Giving deployment authorization to UME user
hi ,
I am working on Netweaver 7.1. I have created UME user and want to give that user permission for deployment from Netweaver client. When i assigned administrator group to that user i could deploy applications using new user but this user has administrative rights , he can create , edit delete and use other functions like administrator. Which i dont want. is there any way to give only deployment access to this user??? Can anyone tell me which role/group/actions should b assigned to this user so that he is only able to deploy???
hi ,
I am working on Netweaver 7.1. I have created UME user and want to give that user permission for deployment from Netweaver client. When i assigned administrator group to that user i could deploy applications using new user but this user has administrative rights , he can create , edit delete and use other functions like administrator. Which i dont want. is there any way to give only deployment access to this user??? Can anyone tell me which role/group/actions should b assigned to this user so that he is only able to deploy???
Similar Messages
-
Authentication and authorization for AD users in UCM11g
Hi all
we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
Thanks
SomeshAs you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
As for SSO, refer to the:
http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
and
http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
Procedure steps are:
Create a user account for the hostname of the web server machine in Active Directory
Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
Generate the keytab file
Create a JAAS Login File named krb5Login.conf
Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
Configure the Identity Assertion Provider
Adjust Weblogic Server startup arguments for Kerberos authentication
Redeploy CS (and optionally other servers) server with the documentation given deployment plan
Check web browser configuration (IE and Firefox only)
Take a deep breath and test
If successful have a cake and cup of coffee else goto step one
Regards,
Boris -
Persistence exception when creating UME users
Hello,
I'm encountering a persistence exception while attempting to create users in the Portal using ABAP as my UME store. The exception indicates that a user name is too long to be valid (e.g. 1Z8uN8K0JUdBbS~Z1WN8). This name is apparently generated since it is different in each error message in the log.
I've read the Help files throughly and have configured the SAPJSF user to be in the proper role for writing (SAP_BC_JSF_COMMUNICATION) and made sure that the authorizations for that role are properly generated and assigned. The values for the ume settings in configtool are configured to connect properly and everything tests fine in the portal (except creating users, of course). I'm running everything on SPS09.
The detailed error message is below. TIA for your thoughts.
Rob
Date : 12/11/2006
Time : 17:07:09:486
Message : An exception was thrown in the UME/ABAP user management connector. Message: Not a valid SAP user ID:
"1Z8uN8K0JUdBbS~Z1WN8". Reason: SAP user ID must contain at least 1 and at most 12 characters.
[EXCEPTION]
com.sap.security.core.persistence.datasource.PersistenceException: Not a valid SAP user ID: "1Z8uN8K0JUdBbS~Z1WN8".
Reason: SAP user ID must contain at least 1 and at most 12 characters at
com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.newPersistenceException(R3PersistenceBase.java:178
) at com.sap.security.core.persistence.datasource.imp.R3Persistence.getPrivateIDPart(R3Persistence.java:2532)
at
com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.bindNewPrincipalDatabag(DataSourceBaseI
mplementation.java:340) at
com.sap.security.core.persistence.datasource.imp.R3Persistence$Transaction.bindNewPrincipalDatabag(R3Persistence.java
:8727) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.bindNewPrincipalDatabag(PrincipalDatabagFactory
Instance.java:4640) at
com.sap.security.core.persistence.imp.PrincipalDatabag.getIDParts(PrincipalDatabag.java:1034) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.isPrincipalDatabagAttributeModifiable(Principal
DatabagFactoryInstance.java:2331) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:255) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:215) at
com.sap.security.core.jmx.impl.CompanyPrincipalFactory.isPrincipalAttributeCreateable(CompanyPrincipalFactory.java:24
71) at com.sap.security.core.jmx.impl.JmxLayoutHelper.getAttributeLayoutInformation(JmxLayoutHelper.java:67)
at com.sap.security.core.jmx.impl.JmxServer.getAttributeLayoutInformation(JmxServer.java:304) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:324) at
com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58) at
javax.management.StandardMBean.invoke(StandardMBean.java:286) at
com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944) at
com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288) at
com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409) at
com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277) at
com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258) at
com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287) at
com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.security.core.jmx._gen.IJmxServer$Impl.getAttributeLayoutInformation(IJmxServer.java:1695) at
com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.getAttributeLayoutInformation(JmxModelCompInterface.java:485)
at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.getAttributeLayoutInformation(InternalJmxModelCom
pInterface.java:441) at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.getAttributeLayoutInformation(InternalJm
xModelCompInterface.java:712) at
com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getAttributeLayoutInformation(UmeUiFactoryCompInterfa
ce.java:675) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getAttributeLayoutInformation(InternalUme
UiFactoryCompInterface.java:519) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getAttributeLayoutInformation(In
ternalUmeUiFactoryCompInterface.java:856) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCopyIn(WriteableDetailInterfaceView.java:179
) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCreateIn(WriteableDetailInterfaceView.java:1
11) at
com.sap.security.core.wd.maintainuser.wdp.InternalWriteableDetailInterfaceView.wdInvokeEventHandler(InternalWriteable
DetailInterfaceView.java:110) at
com.sap.tc.webdynpro.progmodel.generation.DelegatingInterfaceView.invokeEventHandler(DelegatingInterfaceView.java:85)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.navigate(ClientApplication.java:826) at
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.navigate(ClientComponent.java:873) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doNavigation(WindowPhaseModel.java:498) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:144) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:731) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:667) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73) at
com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProx
y.java:879) at
com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java
:77) at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1291) at
com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325) at
com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:831) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at
com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at
com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at
com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at
com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at
com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMe
ssageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at
com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at
java.security.AccessController.doPrivileged(Native Method) at
com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at
com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)----
caused by
com.sap.security.core.persistence.datasource.imp.r3persistence.SapUidFormatException: Not a valid SAP user
ID: "1Z8uN8K0JUdBbS~Z1WN8". Reason: SAP user ID must contain at least 1 and at most 12 characters at
com.sap.security.core.persistence.datasource.imp.r3persistence.Util.assertSapUidLength(Util.java:73) at
com.sap.security.core.persistence.datasource.imp.R3Persistence.getPrivateIDPart(R3Persistence.java:2512) at
com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.bindNewPrincipalDatabag(DataSourceBaseI
mplementation.java:340) at
com.sap.security.core.persistence.datasource.imp.R3Persistence$Transaction.bindNewPrincipalDatabag(R3Persistence.java
:8727) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.bindNewPrincipalDatabag(PrincipalDatabagFactory
Instance.java:4640) at
com.sap.security.core.persistence.imp.PrincipalDatabag.getIDParts(PrincipalDatabag.java:1034) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.isPrincipalDatabagAttributeModifiable(Principal
DatabagFactoryInstance.java:2331) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:255) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:215) at
com.sap.security.core.jmx.impl.CompanyPrincipalFactory.isPrincipalAttributeCreateable(CompanyPrincipalFactory.java:24
71) at com.sap.security.core.jmx.impl.JmxLayoutHelper.getAttributeLayoutInformation(JmxLayoutHelper.java:67)
at com.sap.security.core.jmx.impl.JmxServer.getAttributeLayoutInformation(JmxServer.java:304) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:324) at
com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58) at
javax.management.StandardMBean.invoke(StandardMBean.java:286) at
com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944) at
com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288) at
com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409) at
com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277) at
com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258) at
com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287) at
com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.security.core.jmx._gen.IJmxServer$Impl.getAttributeLayoutInformation(IJmxServer.java:1695) at
com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.getAttributeLayoutInformation(JmxModelCompInterface.java:485)
at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.getAttributeLayoutInformation(InternalJmxModelCom
pInterface.java:441) at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.getAttributeLayoutInformation(InternalJm
xModelCompInterface.java:712) at
com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getAttributeLayoutInformation(UmeUiFactoryCompInterfa
ce.java:675) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getAttributeLayoutInformation(InternalUme
UiFactoryCompInterface.java:519) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getAttributeLayoutInformation(In
ternalUmeUiFactoryCompInterface.java:856) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCopyIn(WriteableDetailInterfaceView.java:179
) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCreateIn(WriteableDetailInterfaceView.java:1
11) at
com.sap.security.core.wd.maintainuser.wdp.InternalWriteableDetailInterfaceView.wdInvokeEventHandler(InternalWriteable
DetailInterfaceView.java:110) at
com.sap.tc.webdynpro.progmodel.generation.DelegatingInterfaceView.invokeEventHandler(DelegatingInterfaceView.java:85)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.navigate(ClientApplication.java:826) at
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.navigate(ClientComponent.java:873) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doNavigation(WindowPhaseModel.java:498) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:144) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:731) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:667) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73) at
com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProx
y.java:879) at
com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java
:77) at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1291) at
com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325) at
com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:831) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at
com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at
com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at
com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at
com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at
com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMe
ssageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at
com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at
java.security.AccessController.doPrivileged(Native Method) at
com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at
com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Severity : Error
Category : /System/Security/Usermanagement
Location : com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.getPrivateIDPart()
Application : sap.com/tcwddispwda
Thread : SAPEngine_Application_Thread[impl:3]_49
Datasource : 19184150:D:\usr\sap\PTD\JC01\j2ee\cluster\server0\log\defaultTrace.trc
Message ID : 000C29F20933005300000AB9000006580004245B630B0BAC
Source Name : com.sap.security.core.persistence.datasource.imp.R3PersistenceBase
Argument Objs : Not a valid SAP user ID: "1Z8uN8K0JUdBbS~Z1WN8". Reason: SAP user ID must contain at least 1 and at
most 12 characters,com.sap.security.core.persistence.datasource.PersistenceException: Not a valid SAP user ID:
"1Z8uN8K0JUdBbS~Z1WN8". Reason: SAP user ID must contain at least 1 and at most 12 characters at
com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.newPersistenceException(R3PersistenceBase.java:178
) at com.sap.security.core.persistence.datasource.imp.R3Persistence.getPrivateIDPart(R3Persistence.java:2532)
at
com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.bindNewPrincipalDatabag(DataSourceBaseI
mplementation.java:340) at
com.sap.security.core.persistence.datasource.imp.R3Persistence$Transaction.bindNewPrincipalDatabag(R3Persistence.java
:8727) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.bindNewPrincipalDatabag(PrincipalDatabagFactory
Instance.java:4640) at
com.sap.security.core.persistence.imp.PrincipalDatabag.getIDParts(PrincipalDatabag.java:1034) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.isPrincipalDatabagAttributeModifiable(Principal
DatabagFactoryInstance.java:2331) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:255) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:215) at
com.sap.security.core.jmx.impl.CompanyPrincipalFactory.isPrincipalAttributeCreateable(CompanyPrincipalFactory.java:24
71) at com.sap.security.core.jmx.impl.JmxLayoutHelper.getAttributeLayoutInformation(JmxLayoutHelper.java:67)
at com.sap.security.core.jmx.impl.JmxServer.getAttributeLayoutInformation(JmxServer.java:304) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:324) at
com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58) at
javax.management.StandardMBean.invoke(StandardMBean.java:286) at
com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944) at
com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288) at
com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409) at
com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277) at
com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258) at
com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287) at
com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.security.core.jmx._gen.IJmxServer$Impl.getAttributeLayoutInformation(IJmxServer.java:1695) at
com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.getAttributeLayoutInformation(JmxModelCompInterface.java:485)
at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.getAttributeLayoutInformation(InternalJmxModelCom
pInterface.java:441) at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.getAttributeLayoutInformation(InternalJm
xModelCompInterface.java:712) at
com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getAttributeLayoutInformation(UmeUiFactoryCompInterfa
ce.java:675) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getAttributeLayoutInformation(InternalUme
UiFactoryCompInterface.java:519) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getAttributeLayoutInformation(In
ternalUmeUiFactoryCompInterface.java:856) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCopyIn(WriteableDetailInterfaceView.java:179
) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCreateIn(WriteableDetailInterfaceView.java:1
11) at
com.sap.security.core.wd.maintainuser.wdp.InternalWriteableDetailInterfaceView.wdInvokeEventHandler(InternalWriteable
DetailInterfaceView.java:110) at
com.sap.tc.webdynpro.progmodel.generation.DelegatingInterfaceView.invokeEventHandler(DelegatingInterfaceView.java:85)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.navigate(ClientApplication.java:826) at
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.navigate(ClientComponent.java:873) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doNavigation(WindowPhaseModel.java:498) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:144) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:731) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:667) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73) at
com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProx
y.java:879) at
com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java
:77) at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1291) at
com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325) at
com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:831) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62) at
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at
com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at
com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at
com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at
com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at
com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMe
ssageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at
com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at
java.security.AccessController.doPrivileged(Native Method) at
com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at
com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)----
caused by
com.sap.security.core.persistence.datasource.imp.r3persistence.SapUidFormatException: Not a valid SAP user
ID: "1Z8uN8K0JUdBbS~Z1WN8". Reason: SAP user ID must contain at least 1 and at most 12 characters at
com.sap.security.core.persistence.datasource.imp.r3persistence.Util.assertSapUidLength(Util.java:73) at
com.sap.security.core.persistence.datasource.imp.R3Persistence.getPrivateIDPart(R3Persistence.java:2512) at
com.sap.security.core.persistence.datasource.imp.DataSourceBaseImplementation.bindNewPrincipalDatabag(DataSourceBaseI
mplementation.java:340) at
com.sap.security.core.persistence.datasource.imp.R3Persistence$Transaction.bindNewPrincipalDatabag(R3Persistence.java
:8727) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.bindNewPrincipalDatabag(PrincipalDatabagFactory
Instance.java:4640) at
com.sap.security.core.persistence.imp.PrincipalDatabag.getIDParts(PrincipalDatabag.java:1034) at
com.sap.security.core.persistence.imp.PrincipalDatabagFactoryInstance.isPrincipalDatabagAttributeModifiable(Principal
DatabagFactoryInstance.java:2331) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:255) at
com.sap.security.core.imp.PrincipalFactory.isPrincipalAttributeModifiable(PrincipalFactory.java:215) at
com.sap.security.core.jmx.impl.CompanyPrincipalFactory.isPrincipalAttributeCreateable(CompanyPrincipalFactory.java:24
71) at com.sap.security.core.jmx.impl.JmxLayoutHelper.getAttributeLayoutInformation(JmxLayoutHelper.java:67)
at com.sap.security.core.jmx.impl.JmxServer.getAttributeLayoutInformation(JmxServer.java:304) at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
java.lang.reflect.Method.invoke(Method.java:324) at
com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58) at
javax.management.StandardMBean.invoke(StandardMBean.java:286) at
com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944) at
com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288) at
com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409) at
com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277) at
com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258) at
com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287) at
com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:776) at
com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330) at
com.sap.security.core.jmx._gen.IJmxServer$Impl.getAttributeLayoutInformation(IJmxServer.java:1695) at
com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.getAttributeLayoutInformation(JmxModelCompInterface.java:485)
at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.getAttributeLayoutInformation(InternalJmxModelCom
pInterface.java:441) at
com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface$External.getAttributeLayoutInformation(InternalJm
xModelCompInterface.java:712) at
com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.getAttributeLayoutInformation(UmeUiFactoryCompInterfa
ce.java:675) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.getAttributeLayoutInformation(InternalUme
UiFactoryCompInterface.java:519) at
com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface$External.getAttributeLayoutInformation(In
ternalUmeUiFactoryCompInterface.java:856) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCopyIn(WriteableDetailInterfaceView.java:179
) at
com.sap.security.core.wd.maintainuser.WriteableDetailInterfaceView.onPlugCreateIn(WriteableDetailInterfaceView.java:1
11) at
com.sap.security.core.wd.maintainuser.wdp.InternalWriteableDetailInterfaceView.wdInvokeEventHandler(InternalWriteable
DetailInterfaceView.java:110) at
com.sap.tc.webdynpro.progmodel.generation.DelegatingInterfaceView.invokeEventHandler(DelegatingInterfaceView.java:85)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.navigate(ClientApplication.java:826) at
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.navigate(ClientComponent.java:873) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doNavigation(WindowPhaseModel.java:498) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:144) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:731) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:667) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232) at
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152) at
com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73) at
com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProx
y.java:879) at
com.sap.tc.webdynpro.portal.pb.impl.localwd.LocalApplicationProxy.sendDataAndProcessAction(LocalApplicationProxy.java
:77) at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1291) at
com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:325) at
com.sap.portal.pb.PageBuilder$1.doPhase(PageBuilder.java:831) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:755) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doPortalDispatch(WindowPhaseModel.java:717) at
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:136) at
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335) at
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143) at
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299) at
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665) at
com.sap.tc.webdynpro.clientserver.session.ClientSessioI found the solution to my own problem. My guess that the generated ID was causing problems was correct. The fix was to change the ume.logon.security_policy.
useridmaxlength to 12 instead of the default of 20.
After I did that and restarted, UME users were working properly. SAP help does describe this issue at the bottom of http://help.sap.com/saphelp_nw04/helpdata/en/b5/16c43bdd3da244a1d3372a77b5f83f/content.htm which I found after the issue had been fixed.
<rant>This is another case of a sub-optimal default value in NW2004s. Why not make it 12 to match the limitation in ABAP by default? There are way too many little things like this in the current stack.</rant>
Rob -
Attribute to lock Portal UME user
Hi SAP Expert,
Does anyone know the attribute for locking UME user id in Portal Batch Import?
I am trying to use 'Portal batch import' to mass lock portal users, that is by importing a batch file with corresponding uid. I search up and down and couldn't find the attribute that responsible for the lock status in portal.
Have anyone experience a similar issue and know where to look for the lock attribute label?
Thanks in advance.Jim,
It sounds like you already have a text list of users, who have left the company and the list is too long to easily search for each individual user and lock them.
One thing you could do is the following:
1. Create a group called temporary.
2. Add this group to all the users as follows:
[user]
uid=john.doe
last_name=doe
group=temporary
If your SAP NetWeaver system is 7.0 or earlier, this removes all other group assignments from these users! If you have SAP NetWeaver 7.1, you can use the following syntax:
group=+temporary
. This add the gorup assignment without removing the others.
3. Start identity management and display all users who are members of this group.
4. From the Table selection menu, choose Select All.
5. Choose Lock.
6. Enter the reason for the lock.
7. Choose Lock.
This seems to be a rather roundabout way to achieve your goal. Unless you are talking about thousands of users, it still might be easier to lock each user by hand:
1. Start identity management.
2. Copy the user name into the search field.
3. Search.
4. Select.
5. Lock.
Repetitive, but not nearly as destructive.
SAP NetWeaver Identity Management offers additional functions, enabling you to trigger the locking of users automatically and removing all authorizations, say if your HR system changed the users status. But it does not sound like you have that option right now.
-Michael -
Is it possible to give seperate authorizations for different users
Hi all,
I have a requirement in crystal reports.
I have created parameters for city and calmonth.
There are 5 cities for example chennai,mumbai patna,agra,bangalore.
For that single calmonth is there as jun2010.
I have done the report. In info view i want ony the chennai city guy to see only the chennai report.
Like wise each city guy should see only their respective reports.
In parameters while drill down i can see all the cities but i want only the respective city user to see only that report.
So if the chennai city guy drill downs he has to see only chennai city
so do you think is it possible to give authorizations like that?
can any one help where can i do it either in crystal reports by writing some logic or in INFOVIEW by giving some authorizations or in BW?
I hope everyone understand my Question.As I said it is much more efficient to implement row level security in the BW itself. Fetching ALL data in the CR reports first and then doing the record selection is not recommended because:
1) You introduce additional security risk in your organization by ignoring data souce security settings.
2) You fetch much more data that you really need in your report and you let the CR report engine do the work. SAP BW can process mass data more efficiently than the CR engine. CR is optimized for displaying data.
3) You may violate the license agreement of your SAP BW system by providing BW data to more users than licensed.
Regards,
Stratos -
Use of Authorizations Tab in User Account for Version 10
Whats the use of Authorizations Tab in User Account for Version 10. Please find the snapshot attached.
Hi Pawan,
SAP Sourcing 10 allow custom script and query-based web services which support OAuth authentication so
client consumer application will consume this web service and if the OAuth handshake is done successfully, then we can verify by going to the Authroizations tab of the User Account of the user that signed on to Sourcing/CLM and allowed the external program to access the particular webservice.
For more insights please refer the Web services cookbook of SAP Sourcing 10.
Hope it helps to some extent.
Best,
Kushagra A -
Java embedding code in BPEL 2.0 giving deployment errors
Hello,
I am using Jdeveloper and SOA 6 11.1.1.0.6 version. BPEL 2.0
When i use simple sysout in the java embedding it is deploying fine but when using XMLElement api in the java embedding it s giving deployment error.
Please suggest me how to make it work.
Please see the error message below:
Error deploying archive sca_FetchAttachments_rev1.1.jar to partition "default" on server soa_server1 [http://XXX.XXX.com:8001]
[01:04:09 PM] HTTP error code returned [500]
[01:04:09 PM] Error message from server:
There was an error deploying the composite on soa_server1: Error occurred during deployment of component: FetchAttachments to service engine: implementation.bpel, for composite: FetchAttachments: ORABPEL-05250Hello Rolando Carrasco,
Thank for responding my question. I figure out the issue. It is because we need to import the java API's what we are using in the java embedding.
Thank you,
Raj -
SSO with different ECC and UME user
Hi everyone!
I'm in MII 12.1.10 and trying to configure MII for SSO logon on ECC through JCO connector. My problem is i have different user in ECC and UME. SSO was configured successfully when user are equals
ECC have a user mapping for users from AD and it's works for SSO on SAPGUI for example.
On MII, user are logged in with AD user. But when i try to call a RFC with a logon ticket didn't work.
So, SSO logon works if, and only if, ECC user and UME user are the same? Can ECC validate the ticket with AD mapping user?Hi Francisco,
The both user name of ECC and UME should be same.
Then only the ticket can be validated.
Can you maintian sam euserid and try the scenario.
Thanks
patrick -
Config manager client deployment script states the user is not a local admin
Guys I posted here a while back in regards to deploying config manager clients in a wan environment.One of the suggestions was to use Jason Sandy's script. I finally got around to playing around with the script however I ran into some strange problems
while testing.I am deploying this via the user side of group policy not the computer side. The script goes out and installs the client the problem is when our users click on any Citrix application the script pops up a message box stating "the user is
not a local admin". I don't see how that's the case because this group of users all have local admin rights on there systems. If I run this script as a domain admin or under the system account everything works smoothly. Citrix is the only application
that's doing this however this is a big deal because we deliver all of our enterprise apps using Citrix. So has anyone here ran into this before?Hi,
As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Wireless Deployment with Active Directory User Group Integration
I am trying to find out the best practice in deploying a WLAN for users in the cooperate environment, which uses their company active directory integrated laptops to join to the WLAN.
I know this can be done using certificates easily but I want to just find a way to deploy this without certificates and only based on the AD user group. Maybe a Radius server + LDAP server integration solution would be great.
Please advice. Thanks.
Cheers
Lal Antony
www.lalantony.comThe easiest way to deply this is with a Microsoft toolkit, it has everything you need included, manuals, scripts to install and configure server-side components and it's very easy to use. You can get it from here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
It's based on Win2003 server but I've been advised by MS that it should be OK on Win2008 as well. -
I want to create a super user on the production server who can create and save the queries only (no other authorization). He can save queries only under $TMP.
For that I have already created role for super user in the transaction PFCG and in business content S_RS_COMP and S_RS_COMP1 I have given all authorization.
Now User is able to create the query, but when He is going to save it the Error message is coming- 'No authorization for create and change'.
Please suggest what I am missing.
Regards,
DheerajHi Dheeraj,
Have you given auth as per http://help.sap.com/saphelp_nw04/helpdata/en/41/05453caff4f703e10000000a114084/content.htm : Analyst3? -
Hello Experts,
For SAP Sourcing 7.0, In a scenario the Buy Side and Sell side users need to be authenticated against NW UME data base. So while configuring the Directory settings the driver is set to NW UME. (for both internal and external users). And attributes (NAME, F.NAME, L.NAME and EMAIL) are mapped with NW UME (Users will be createdpushed to NW in SAP Sourcing and UME). Along with this "bypass_error_block" property is set to "TRUE". When a new user is created in SAP Sourcing 7.0, The same user is created in the NW UME sucessfully.
But while accessing to the URL few errors were noticed;
1) For the first time, When tried to open buyside URL; SAP Netweaver log on page is displayed asking for the user credentials and when the user credentials are provided it takes to the SAP Sourcing page. BUT Is it that when we configure with NW UME, the users need to access through Netweaver log on page (or they will access the SAP Sourcing page)
2) For the second time, When tried to access the system portal(fssystem) on the same explorer, the SAP Sourcing log on page is displayed. And system ID log in happened successfully.
3) Now if the same buy side URL(fsbuyer) is opened on the same explorer then SAP Sourcing log on page is displayed (not the SAP NetWeaver) asking for user credentials and when user credentials are provided it throws an error "Entry Doesn't exist".
(NOTE:- It was verified that the URL for point 1 and point 3 are one and the same)
4) In order to get back to the NetWeaver log on page to access the SAP Sourcing system, we need to close all the explorers and reopen the buyside portal.
More over; For the Enterprise log in, one interesting property was found; when we try to log in for the first time it throws an error " Entry doesn't exist". But from second time onwards it successfully allows for log in.
Is there anyone who is facing similar type of error. Or is there any other settings need to be done for cluster and directory configuration?
Your help would be really appreciated.
Thanks
JagamohanThis tool looks interesting, and might be useful to Rao, but it would need some improvements to make it secure. I suggest using cryptographically secured session between the domain controller and the SAP system so that password changes can be send to SAP, and then captured by an RFC function module, and written into SAP user store. Since RFCs in SAP can be secured using SNC, and AD uses Kerberos, it would be good/easy to use Kerberos to secure the session between the DC and SAP ABAP when passing the password over the network. Then, the J2EE engine can be configured to use ABAP as the user store via UME. The end result is that Active Directory can be used to authenticate to SAP, and if AD is not available, or wide area network is not available the ABAP/UME password can be used locally.
One issue worth considering, is what happens when there is no network connection from the domain controller to the SAP system ? The software would have to queue the request so that when network connection is back, the password change is pushed to SAP system, and then the two password stores will be in sync at all times. Without this queuing system there is a chance the password will get out of sync.
Obviously, a lot of work to do in order to make this work, especially if you want it to work securely and reliably. However, it has some possibilities.
Take care,
Tim -
IdM 7.2 UI - link between UME "User ID" and MSKEYVALUE
Hello together,
if we provide somebody access to the user interface of the IdM the user has no permissions/can not see any tab in the Portal UI.
The user has the necessary UME actions/role in the portal and the corresponding identity has the nescessary MX_PRIV* privileges in IdM.
We are using generated MSKEYVALUEs in our IdM landscape which are not the user IDs of the employees. Therefore UME "User ID" and IdM "MSKEYVALUE" are not the same.
Example:
My user ID in the portal: micfra
My MSKEYVALUE in the IdM: 0123456
But there is another Z attribute which contains my user ID.
If I Change my MSKEYVALUE temporary to "micfra" everything is working fine.
Is there any possibility to configure the IdM so that another attribute will be used to link both systems? How can I provide user Access to UI when MSKEYVALUE do not contains user ID of portal?
Thanks and best wishes
MichaelHi Michael,
I've always had MSKEYVALUE and my UME ID match when using UME as the back end. It's just easier and provides a known, common link between my systems.
However it seems if you wish to use another value, you can change this by going to your Identity Store, General Tab, and change the value of Unique ID.
Hope this helps,
Matt -
Is there any BAPI or FM to authorization object to user in ABAP program??
Hi guys.
My requirment is to assign authorization object to user in ABAP program,is there any FM OR Bapi to do this?Hai ,
In order to do the authority check in the program , in your report at selection-screen event you need to check for the corresponding authority output .
example :
T SELECTION-SCREEN ON p_carrid.
IF p_carrid IS INITIAL.
MESSAGE 'Please enter a value' TYPE 'E'.
ENDIF.
AUTHORITY-CHECK OBJECT 'S_CARRID'
ID 'CARRID' FIELD p_carrid
ID 'ACTVT' FIELD '03'.
Regards,
K.VinayKumar -
Authorization error; unknown user name or incorrect password
Hi,
We are facing the issue logging into Integration Builder in PI system getting "Authorization error; unknown user name or incorrect password" for all the users.I able to login NWA in PI system.Please find the default trace details below.help us.
#1.#5611B888D81000840000018F0284005E0004B97914AC4703#1329829595847#com.sap.engine.services.security.authentication.logonapplication#sap.com/com.sap.security.
core.admin#com.sap.engine.services.security.authentication.logonapplication.doLogon#J2EE_GUEST#0##fxtcs.unix_FXT_336466250#Guest#e2057c775c8c11e1bb605611b888d
810#SAPEngine_Application_Thread[impl:3]_49##0#0#Error##Java###doLogon failed
[EXCEPTION]
#1#com.sap.security.core.logon.imp.UMELoginException: USER_AUTH_FAILED
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:946)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:208)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:914)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.uidPasswordLogon(SAPMLogonLogic.java:578)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:158)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regrads,
ManiHi,
Check this for the roles required for integration builder [http://help.sap.com/SAPHELP_NW04S/helpdata/en/c4/51104159ecef23e10000000a155106/content.htm]
Accordingly get the required role assigned to the user you are using there.
Unlock the user if it is locked
Reset the password and provide the new password in the login settings
Give a try again
Regards,
Venkata S Pagolu
Edited by: Venkata Pagolu on Feb 22, 2012 4:23 PM
Maybe you are looking for
-
I can no longer update existing or download new apps onto my MacBook Pro of late?
I can no longer update either existing; or download new apps any more on My MacBook Pro? This is a new thing, and seems to have coincided with getting my new iPhone 4S the week before last? If had the MacBook since Dec 2010, and this is the first tim
-
Is it possible to get message screens of the Office jet 100 without the full package?
i have a office jet 100 and want to have interaction with my printer (get messages if my cartages empty, no paper, etc), but i don't want to install 800MB of software for a couple of pop-up screens. I want to know if it is possible to get the followi
-
Oil Paint Filter Doesn't Turn Out
I'm using the oil paint filter and for some reason it doesn't turn out when I use it. It doesn't seem to be an issue for very very small sized images, if I make the photo smaller it will work just fine. However, for any regular sized images I get thi
-
Hi, This topic is to be reconciled with this one : http://forums.adobe.com/message/3787868#3787868 This behaviour has very bad side effects as I am going to describe : - With Reader X installed one can reproduce the basic behaviour opening a windows
-
Need to encrypt string in ColdFusion and Decrypt in Flex
My company is developing a standalone, offline Flex/AIR application. When users of the Flex/AIR app. want to activate the application, we will send them an activation file that contains an encrypted string. The string will hold the unique set-up data