Emergency user with SAP_ALL / revision claim

Similar Messages

• Security batch job to evaluate users with SAP_ALL access:

  Hello,
  I need to run some kind of batch report or program that runs for users that have SAP_ALL access.
  Basically we need to run a report or program that shows what these users that currently have SAP_ALL are executing on a daily basis.
  Do you have or know of a report/program that we can schedule nightly to find this information out ?
  Thanks,
  Steve

  Hi Steve,
  I don't think any SAP standard report or query is available for this. You probably have to design your own Z report/query to achive this.
  However since SAP_ALL is a restricted access and you will have very few users with this access, if you want to find it out programs/transation being executed by these users, it can be done manually from ST03, through "Memory Use Statistics", probably this may help to identify the tables using which you can design your own report.
  Regards,
  Sanujit
  Edited by: Sanujit Purohit on Jul 20, 2010 2:25 AM

• Default User with IDES 4.7 EE not found

  hello every one,
  I am an ABAPER.
  I have an installation of IDES 4.7 EE. with the login of a user with
  SAP_ALL and SAP_NEW objects when I am Trying to create a Program
  From SE38 i found system Prompts for an OSS Access Key.
      Previously I had the Installation of Plane IDES 4.7 which was having SAPUSER as a default USER For Development but in this 4.7EE i didn't found SAPUSER from tx:SU01D.
    I cannot Proceed furthur for any development of reports or any program from Module pool.
    PLease try to resolve my issue at earliest.
    Thanks

  If you want to do coding, you need to get developer key from SAP, which can be done at service.sap.com after registering your system.
  Regards,
  Ravi

• Moving/Linking Claims Windows Auth user to an ADFS Claims

  Hi guys, 
  Here is my situation:
  Initial deployment: SharePoint 2010 with Windows Authentication - Users login using AD
  We successfully migrated the web application to use "Claims"
  We then integrated the web application with ADFS 2.0 - Using the same AD users
  Everything seems good and working fine. 
  The question I have is related to content already created in SharePoint. Is it possible to map the new ADFS account usernames to the existing windows authentication claims usernames?
  This is important for users, because we would like the "My" views of lists and libraries to work. SharePoint at the moment thinks that the logged in users (using ADFS) is different than the user who created/modified the documents. (Although it
  is the same AD account)

  Hi Inderjeet
  Thanks for your reply. The article did help in moving users (Move-SPUser) from AD to ADFS (Which I noticed in the securities in groups), however, the issue I'm looking for is still standing where the items that were created by the user using "Windows
  Auth Claim" were not moved/updated to the "ADFS Claim" user, which in fact they map to the same AD user.
  Is there away to transfer/update the created by and modified by attributes of users from Windows Claims to ADFS Claims user?
  UPDATE: The above statement is not correct. Move-SPUser actually updates the created by and modified by attributes to. 

• Z_PROGRAM does not run with SAP_ALL

  Hi All,
  System: ECC 6.0
  I have a test ID with SAP_ALL and SAP_NEW authorizations, but I am not not able to execute a Z Program with this Test ID, but other users can.
  Compared other users UMR with this Test ID and they match up 100%.
  All the related auth. Objects checked and they have *
  Your suggestions will be help full.
  Thanks
  Vidyar
  Also I created a role with SE38 with full authorization and assigned the role to the Test ID, but still it does say that " You are not authorized to use the program "
  Edited by: VIDYAR on Jan 18, 2011 7:11 PM
  Edited by: VIDYAR on Jan 18, 2011 7:11 PM
  Edited by: Julius Bussche on Jan 19, 2011 8:12 AM
  Subject title made more meaningful

  9 times out of 10 such a mysterious message has nothing to do with the authorization concept of authority-check statements and you anyway cannot control the execution of a program based on it' name.
  Display the code in SE38 and search for ABAP statement constructs using system field "sy-uname". For example:
  if sy-uname NE ('cappsg' AND 'busschej').
  exit with message xxx using 'You are not authorized'.
  endif.
  or
  data: iv_uname type xubname.
  iv_uname = sy-uname.
  select single * from ZUSR_AUTH_TABLE where
  zname = iv_uname.
  if sy-subrc 0.
  exit with message xxx using 'You are not authorized'.
  endif.
  Then look in the table ZUSR_AUTH_TABLE for the lists of authorized users and where it's maintenance dialog is.
  Terrible concept, very bad practice but unfortunately it happens - particularly when developers are not given security requirements or have little faith in the existing authorization based implementation in roles.
  Can be a mess to fix as well. Good luck.
  Cheers,
  Julius

• TS1368 I'm a PC user with an itunes account for several years. I updated my itunes and now it wont open and shows me 'missing file MSVCR80.dll,and error 7(Window error 126)' keep coming up even after re-installing itunes . What should i do?

  I'm a PC user with an itunes account for several years. I updated my itunes and now it wont open and shows me 'missing file MSVCR80.dll,and error 7(Window error 126)' keep coming up even after re-installing itunes . What should i do?

  Click here and follow the instructions.
  (98897)

• There are multiple users with the same display name

  Hi,
  We have a user and when she get an item assigned to her she sees the following alert:
  "There are multiple users with the same display name USERNAME and at least one of them does not have read permissions to some of the files"
  Now I looked in the database and when I run the following query with the username:
   SELECT     
       [ProviderDisplayName]  
      ,[DisplayName]  
      ,[HasDisplayName]  
      ,[Domain]  
      ,[AccountName]  
      ,[UniqueUserId]  
      ,[LastSync]  
    FROM [Tfs_Configuration].[dbo].[tbl_Identity] where displayname like '%USERNAME%'  
  Then I get 2 same usernames back, How can I get rid of one of them ? When I access TFS trough the portal I only find 1 occurence of this user.
  We use VS2013 and TFS2013 update 4
  Best regards

  Hi DSW,  
  Thanks for your post.
  In your query result, please check if these two users have the same Account Name. if they are two different Account Name in result, it indicate there’s two users have the same display name in your AD, please check that two users’ information in
  your AD. We suggest change one user’s display name in AD.  
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Error in SRM:  a user with enough authorisation level is miss

  Hello,
  We are on SRM 5.0 and our users get the following error in SRM when creating a shopping cart:
  No user assigned to object a user with enough authorisation level is missing.
  Anybody any idea ?
  Thanks as ever

  Hello Can anybody helpe me please ?

• Provisioning a user with a resource automatically doesn't work!!

  Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
  As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
  But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
  In the log file show only 2 lines of error message.
  <Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  <Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  However, manual add resource works well.
  Environment Info:
  - OIM 11gR1 (BP6)
  - OID Connector 9.1
  - AIX 7.1
  Is this consider as bug on AIX platform ? Or any inputs would appreciated.

  Just check if the rule satisfy, user is getting the role.
  --Hari                                                                                                                                                                                               

• Connect to a cube with Integrated WIndows Sercurity for Windows user with computer outside the domain

  Hello,I am trying to connect to an MSSAS cube with a windows user ( and i need this user to be the end user that connect to the cube) from outside the domain.It will be .Net application.I use msmdpump.dll before but the thing is it impersonate the connection
  so the user that connect to the Cube is not the real client user with is a problem for me because i like to manage the security throw roles.
  SSRS is able to do what i am trying to achieve ( it ask you your domain user and password) then connect to the cube with these credential which is great,but i do that ?
  With ADOMD.Net how do you provide windows user/password in the connection string ?
  I tryed to only active windows security access with IIS and MSSAS but it's not working with a computer outside the domain even if in excel i provide a windows user/password.
  Vincent

  With ADOMD.Net how do you provide windows user/password in the connection string ?
  Hello Vincent,
  See MSDN Connection String Properties (Analysis Services) for all available properties; addtitional: AdomdConnection.ConnectionString
  Property  =>
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• How to provide the user with a list of files to pick from...for downloading

  hai..
  I have uploaded the file succesfully.. now we need to download the file...... which has been uploaded..... for that we have implemnted the Query as..
  select max(id) from APEX_APPLICATION_FILES ,here the latest uploaded record will be retrieved and shown.
  Now We want to provide the user with a list of files to pick from for downloading..,Dat is he should be shown the list of files which is available from dat he has to select one file to downlaod ???
  can u plz tell me how to do it....
  anoo

  Hi Anoo,
  Create a report using the following SQL statement:
  SELECT ID,
  FILENAME,
  CREATED_ON
  FROM APEX_APPLICATION_FILES
  ORDER BY CREATED_ON DESCThere are other fields available from the table, but the above gives you a start.
  Then edit the report's Report Attributes.
  Edit the CREATED_ON column and pick a Number/Date Format to use for the display and Apply Changes
  Edit the ID column. In the Column Link section, enter:
  Link Text: &lt;img src="#IMAGE_PREFIX#download.gif" alt="Download"&gt;
  Target: URL
  URL: p?n=#ID#
  Apply Changes and run your report
  Andy

• Site Login Behavior For SharePoint Foundation 2013 Users With Expired Passwords?

  What are the most user-friendly ways of getting external users with expired AD passwords back into the SharePoint site with a new working password?
  We already send automated email notifications to users reminding them to change their soon-to-expire passwords.  However, sometimes they miss seeing the email notifications before the password expires (such as after returning from vacation or just carelessness
  and lack of attention to email messages) or they see the warning messages and forget to act on it.
  When this happens and they try to log into the SharePoint site from the Internet, their login fails without telling the user the reason they can't log in is because their password expired.  So, they end up confused and call the help desk to get their
  password reset.
  Is there a way to set up SharePoint Foundation 2013 login in a similar way to the OWA login so that, when a user with a correct but expired password tries to log in, it gives them a prompt to set a new password right there rather than just an error indicating
  their login failed for unknown reasons or password is "incorrect?"

  It could be done. You get a different event log entry for an expired login attempt than for a wrong password, 4625 events denote a login failure and an error ID of 23 denotes a logon failure.
  A naff, but simple, approach would be to create a tool that checks your server logon event log for 4625 entries and then emails that user, or the help desk, or security, that they're trying to get onto your system with expired credentials.
  For a more polished experience you've got a lot more work and bluntly it's going to be impractical for you. You'd have to re-write sections of the SharePoint authentication process or intercept the process, both are risky and not a good idea to try.
  There's a really interesting paper here that might be of interest, it won't help you in your current situation but it might shed more light on the overall authentication/authorisation process.
  http://www.sans.org/reading-room/whitepapers/forensics/windows-logon-forensics-34132

• Can the Terminal add a user(with all options) on a single line?

  Howdy All,
  Can the Mac Terminal add a user, with all options desired, on a single line?    If so, can I get an example of this single terminal line to work from?
  Thanks

  Thanks Drew!   You have some great thoughts there. Perhaps I should provide a clearer environment of each high school(4). All classrooms have a lock down Windows environment. (There are no Macs any where in any classrooms.) The mini-tower will be the only Mac on each high school campus. we're in Dell country. The desktops are locked in such a way that only the ghosted/installed software on each hard drive works and no other software can be installed. USB sticks can't run any exe, jar, or other executable file. Even the other drives on the network can't run them. This has been setup to prevent students from bringing games into the environment and running them. Only the single classroom in each high school, where Web Tech is taught, has a ftp tool installed. Students cannot bring and use their own laptops either. So there really isn't any stray ftp activity happening. You cannot "ftp" out of the network! And there is only the one Mac available per campus.  All this makes it certainly easier to maintain for sure. I am the only user in the school district they let run a personal laptop...mine has Ubuntu (tweaked).  My knowledge of Linux has led them to assign this project to me. They are MS based entirely and so is their knowledge base.
  I've got to teach the other 4 teachers how to manage the mini-tower.  Basically it is this:
       Start and stop Apache2,
       Start and stop vsftp,
       Add ftp users(students will only have directory:           /Library/Server/Web/Data/Sites/Default/studentlastname.firstname  )  Students will not log on to the min-   tower directly as any normal user would, but only through ftp. (I.E. no /home directory) ,
       Remove/delete students as needed
       (I'll pre-install cgi-bin scripts on these to keep it simpler on the other teachers and myself.)
  With this in mind, you can see why a basic script or single command line to install these students would be great! I want to keep it simple to avoid mistakes the teachers might make adding users. Once I understand adding a user (in a terminal) better on a Mac, I may write a script to make it happen for them.
  I'd also like to understand removing/deleting a student/user better to insure everything is gone when executed.
  I hope this clear things up. Any help is much appreciated.    THANKS!!!

• User with 2 permissions assigned via groups, not able to utilize the higher privilege

  User has been assigned Publishing Editor, this was assigned by being a member of a group, where group's permission is publishing editor. 
  In addition, the user has been assigned Reviewer, this also was assigned by being a member of a group, where group's permission is Reviewer. 
  The issue: The user can only perform functions related to the Reviewer role, and can't perform functions available via the Publishing Editor.
  Any Ideas what is going on? 
  *Removing the user from the Reviewer group is not an option. 

  Hi,
  The easiest way is to grant the single user Publishing Editor permission of that folder directly, check if the issue persists.
  Right click on the folder, Properties -> Permissions -> Add the user with Publishing Editor permission.
  Regards,
  Melon Chen
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Yes another user with problem with Apple Mobile Device Support, I am getting the error message: Service 'Apple Mobile Device'(Apple Mobile Device) failed to start. Vertify that you have sufficient privileges to start system service....

  Yes another user with problem with Apple Mobile Device Support, I am getting the error message: Service 'Apple Mobile Device'(Apple Mobile Device) failed to start. Vertify that you have sufficient privileges to start system service....I hit retry and it came up again. I hit ignore and it prompted me to hit finish so Itunes can open.   I looked thru alot of these posts on here to try and resolve this problem myself but it's not working too well...I downloaded Itunes to my desktop so I can right click it with the program i downloaded called WinRAR. I extracted it and then went into the folder called Itunes64setup. I saw the file called AppleMobileDeviceSupport64 in there so I began to try and download it on it's own. Well that didn't work as I planned and got this error message:
  Apple Mobile Device Support wasn't installed on your computer. The installer encountered errors before Apple Mobile Device Support could be configured. Your system has not been modified. To retry these operations at a later time,please run the installer again.
  Well I tried to run it again and came up with the same message...I see that some people got great support to help them so I am hoping someone can help me as well. I know "b nor" is very qualfied and hopefully can help me! Please advise what I can do. Thank you

  Hi Iss9243,
  Welcome to the Support Communities!
  You've already tried some great troubleshooting steps, but the article below gives you quite a few more for this issue.  Hope it helps ....
  iTunes 11.1.4 for Windows: Unable to install or open
  http://support.apple.com/kb/TS5376
  Cheers,
  - Judy