Extra level of security in ABAP for sensitive custom tcodes

Hi All,
Is it a best practice to include this extra level of authority check in custom programs which are deemed as sensitive ?
CALL FUNCTION 'AUTHORITY_CHECK_TCODE'
So trying to execute the underlying program for a tcode with SE38/SA38 would still prompt a check on S_TCODE.
I see this check in some sensitive SAP tcodes, viz. SU01,SU22.
Your inputs would be appreciated.
Thank you
Abhishek

There have been a number of discussions about tcodes, how and when to check them and the function module 'AUTHORITY_CHECK_TCODE'.
Try search a search for: https://forums.sdn.sap.com/search.jspa?threadID=&q=authority_check_tcode&objID=f208&dateRange=all&numResults=15&rankBy=10001
I have also seen some comments in some SAP programs, which indicate that this is "the old way" of checking authority, and not a new way as you might be thinking... which makes a critical report transaction without security in the report seem like a stone age idea...
But it is very usefull, particularly for retro-fitting unprotected report transactions which might be used by more than one transaction => you can then instruct the system via SE97 to permit a submit of the report from a set of transactions and not just one.
But that it only limited to transactions.
Cheers,
Julius

Similar Messages

I connected my iphone to my computer, and somehow my apps downloaded to itunes, and erased from my iphone, i re-uploaded them to my iphone and now all the game data is missing, including extra levels that i have paid for.

After i connected my iphone to my computer to upload some pictures, the couple of apps that i had synched to my itunes, later i noticed that this deleted them from my iphone, therefore i re-connected my phone, dragged that apps back onto my phone and all seamed okay. Till i went to play an app (dinner dash) and notice that now only was all my data (scores and level beaten) erased, but i had also purchased extra levels and these are no longer available, they are asking my to pay for the levels again. I know they weren't expensive, but i already paid for these and obviously still want them without having to pay again? Any help would be great, i can't even seam to find a email address that i could write to on the apple site for help!! I either want to get these levels again, or my money back to download them again.

Hello johnohuk,
Thanks for the question. It sounds like most of your music was purchased from the iTunes Store. If your country supports iTunes in the Cloud, you can download your past purchases using this article:
Downloading past purchases from the App Store, iBookstore, and iTunes Store
http://support.apple.com/kb/HT2519
Thanks,
Matt M.

How to identify whether a TCode is for SAP query or for a customized TCode

Hi,
We have a list of TCodes starting with Y_*
Some of these TCodes could be related to SAP Queries and some could be real custom transactions. How do I find out which one of those are related to SAP queries and which ones are related to custom SAP transactions?
I have already checked table TSTC for the program names of these Transactions, but the program name field (PGMNA) is blank. Also in TCode SE93 the transaction mentioned is START_REPORT. Also for some, when I go to the transaction (Y_*) and then environment->status to check the program name the values found are something like AQ11FI==========F10A==========.
Please help on how to identify whether a TCode is actually for an SAP query or for a customized transaction.
Thanks in advance.
Mick

Thanks Anil.
In TSTC, the filed for program name is blank. Therefore I would have to go to each and every transaction (I have around 250 Y_* TCodes with me) and then to environment->status to get the program name and then check whether it is A......
Is there any easier way to know whether a TCode refers to an SAP query or a custom developed transactions/program.
Mick

Level of Competency in ABAP for Functional consultants.

Hi ,
i just wanted to have inputs based on your experience , that what level of competence should a functional consultant should have in ABAP .
Should it be knowing the database , debugging etc. or should it be a step forward starting coding in ABAP .
As i was going through the certification details of Financials , in Application professional certification ABAP programming was a part of the requirments for the same .
I being a part of the FICO / FICA / FM modules , just curious to know what the experts have to say on this .
Dear Mentors can you please throw some light on the same based on your experience .
Regards ,
Dewang T

Matt has already said much of what I was about to say, but to add a couple of other perspectives:
There's a bit of a paradox: A top notch functional consultant can get by without ABAP if s/he knows exactly what config is where and which fields influence what. They're very rare, but I've met people like that. (More prevalent in HR which is highly config-driven anyway and with a convoluted technical side). Problem is, to get to a high level of competency requires either a lot of talent, many years experience, or ... you guessed it... ability to read and debug ABAP.
The other angle to this is what level of functional consultant? There are no clear boundaries - on the technical side you get the 'techno-functional' people as they are known, all the way towards a Business Analyst who in some cases doesn't even have an SAP logon.
In some ways it depends on the way the company/project is managed and available skills:
If the company gets their ABAP resources as cheap as possible, or offshore, then your functionals definitely need a good level of ABAP skills. If they go for a 'less is more' approach and hires a few top notch developers, then not-so-technical functional people are fine. I've worked on both scenarios and my experience is that the second can produce better results. Why? A really good developer has a sixth sense to know ahead of time which requirements will change and build appropriately configurable solutions. In the first scenario however, basic ABAP skills of a functional consultant do not cover what is good technical application architecture, and likewise an entry-level programmer won't be experienced enough to really follow best practice and avoid all the pitfalls.
On the other hand, the combination of functionals with little ABAP knowledge and budget programmers is something that can get very expensive fixing the results.
If you are thinking about contracting/consulting and working at several clients, then having skills "on the other side" is what gives you the edge, irrespective of whether you are a functional consultant or an ABAP developer.

Code (ABAP) for the Customer Exit Variable (CMOD)

Scenario
An employee can purchase any no of policies in a day or month.each policy will have start date and expiry date.
My requirment
Count all the policies(valid) by employee on a ranges basis exception reporting
(0-10;10-20;20-30;30-40) and then able to drill down by policy start date and expiry date.
As per the requirment is to show policies that employee had with in the give date intreval which are not yet expired (active) i need to write a condition that will count only policies whose Expiry date is > Current calender day
As Policy Expiry Date is a char i am converting it to KF using fourmala variable so that i can write a condition on it using current cal day formula variable sap exit
Requirment:
Need a code for SAP exit variable which will meet the following requirment
There are the following 2 variables in the query
1) A variable (User Input)(Date Range) on Policy Start Date and
2) Authorisation Variable which is based on Authorisation Object(Analysis Authorisations)
I need a SAP Exit variable (CMOD) that will
BAsed on the user entered Policy Start date it has to pick all the policy exiry date of the policies and display all the policies whose expiry date is greate than Sy Date (Current Date) and also if Policy Expiry Date is blank or # it has to display
Arun supplied me with the below code...but i think it doesn't include blank expiry date or #...as i am new to ABAP please update me with releavent code
Policy Start Date : ZPST_DTE
Policy Expiry Date: ZPSP_DTE
Variable (Type:Customer Exit) on Expiry Date: ZEEXP_DTE
Arun's Code:
IF I_STEP = 1.
CASE V_NAME
WHEN 'X' " X is the variable u created for the exit
l_s_range-low = SY-DATUM.
l_s_range-opt = 'I'.
l_s_range-sign = 'GT'.
APPEND l_s_range TO e_t_range.
END CASE.
Please modify above code to include Blank or # values of Expiry Date
Thanks Arun
Please ask if you need further info as this is urgent
Thanks

Hi Arun,
Thanks for the help...will definetly assign points
(Closed the previous thread)
Please spare bit of ur time as this is my first ABAP Code
Can i include 2 restrictions..# and Variable (Customer Exit)...But how can i include Records with Blank Values
As the data from Source system the expiry date is filled up with either Date or # or Blank...my requiorment is to include all 3 and
Question:
As there are 2 other variables defined ..one on Policy Start Date (User input date intreval) and Location (Authorization Variable..Analysis Authorisations)...Do i need to change I_STEP in the code
(Req: Reports shows all the(still valid) policies emp has purchased between 2 give date (Variable on Policy Start date)
IF I_STEP = 1.
CASE V_NAME
WHEN 'X' " X is the variable u created for the exit
l_s_range-low = SY-DATUM.
l_s_range-opt = 'I'.
l_s_range-sign = 'GT'.
APPEND l_s_range TO e_t_range.
END CASE.

UME security vs ABAP security object level

We installed Virsa Compliance Calibrator & Access Enforcer and trying to configure security in UME to control user access so that besides action level security, we need further restriction on for example, Functional Area, cost center & department access. Does UME have lower level authorization restriction capabilities similar to that of ABAP authorization object level security? If not, how can we utilize ABAP Virsa security objects to control JAVA front end access?
Your advice is much appreciated.
Thanks,

I'm not aware of a way to limit requestor access (you can request anything visible); however, you can provide direction by populating an attribute field (i.e. company) with valid company values for each role. When a requestor searches for a role, if they filter by the appropriate company, they will only see valid roles for the request. I did, however, point the request authentification towards a 'fake LDAP'. This prevents individuals without specific UME credentials from submitting a request.
However, you can restrict approvers using a custom approver/determinator. In my case, I wanted to use a combination of "role" and "usergroup" to determine approver, rather than use one approver set for all requests. I have implemented and confirmed this works. The unfortunate side affect, is that you have to maintain a seperate file for this custom A/D (which you have to refer to /append for any request for role approver information).

Row Level Security not working for SAP R/3

Hi Guys
We have an environment where the details are as mentioned below:
1. Crystal Reports are created using Open SQL driver to extract data from SAP R/3 using the SAP Integration Kit.
2. The SAP roles are imported in Business Objects CMC.
3. Crystal Reports are published on the Enterprise as well.
3. Authorization objects are created in SAP R/3 and added as required for the row level security as mentioned in the SAP Installation guide as well. The aim is when the user logs into the Infoview and refreshes the report he should only see data that he is meant to so through the authorization objects.The data security works very much fine when the reports are designed directly on the table but when the reports are built on the Business View it doesnt work hence the user is able to see all data.
Any help in this issue is greatly appreciated.
Thanks and Regards
Kamal

Hi,
In order for row level security to work for you using the OpenSql driver, you need to configure the Security Definition Editor on your SAP server. This is a server side tool which the Integration solution for SAP offers as a transport.
This tool defined which tables are to be restricted based on authorizations.
However since you are seeing the issue on reports based on Business Views, you need to identify whether the Business View is configured in such a way where the user refreshing the report is based on the user logging into Infoview. If the connection to your SAP server is always established with the same user when BV is used then you security definition is pointless.
You can confirm this by tracing your SAP server to identify what user is being used to logon to SAP to refresh the reports.
thanks
Mike

" plug-in name does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari Security "Manage Website Settings"?

Hi,
Wondering why "<plug-in name> does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari > Security > "Manage Website Settings"?
Have been trying to get to the root cause of the problem but did not find much on this. I am trying to figure out what can get the warning to go away completely than using the Allow/Always Allow options for the plug-in
Thanks,
Shyam

Hi Linc,
Thank you for your response. Here is the screenshot of the warning that I am talking about.
Here is what I do:
1. Launch Safari and open its Preferences. I have Safari 7.1 installed on my machine.
2. Click Security Tab and click Manage WebSite Settings
3. A window opens showing me all the Plug-ins that I have (listed on the left hand side).
4. One of them is the Adobe Reader plug-in. When I click Adobe Reader, the following details about the plug-in show up on the right
I was referring to the highlighted section that warns me about this plug-in not using the highest level of security for Safari Plug-ins.
Note: I do not see this for all my plug-ins (QuickTime, Adobe Flash Player don't give me this warning) which tells me that there is a way to make the warning go away.
Thanks again,
Shyam

Sugestion for a higher level of security in APEX

I have noticed that APEX's developer interface supports page groups but you cannot use page groups to manage security. In most of the programs I build, it would be very useful to be able to blanket apply security settings over a group of settings in one location rather than having to go to each page. Example, I have a program where you have to be in a database table to be able to access a large part of it. I would like to be able to go one place group those pages together and then set an authorization scheme and or conditions that would apply to every page in that group and not just a single page. I would also to not just have this set the page level security but retain the ability to tighten up the security to fine tune the access to individual pages in the page grouping if required. I have many cases where I really need a compound security setup where multiple authorization schemes are checked. I know I can build new schemes but it would be more efficient to be able to layer them to form my security setup from lower levels of security (designed to cover a general group of pages) to strongest (designed to be applied to one or more specific pages) in a way where their effects would compound and you would need to pass each of them in order to be authorized to view the page.
I don't know if this is practical but its just a thought for the future.

Actually... yes, that is 1 of the 2 reasons I posted here.
Reason 1: That those that have the administrative and moderation access in this forum, also has access to the account information of the members that have signed up here. Which pretty much every forum software package grants the rights to those of the administrative/moderator staff. Or at least at a minimum could reply to the post, with the information that I am seeking.
Reason 2: This is a discussion forum, and I thought... people come here to help one another. And as I listed before, we tried the LEGAL contact page on Apple.com, no luck there. We tried going via iPhone developer program information contacts... dead end. And our legal contacts did in fact try to reach out to contacts that we also did have on file... and those also ended up in a dead end.
So excuse me for using yet another avenue of communicating with Apple and people who may also have or are going through the same situation.
As for the sarcastic replies... I know exactly why I am getting them, and hence why I returned them. I am absolutely no stranger to the anonymous world of discussion forums. But if you want to continue thinking that everything is just like slicing a piece of apple pie, and serving...
Then you seriously underestimating the complexity of issues like this.
All I did was come here to ask for some assistance when every known avenue has turned up to be a dead end. I thank the person that provided at least another avenue, that may lead to proper solution.
Grouch Marx was an interesting character. Last I checked, this wasn't a club. Or maybe it is, and you only want to keep to your own and forget the thousands if not magnitudes more of people that are just looking for a simple answer to a problem.

How do you created object level security in BI for roles.

How do you created object level security in BI for roles. For example if I want users to only execute reports in BI for a particular "object" report how would I do that.
Thanks.

Hi Maritza,
Can you be more specific.
If you are looking for BI Security concept, check this presentation:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
Regards,
Zaheer

Question on security in ABAP program with ITS. Please help!

Hi Experts,
I have a question on security in ABAP program.
I have a ABAP program which has a transaction attached.
I have added authorization check in ABAP program(Progran level security).
I have also attached the authorization object to the transaction.(Transaction level security)
If an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?
If I have web enabled my ABAP program via SICF (in other words, ITS). Then when I try to run my ITS service in the browser will the transaction level authorization fire? or Will the program level authorization fire?
Please help me understand this security aspect.
Thanks
Gopal

I have added authorization check in ABAP program(Progran level security).
i assume you have coded call authority within the program.
If an end user runs the transactionm, then which authorization check will fire first?
if he calls the transaction, then first authorization attached to the transaction will be checked.
but if he executes the program attached to the transaction, then the authorization attached to the transaction dosent help here, the one coded in side the program is checked.
If I have web enabled my ABAP program via SICF (in other words, ITS).
it depends,
if you are calling your transaction like
webgui/?~transaction=<tcode> then first tcode level authorization.
if you generate the templates for the program and callign the same, then i guess its progam level. (i need to check this)
Regards
Raja

Level of security in PDFs?

What level of security is there in PDF files? My company has
asked me to create PDFs with interactive forms that would submit to
either a database or an email address (I'm not sure about this yet
because I don't know what PDFs are capable of submitting TO).
I am familiar with the typical 128 bit encryption SSL on web
pages, but I have no idea what type(s) of security is available in
PDF files. My company wants to have customers download PDFs from
our website, fill them out, and click a submit button to have the
data sent to us. The data would be highly sensitive data like
names, social sec numbers, etc.
Any thoughts or help are appreciated :)

Thank you for your post. These forums are specific to the
Acrobat.com website and its set of hosted services, and do not
cover the Acrobat family of desktop products. Please visit the
following forums for any questions related to the Acrobat family of
desktop products:
http://www.adobeforums.com/cgi-bin/webx/.3bbeda8b/
Note: Acrobat supports numerous forms of encryption ranging
from 40-bit RC4 to 128-bit AES, and as of Acrobat 9 supports
256-bit AES as well.

Error while installing NW7.3 ABAP for DB2 on z/OS Install DB CLI driver

Dear Experts,
i'm installing for the first time NW7.3 ABAP for DB2 on z/OS with AIX application server. Central Services was installed succesfull but next step Install Database on AIX stoped with error (establishConn.log):
db2radm (release: "720", patch level: "000", version: "Jan 14 2012") begin:28.02.2012 10:54:39
This is db2radm release: "720", patch level: "120", version: "Jan 14 2012".
This is db2radm setting up DB2 Connect.
Message file is /sapmnt/tmp/sapinst_instdir/NW73/INSTALL/NW73/DB2/HA/PI/DB/establishConn.log.
db2radm called as: /usr/sap/DW8/SYS/exe/uc/rs6000_64/db2radm -m db2i -P 456 -L DW8DDF -S DW88 -H s10d1 -u SAPADM -p ******** -W primary_only -l /sapmnt/tmp/sapinst_instdir/NW73/INSTALL/NW73/DB2/HA/PI/DB/establishConn.log
Adjusting environment
dbs_db2_ssid=DW88
SAPDBHOST=s10d1
dbs_db2_user=SAPADM
dbs_db2_schema=SAPADM
dbs_db2_schema8=1
dbs_db2_pw=********
Checking environment
DB host = s10d1
SSID = DW88
SAPSYSTEMNAME = DW8
DB2Trc: 000000 CLI_ALLOC_ENV 1
connect.ini file used: 'connect.ini.for.db2radm'
Fail over connection list of this application server:
NAME = DW88_on_s10d1
USER = SAPADM
PASSWORD = <***>
SCHEMA = SAPADM
PS = SAP0907U
LOCATION = DW8DDF
SSID = DW88
HOST = s10d1
PORT = 456
RETRY_CNT = 3
SLEEP_TIME = 0
DB2Trc: trace level of dbdb2cli set to 1
COLLECTION ID used is "SAP0907U"
DB2 Call 'SQLDriverConnectW' Warning: SQLCODE = 8007 : [IBM][CLI Driver][DB2] SQL8007W There are "90" day(s) left in the evaluation period for the product "DB2 Connect". For evaluation license terms and conditions, refer to the License Agreement document located in the license directory in the installation path of this product. If you have licensed this product, ensure the license key is properly registered. You can register the license via the License Center or db2licm command line utility. The license key can be obtained from your licensed product CD. SQL
use lib_dbsl for DB2 version V9.
Callback functions for dynamic profile parameter registered
DbSl library successfully loaded.
WARNING: schema with 8 bytes length allowed; shadow upgrate will not work
dbs/db2/use_accounting != 1 -> DB2 accounting is switched off
dbs/db2/use_drda_lob_handling != 1 -> SAP LOB handling is used
dbs/db2/chaining = 20 -> CLI CHAIN optimization is switched on
dbs/db2/opt2_hint = 1 -> implicit 'optimize for 1 rows' hint is switched off
SQL DRIVER VERSION is "09.07.0003"
DB2Connect driver identified as THIN CLIENT
Now I'm connected to DW88_on_s10d1
DB2 DBMS version 09.01.0005
DB2 LOCATION name DW8DDF
(HYB): Info: Using OLD dbsl support.
DB2 connect shared library loaded successfully.
09.07.0003DB2Connect driver identified as THIN CLIENT
WARNING: schema with 8 bytes length allowed; shadow upgrate will not work
dbs/db2/use_accounting != 1 -> DB2 accounting is switched off
dbs/db2/use_drda_lob_handling != 1 -> SAP LOB handling is used
dbs/db2/chaining = 20 -> CLI CHAIN optimization is switched on
dbs/db2/opt2_hint = 1 -> implicit 'optimize for 1 rows' hint is switched off
DBSLHA: Got Failover profile /usr/sap/DW8/SYS/global/connect.ini
DBSLHA: Using new Failover Support
DBSLHA: Using user( SAPADM) and password(<pwd>) from profile.
DBSLHA:
DBSLHA:Connection List
DBSLHA:
DBSLHA:NAME |HOST |SSID|COLLECTION |PLAN |PORT |SCHEMA |OWNER |LOCATION |RETRY|SLEEP|
DBSLHA:--|||||||||-|---|
DBSLHA:DW88_on_s1|s10d1 |DW88|SAP<DB2Conne| | |SAPADM |SAPADM |DW8DDF |00003|00000|
DBSLHA:--|||||||||-|---|
GetHaProfile: GetHaProfile: found 1 connections in connection profile.
GetHaProfile: found section DW88_on_s10d1, ssid DW88, port 456, location DW8DDF, host s10d1 in connection profile
connection profile /usr/sap/DW8/SYS/global/connect.ini opened.
>>>>>> dump of connection profile
ADDED 20120228 103331 by DB2RADM RELEASE 720 PATHLEVEL 000
[DEFAULT_GROUP]
CON1=DW88_on_s10d1
[DW88_on_s10d1]
SSID=DW88
HOST=s10d1
PORT=456
LOCATION=DW8DDF
<<<<<< end of dump of connection profile
ssid DW88 found in connection profile, section DW88_on_s10d1.
>>> analyse line: * ADDED 20120228 103331 by DB2RADM RELEASE 720 PATHLEVEL 000
>>> analyse line: [DEFAULT_GROUP]
>>> analyse line: CON1=DW88_on_s10d1
>>> analyse line:
>>> analyse line: [DW88_on_s10d1]
section DW88_on_s10d1 found.
>>> analyse line: SSID=DW88
>>> analyse line: HOST=s10d1
>>> analyse line: PORT=456
>>> analyse line: LOCATION=DW8DDF
>>> analyse line: section DW88_on_s10d1 found and data matches.
backup connection profile /usr/sap/DW8/SYS/global/connect.ini .
switch connection profile /usr/sap/DW8/SYS/global/connect.ini .
check for adapted connection profile.
WARNING: schema with 8 bytes length allowed; shadow upgrate will not work
dbs/db2/use_accounting != 1 -> DB2 accounting is switched off
dbs/db2/use_drda_lob_handling != 1 -> SAP LOB handling is used
dbs/db2/chaining = 20 -> CLI CHAIN optimization is switched on
dbs/db2/opt2_hint = 1 -> implicit 'optimize for 1 rows' hint is switched off
DBSLHA: Got Failover profile /usr/sap/DW8/SYS/global/connect.ini
DBSLHA: Using new Failover Support
DBSLHA: Using user( SAPADM) and password(<pwd>) from profile.
DBSLHA:
DBSLHA:Connection List
DBSLHA:
DBSLHA:NAME |HOST |SSID|COLLECTION |PLAN |PORT |SCHEMA |OWNER |LOCATION |RETRY|SLEEP|
DBSLHA:--|||||||||-|---|
DBSLHA:DW88_on_s1|s10d1 |DW88|SAP<DB2Conne| | |SAPADM |SAPADM |DW8DDF |00003|00000|
DBSLHA:--|||||||||-|---|
GetHaProfile: GetHaProfile: found 1 connections in connection profile.
GetHaProfile: found section DW88_on_s10d1, ssid DW88, port 456, location DW8DDF, host s10d1 in connection profile
ssid DW88 found in connection profile, section DW88_on_s10d1.
check for adapted connection profile passed.
WARNING: schema with 8 bytes length allowed; shadow upgrate will not work
dbs/db2/use_accounting != 1 -> DB2 accounting is switched off
dbs/db2/use_drda_lob_handling != 1 -> SAP LOB handling is used
dbs/db2/chaining = 20 -> CLI CHAIN optimization is switched on
dbs/db2/opt2_hint = 1 -> implicit 'optimize for 1 rows' hint is switched off
DBSLHA: Got Failover profile /usr/sap/DW8/SYS/global/connect.ini
DBSLHA: Using new Failover Support
DBSLHA: Using user( SAPADM) and password(<pwd>) from profile.
DBSLHA:
DBSLHA:Connection List
DBSLHA:
DBSLHA:NAME |HOST |SSID|COLLECTION |PLAN |PORT |SCHEMA |OWNER |LOCATION |RETRY|SLEEP|
DBSLHA:--|||||||||-|---|
DBSLHA:DW88_on_s1|s10d1 |DW88|SAP<DB2Conne| | |SAPADM |SAPADM |DW8DDF |00003|00000|
DBSLHA:--|||||||||-|---|
GetHaProfile: GetHaProfile: found 1 connections in connection profile.
GetHaProfile: found section DW88_on_s10d1, ssid DW88, port 456, location DW8DDF, host s10d1 in connection profile
WARNING: schema with 8 bytes length allowed; shadow upgrate will not work
dbs/db2/use_accounting != 1 -> DB2 accounting is switched off
dbs/db2/use_drda_lob_handling != 1 -> SAP LOB handling is used
dbs/db2/chaining = 20 -> CLI CHAIN optimization is switched on
dbs/db2/opt2_hint = 1 -> implicit 'optimize for 1 rows' hint is switched off
DBSLHA: Got Failover profile /usr/sap/DW8/SYS/global/connect.ini
DBSLHA: Using new Failover Support
DBSLHA: Using user( SAPADM) and password(<pwd>) from profile.
DBSLHA:
DBSLHA:Connection List
DBSLHA:
DBSLHA:NAME |HOST |SSID|COLLECTION |PLAN |PORT |SCHEMA |OWNER |LOCATION |RETRY|SLEEP|
DBSLHA:--|||||||||-|---|
DBSLHA:DW88_on_s1|s10d1 |DW88|SAP<DB2Conne| | |SAPADM |SAPADM |DW8DDF |00003|00000|
DBSLHA:--|||||||||-|---|
SQL DRIVER VERSION is "09.07.0003"
DB2Connect driver identified as THIN CLIENT
DB2Trc: 00 000000 cli_get_cli_driver_bld_level 1 s101006
SQL DRIVER NAME is "libdb2.a"
SQL DBMS NAME is "DB2"
SQL DBMS VERSION is "09.01.0005"
DATABASE NAME(DB2 Connect DCS database name) is "DW8DDF"
The bind is skipped since collection for ssid DW88 is already bound.
To force the bind, use option "-B force".
DB2TRC: 0000000000 00 000000 CLI_DISCONNECT
DB2TRC: 0000000000 00 000000 CLI_FREE_DBC 1
DB2TRC: 0000000000 00 000000 CLI_FREE_ENV 1
DB VERSION is 09.01.0005.
Starting Grants .
DB2Trc: 000000 CLI_ALLOC_ENV 1
COLLECTION ID used is "SAP0907U"
DB2 Call 'SQLDriverConnectW' Warning: SQLCODE = 8007 : [IBM][CLI Driver][DB2] SQL8007W There are "90" day(s) left in the evaluation period for the product "DB2 Connect". For evaluation license terms and conditions, refer to the License Agreement document located in the license directory in the installation path of this product. If you have licensed this product, ensure the license key is properly registered. You can register the license via the License Center or db2licm command line utility. The license key can be obtained from your licensed product CD. SQL
Connecting to <DW88_on_s10d1> on connection 0 ...
Now I'm connected to DB2 (09.01.5)
SQL DRIVER NAME is "libdb2.a"
SQL DBMS NAME is "DB2"
SQL DBMS VERSION is "09.01.0005"
DATABASE NAME(DB2 Connect DCS database name) is "DW8DDF"
New functions of DB2 V9 are switched on
Profile parameter dbs/db2/cli_trace_dir is not set
dbdb2dic.c 1709 INFO Profile: SDB2_DEBUG=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: sdb2_debug=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: SDB2_DEBUG=<UNSET>
DB2 Call 'CLI_EXECUTE' Error: sqlcode = -204 : [IBM][CLI Driver][DB2] SQL0204N "SAPADM.#LOBU" is an undefined name. SQLSTATE=42704
dbdb2dic.c 2251 INFO rc=103,sqlcode=-204: ExeRead
dbdb2dic.c 1709 INFO Profile: dbs/db2/max_retry=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: DB2_MAX_RETRY=<UNSET>
dbdb2dic.c 1709 INFO Profile: dbs/db2/retry_on_924=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: DB2_RETRY_ON_924=<UNSET>
dbdb2dic.c 1709 INFO Profile: dbs/db2/no_retry_on_10=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: dbs_db2_no_retry_on_10=<UNSET>
dbdb2dic.c 1733 INFO Envrmnt: DBS_DB2_NO_RETRY_ON_10=<UNSET>
DB2 Call 'SQLEndTran' Error: sqlstate = 08003 : [IBM][CLI Driver] CLI0106E Connection is closed. SQLSTATE=08003
[dbdb2dic.c 1873:rc=99: COMMIT WORK failed]
dbdb2dic.c 1873 ERROR rc=99: COMMIT WORK failed
[dbdb2dic.c 2019:rc=99,sqlcode=268435455: ExecDDL failed (DB error)]
dbdb2dic.c 2019 ERROR rc=99,sqlcode=268435455: ExecDDL failed (DB error)
DB2 Call 'SQLEndTran' Error: SQLCODE = -99999 : [IBM][CLI Driver] CLI0106E Connection is closed. SQLSTATE=08003
ROLLBACK failed with SQL error '-99999'
ERROR: couldn't connect to DB
rc = 99
error message returned by DbSl:
rc=99,sqlcode=268435455: ExecDDL failed (DB error)
DB2RADM EXITCODE: 12
db2radm finished (0012)
db2radm stop:28.02.2012 10:54:39
i've patched db2radm and sapinst to the latest version.
May be i should manually create "SAPADM.#LOBU"?
Please help to solve these issue.
Best regards,
Alexander V

Hi ,
Please check if Note 1581637 - Installing a System with DB2CODEPAGE other than the default is useful.
Award points if useful.
Thanks,
Ravi

Block the Material at Item level in Sales Order automatically for delivery

Hi!
My business scenario needs a material to be Ckecked for Inspection after raising the Sales Order by thirdparty person. So, I need to block that particular material at Item level automatically for delivery and rest of the line items can get delivered. I can do this by selecting the reason for Block at Item level manually, but I want the system to get detemine this block. And one more thing is that there is NO Quality Management module for this. So, let me know what I need to configure for this effect. Thank you.....

hi,
pl check the user exit " userexit_save_document_prepare" or "userexit_save_document".
Take the help of your abaper to see if the logic written here can affect the item level block in the sales order for inspection. Create new reason for the item level block and have it triggered with this exit. Instead of hard coding which might require regular intervention of abaper for code changes for the business to be able to manage it, maintain a master data in the material master against some field with a key.
now use that key to identify if these materials require to be blocked at the sales order level for inspection. To release this item again the user has to go in VA02 mode to release the block. Let this be done after the inspection of that material.
regards
sadhu kishore

Question on security in ABAP. Please help!

Hi Experts,
I have a question on security in ABAP program.
I have a ABAP program which has a transaction attached.
I have added authorization check in ABAP program(Progran level security).
I have also attached the authorization object to the transaction.(Transaction level security)
If an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?
If I have web enabled my ABAP program via SICF (in other words, ITS). Then when I try to run my ITS service in the browser will the transaction level authorization fire? or Will the program level authorization fire?
Please help me understand this security aspect.
Thanks
Gopal

Hi gopalkrishna,
1. if an end user runs the transactionm, then which authorization check will fire first? Will it be transaction level?
Yes, transaction level first !
2. In ITS scenario also,
a) first tcode level,
b) then, program level
regards,
amit m.

Extra level of security in ABAP for sensitive custom tcodes

Similar Messages

Maybe you are looking for