9.6 gb), Desktop, Library, Applications, System. usr,etc. Below it in the hierarchy is Users (14.gb) with Desktop, Library, Applications, System. usr,etc. My computer is really hanging and I don't have my Snow Leopard start disk to rebuild. Even when I get it I don't know which User Folder to keep. I can find the 14.0 user folder which is my home folder but I can't locate the 9.6 gig User folder. Any ideas.
Well if rebecca doesn't show up in the accounts it must have come from some old update or somewhere. In that case then, yes, you could just trash it. But I suggest you do it this way in terminal (cut/paste):
sudo rm -rf /Users/rebecca
The sudo will cause a prompt for your admin password. The rm will delete the folder and there is not turning back one you do this. This is faster than throwing stuff in the trash and avoids permissions problems too.
Just in case though I would suggest you backup your drive before attempting this.
Maybe you are looking for
-
Sending Production orders via Idoc to external system
Hello, I want to generate an Idoc for a production order when releasing or saving it. Is there an output control where I define the message link the purchase order? Thanks!!
-
LR 2.2/2.3 errors out after every 15-20 image imports
I've seen several topics in the forums discussing errors when exporting images out of LR but I have been experiencing issues during the import process. I was running LR 2.2 on Mac OS 10.5.6 without any issues. When 2.3RC was released, I addded it on
-
Turning off photo stream or lock it out..
I recall in previous version of the Apple TV software you need to sign in to iCloud/.Me to share and see photos through Apple TV. That's no longer the case it just lets you in without asking for a password even when signing out. Something of a privac
-
I need to update my iTunes and iPod touch,iPad and iPhone but they were set up with a hp laptop that i sold i tried to update my iTunes and apple devices but it tell's me if i update i will lose all media on my devices and to update with the original
-
HostXYZ.cacheserver - Crystal Reports Cache Server: Failed to start/stop
Hi, We are unable to open any of the BO Crystal Reports through our 'Clarity PPM Web Application'.When we logged on to the BO CMC portal in the production environment, In the 'Servers' section, we could see the 'HostXYZ.cacheserver in 'Stopped' sta