ECATT Test user roles (authorization check)

Dear all,
I want to test the authorizations on a SAP transaction using eCATT.
I have defined some generic users with specific roles and I want to "automatisate" the test with eCATT.
Is it possible to re-execute te transaction with different users within the same eCATT execution ?
Nicolas

Hi Nicolas!
At least not in a direct way (there is no call ... with user x).
But maybe you can work with several logical systems. You can run the eCATT remote - also on the same system (usually for different clients). When you use your generic users to log in automatically, then the execution will be done by the generic user.
It's easy to run the whole eCATT remote, but there has to be a possibility to run single steps remotely - that's for scenarios to follow a process with messages to other systems (e.g. ordering).
Regards,
Christian

Similar Messages

Check user role/authorization during Web report run-time?

Hello again,
I ran into a problem. I need to check <b>user's authorization during webtemplate execution (run-time)</b>. I want to have a possibility to allow in one web template extra functionality (through template menu) to key users. Normal users, who are running same report, should not have this extra menu visible.
Is it possible to check user authorizations or roles during web-template run-time?
Thank you!
Vitaliy

Hi Harinam,
From my logic your are right.
The restriction is in two new roles (Requestor and Approver role).
But ->
If I assign my approver role the selection possiblities of the request types during the AR creation is restricted and the AR search function does not work.
If I assign my requestor role the restriction of the request type is not there, but the AR search function works again. :-(
If I assign the original approver role of sap I have the same behavoiur for the AR search.
Both new roles are a 1:1 copy of the SAP standard roles - > Exception, ristriction on request type 'Execption Approval' is not displ.
I have execute ST01 now. If I try to open the log, the system syst "No records that correspond to these search criteria".
But I have found something else.
The problem appears only if I search for Process ID "Access Request Approval Workflow".
If I select other Process ID such as "Control Assignment Approval Workflow" or "Fire Fighter Log Report Review Workflow", everything works fine.
Very strange!
BR
Melanie

User Roles & Authorization to run 'WebDynpro ABAP Application scenarios'

Hi All,
I am developer and my user ID is having developer roles, so when i am testing
'WebDynpro ABAP Application scenarios' it is working fine.
Problem is when I am executing with enduser portal WWID's (i.e. WWID's are also defined as sap
user), 'WebDynpro ABAP Application scenarios' giving me dump in screen & in ST22.
Pls guide me what roles or authorization we need to assign to user ID's
who can use 'WebDynpro ABAP Application scenarios'.
URL for Webdynpro application is like : https://xxxx.yyyy.zzzz:/sap/bc/webdynpro/sap/ZPA_EXTENSION_U?ZDATA=10028705591320090406
ST22 Error when testing with portal WWID's
Runtime Errors         OBJECTS_OBJREF_NOT_ASSIGNED_NO
Exception              CX_SY_REF_IS_INITIAL
Short text
    Access via 'NULL' object reference not possible.
What happened?
    Error in the ABAP Application Program
    The current ABAP program "CL_WD_ADOBE_SERVICES==========CP" had to be
     terminated because it has
    come across a statement that unfortunately cannot be executed.
Error analysis
    An exception occurred that is explained in detail below.
    The exception, which is assigned to class 'CX_SY_REF_IS_INITIAL', was not
     caught in
    procedure "PARSE_XML_SCHEMA" "(METHOD)", nor was it propagated by a RAISING
     clause.
    Since the caller of the procedure could not have anticipated that the
    exception would occur, the current program is terminated.
    The reason for the exception is:
    You attempted to use a 'NULL' object reference (points to 'nothing')
    access a component.
    An object reference must point to an object (an instance of a class)
    before it can be used to access components.
    Either the reference was never set or it was set to 'NULL' using the
    CLEAR statement.
Explorer screen error
Error when processing your request
What has happened?
The URL https://xxxx.yyyy.zzzz:/sap/bc/webdynpro/sap/ZPA_EXTENSION_U/ was
not called due to an error.
Note
The following error text was processed in the system QJ1 : Access via 'NULL' object reference not
possible.
The error occurred on the application server sapqj1ci_QJ1_78 and in the work process 21 .
The termination type was: RABAX_STATE
The ABAP call stack was:
Method: PARSE_XML_SCHEMA of program CL_WD_ADOBE_SERVICES==========CP
Method: GET_SCHEMA_VERSION of program CL_WD_ADOBE_SERVICES==========CP
Method: CONSTRUCTOR of program CL_WD_ADOBE_SERVICES==========CP
Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/LADOBE==================CP
Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L8STANDARD==============CP
Method: IF_WDR_VIEW_ELEMENT_ADAPTER~SET_CONTENT of program /1WDA/L7STANDARD==============CP
Method: CONV_VIEW_INTO_VE_ADAPTER_TREE of program CL_WDR_INTERNAL_WINDOW_ADAPTERCP
Method: SET_CONTENT_BY_WINDOW of program CL_WDR_INTERNAL_WINDOW_ADAPTERCP
Thx

Please refer to thread [Authorization Error|WDA adobe error] where various solution to the problem specified by you are described.
Regards
Rohit Chowdhary
Edited by: Rohit Chowdhary on Apr 7, 2009 9:41 PM

Authorization object in procurement that checks user role

Hi Experts,
Please let me know if we have any standard authorization objects in the transactions PO or PR that checks the SAP User role. Authorization check can be done by sap role, we are not botherd checking on company code, purchase group and so on, Is there any standard procedure to find out that or any function module available to check that by passing user role. << removed >>
Cheers
Mohan
Edited by: Rob Burbank on Feb 19, 2010 12:24 PM

easiest way to find all authorization objects is to execute SU24.
There you enter the transaction code for which you want find the authorization objects.

How add Authorization check for user with assigened role for t.code-MIR4

Hi All,
Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4 using ABAP.
In Detail:2) All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
suggest me...
Thanks,
srii..

Hi Sri ,
first u need to find out in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
make use of Tcode SUIM to find out all roles which are using this Object.
or
ask ur basis guy to remove authorizations to create/change....
regards
Prabhu

Error :Authorization check for caller assignment to J2EE security role whil

Hi Experts,
i m working as a portal resource .
after the deployment of standered Sap e-rec package .
i m getting some error. i have assigned the recruiter role to one test user.
Now i m getting two issue:
1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
2) I m able to see few iview for the test user but those are also in detailed navigation view.
And few ivews are giving following error :
i)Internal error
ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
/System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
Full Message Text
ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
please suggest what can be done or what is pending from my side.

Prajakta2602 wrote:
Hi Experts,
>
> the previous issue got solved..
> it was due to servies pack miss match and applying notes
> the Basis guy checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
> notes 1445294 and 1175239 were applied.
> now the issue is:
>
>
> After implemetation and i assigning the standerd sap roles
> 1)Recruiter Administrator
> 2)Recruiter
> to the test user .
> but for few iview it is showing error as in
> 1) you are not a authorized user
> 2) internal error
>
> please help experts.
>
> i m working on portal side have i to assign any role to that test user..
>
>
> Thnaks & Regards,
> Prajakta
You can run a quick check using the below steps:
1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
Regards,
Mahesh

Document search error in webshop(Error in authorization check: user unknow)

Hi All
actually we have implemented the document search functionality in webshop to access all the documents in webshop who have created order in the webshop.
actually when i am logging into the portal with userid "skumar" after that there was role called "Document Search" when i click that document search role then the document search will be opened, based on the selections in the selection criteria then the documents will be displayed generally.
actually come to my error when i select in the selection criteria "order acknowledgement" and i select the one more column called "period" after that i click the search button then i am getting the error as follows.
<b>Error in authorization check: user unknown.</b>
Can you please help me where to check the authorizations in the system for accessing the documents.
Regards
Sunil

Hi Sunil generally this kind of error will occur when you choose acknoledgement
for Future Periods,eventhough input is past date if the same problem occurs you should check for Su05 Internet USer authoriasations
Reward if helpful
Venkat

How to determine role authorization of user in MAM?

Hi everyone,
I'm new to SAP and SAP MI, and I am currently implementing (or "enhancing") a MAM. I have the following question on user authorization:
In terms of role authorizations, does anyone know how I can determine what roles an authenticated user have from SAP? For example, if user A logs into the MI Client, and if this user accesses the MAM, is there a way for the MAM to know what kind of user roles he/she has? Is there a SyncBo that will give me such info? I checked the JavaDocs for the SyncBo's, but they have NO descriptions. The closest thing that I found was in MAM090 (Interface com.sap.mbs.mam.bo.MAM090). There are getter methods for getRoleGen(), getProfileResource(), and getPartnerRole(). Are any of these usable?
Are there any good documents that I can look at to determine what each SyncBo's does?
Many thanks!
Jeffrey

Hi Jeffrey!
Here are the 3 different checks you have to look at"Users & Authorizations" for setting up your MAM Users.
(1) SAP Backend:
(1a) The SAP MAM User who synchronizes with the Backend from the MI Client should have all necessary authorizations for Plant Maintenance Components of the SAP System that are associated with your MAM Scenarios.Pl refer to the following SAP Authorization Objects I_ALM_ME ,I_AUART,I_BEGRP,I_BETRVORG,I_CCM_ACT ,I_CCM_STRC,I_ILOA,I_INGRP,I_IWERK,I_KOSTL ,I_QMEL,I_ROUT ,I_ROUT1,I_SOGEN,I_SWERK,I_TCODE ,I_VORG_MEL,I_VORG_MP ,I_VORG_ORD,I_WPS_MEB ,I_WPS_REV in your Backend System and have it assigned to the User Profile, based on your requirement.
(1b) Service User for setting up the MAM & MI Landscape: This user logon info has to be setup in the RFC Destination that is associated with your MAM25 SyncBOs, to logon to the Backend System and this user should have the basic authorizations required to establish the connection.
(2) MI Middleware: The SAP MAM User who synchronizes with the Backend from the MI Client should have the following Authorization Objects assigned to his/her profile. S_ME_SYNC, S_RFC, S_TCODE.
(3) MI Client: Refer to MI Security Guide.Pl note that the MI Client MAM User is same as the Middleware User and the Backend User.You should be taking care of this already.This is just a FYI.
Let me know, if you are looking for any other additional info.
Thank You
Gisk

Authorizations for Profit center in a query for a TEST user

Dear SAP BI Gurus
I have a query which has to be tested by the different user based on the region & the profit center that they belong to in SAP BI 7.0
for this i have to create a user id for the test user under he/she should be able to view only his/her profit center data.
The following are the steps that i tried out.
1.created a role .
2. in the change role - authorization , i have added authorization object "ZPROFIT" to the RSR . & restricted the ZPROFIT for the given values of the profit centers.
3. Added this role to the User ID.
But still the user is able to view all the profit center in the query.
This is bugging me up.....
Can anyone help me out.
Best Regards,
Ramesh

Dear chetan/ravi
i did create all the authorization objects & filled in the values in them.
Also a authorization variable has been created in the Query.
But i dont know how this variable has to be linked to the Auth Objects in Rsecadmin.
Can you explain me the steps involved in it.
Best Regards,
Ramesh

Restricting the ATP user for GATP - corrrect roles/authorizations

Hi:
If the dialog user that is used for the ATP check (from ECC to GATP) has more authorizations than needed and this is going to be a problem in production. The user can run SCM transactions from the results screen of ECC and this is not desirable.
Therefore, the ATP user should be a restricted user that has only authorizations for this specific task. If you know what are the exact roles/authorizations to give to the ATP user, could you share them?
Thanks in advance.
Satish

For R/3 please check OSS Note 447543 - APO: Authorizations too comprehensive/not user-specific.
"If it is necessary to have different authorization profiles in APO for different R/3 users when calling in APO, the following solution applies:
Activate the setting in SM59 that is used for the RFC connection CURRENT USER.
In the APO system, create the respective users and assign authorization profiles. This is necessary in order to achieve the necessary flexibility concerning authorizations in the APO system."
For APO :
AuthorizationsObject   C_APO_ATP in APO .
please chose activity as per user role.
01       Create or generate
02       Change
03       Display
04       Print, edit message
06       Delete
16       Execute
39       Check
Manish
Edited by: Manish Kumar Rathi on Oct 21, 2008 1:24 PM

Checking user roles in FI Module

Hi,
Please let me know the points to be considered while checking the security and authorization in FI modules based on a user role.
Thanks,
Sridevi

Hi,
While defining the security roles, as a first step Composite roles, Single Roles are created. Transaction codes are attached to Single roles. A group of Single roles are attached to a Composite roles.
Based of Business requirements / Orgnaization structure in the Company in the sense VP. Finance / Controller / Sr.Manager / Manager etc., the composite roles and single roles are assigned to the positions. For example Vice President Finance will have full authorization to all composite roles.
Some of the users require only display authorization, in which case a role is created only incorporating transaction codes which display documents.
Thanks
Murali.

Defining BI Power User Role and Authorizations

We are looking for information/best practices/guidelines pertaining to defining BI Power Users and the appropriate authorizations to attach to this role. Our Power Users are asking for approval to access several transactions within BI, specifically within RSA1. I am curious to know how you define your power user role(s) and to what extent they have access to BW itself (i.e. BEx, Web Designer, direct access to BW transactions such as listcube, RSA1, RRI, ability to update custom tables, ability to access the data model structure, etc )? Do your power users have access to develop production queries in DEV and test in your QA environment or are they restricted to ad hoc queries in Production? Have you seen any best practices or guidelines from SAP surrounding appropriate authorizations for Power Users? Any information you would be willing to share with us would be most appreciated.

Hatem,
You have an option to use the old method however it's recommend to use analysis authorizations going forward.
Take a look at the sap wiki for analysis auth for more info or search the site for other good info.
https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI&
Cheers,
Ben

Authorization check For Test plan in SAP Solution Manager test management

Hi experts,
I need to allow only selected user to view their test package and the list of transaction so i need to have a authorization check by using enhancement i got struck since i am not able to find any badi for this ..kindly looking back your suggestion

Hi Namrata,
Yes, you can create project structure before using solar01 tcode. later once your test cases (either manual or automatic) are ready then you can upload them using solar02 on test cases tab,
refer Link Test Case to Transactions/Reports - Configuration - SAP Library
Assignments - SAP Solution Manager - SAP Library
Thanks
Jansi

On the web how can I check the user role to display the form suitable for this role i

Hello
How can I check on the web the use role to display the a form for each role
Example
If the admin login I display admin_form.fmb and if user login I display
user_form.fmb
Thankx
Tamer

In my forms I hide tab pages according the role using something like the following script in the WHEN_NEW_FORM_INSTANCE trigger.
So the user can not navigate to tabs which are vorbiden by his role.
CURSOR users_roles_cur IS SELECT granted_role FROM user_role_privs
WHERE username=(SELECT user FROM dual);
user_roles_rec users_roles_cur%ROWTYPE;
IF users_roles_cur%ISOPEN
THEN
CLOSE users_roles_cur;
END IF;
OPEN users_roles_cur;
LOOP
FETCH users_roles_cur INTO user_roles_rec;
EXIT WHEN users_roles_cur%NOTFOUND;
MESSAGE (user_roles_rec.granted_role);
PAUSE;
IF RTRIM(user_roles_rec.granted_role,' ') = 'BLA-BLA'
THEN
tb_pg_id := FIND_TAB_PAGE('activity');
IF GET_TAB_PAGE_PROPERTY(tb_pg_id, visible) = 'FALSE' THEN
SET_TAB_PAGE_PROPERTY(tb_pg_id, visible, property_true);
END IF;
END IF;
END LOOP;
CLOSE users_roles_cur;
Other solution may be is to use an initial form which only will detect the user role and run the appropriate form.
Other solutions are also possible.
Joseph

How check the user roles in Business Partner edition screen?

Hello Masters,
I'm having a little problem figuring out how to check the user roles to allow modification in some fields.
At the 'Manage Organizational Data' screen ('Manage Business Partners' -> Business Partner Data -> edit). I need to check the user roles to let him change the 'Tax Numbers' values. The values can be changed only if the user is a administrator; otherwise it must only show the value.
I checked the HTML Template and found where I can restrict this edition option, but the problem is that I don't know how to check the user roles here. Maybe there is a function to do this?
Any ideas of how I can do it? Is there any magical BAdI to check this?
Thanks in advance,
José Omar

Hi José Omar,
there is no BADI for this...
You have to change the standard code to display only tax data if the SY-UNAME does not have correct role.
You can retrieve user roles with BAPI_USER_GET_DETAIL, or access directly the activity groups table.
Rgds
Christophe

ECATT Test user roles (authorization check)

Similar Messages

Maybe you are looking for