IBNS with ISE, authorization issue

Similar Messages

• MSE-provided location used with ISE Authorization Profile

              Hello Everyone,
  Can MSE-provided location be used in an ISE Authorization Profile?
  Thanks much,
  David D.

  Yes, ISE 1.2 can used this feature if it is used with Merridian or Ironmobile integration. and This is still in Road Map.

• Need help with Itunes Authorization issue

  I've been a Itunes/Ipod user for a couple years. During that time, I've sure spent over $500.00 on Itunes music from the Itunes store for my Ipod. My daugter and I both have Ipods.. There have only been 2 machines with Itunes installed here but I occasionally rebuild my computers to have the latest and greatest hardware for my business.. The other day I backed up all my music and data before rebuilding my machine due to hardware upgrades. Everything went smoothly including importing my purchased music back into Itunes.. The problem is I can't listen to it now. When I try to double click a song I get an error that says "You have already authorized 5 computers with this account. To authorize this computer you must first deauthorize one of the other computers" This isn't possible because the computers aren't around anymore to deauthorize. They were all housed (except 1, my daughters pc) in the same case as I have now.. Please respond...

  The other day I backed up all my music and data before rebuilding my machine due to hardware upgrades.
  okay. you may have ended up with multiple authorisations on that PC due to the system changes. if so the following documents should be of some help with techniques for freeing up authorisations:
  One computer using multiple iTunes Music Store authorizations
  About iTunes Store authorization and deauthorization

• Authorization issue during Jump

  Hi all,
  I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
  Both the multiprovider and the base infocube have the same authorization objects checked.
  Can someone please help?
  Regards,
  Ashmith Roy

  Pls have a look on the below thread:
  Authorization by InfoArea
  Regards
  Ganesh
  *Assign points if this helpful

• ABAP dump on authorization issue

  hello,
  I am not sure if this is the correct forum for this or not.
  I have an ABAP program that was written before I got here that performs the following statement
  <b>OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.</b>
  where w_file is a file on the app server. the users that run this program have no issues.
  I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
  Runtime Error      OPEN_DATASET_NO_AUTHORITY
  Except.               CX_SY_FILE_AUTHORITY
  I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
  thanks in advance for your help

  I believe you can use FM to check if user has sufficient authorization.
  NOTE: authority-check uses PROGRAM NAME, so it looks like your profile should be updated with new program name.
  Here is what help says :
                                                                                  Check file access authorization                                                                               
  Functionality                                                                               
  This function module allow you to check the user's authorization to          
      access files (with the key words OPEN DATASET, READ DATASET, TRANSFER and    
      DELETE DATASET). A check should be performed before opening a file.                                                                               
  The authorization check is performed uwing the authorization object          
      S_DATASET.                                                                               
  Description of function parameters:                                                                               
  o  PROGRAM: Name of the ABAP/4 program that contains the file access. If     
         no program name is specified, the system assumes the current program.                                                                               
  o  ACTIVITY: Access type. The possible values are:                                                                               
  -  READ:              Read file                                           
         -  WRITE:             Change file                                         
         -  READ_WITH_FILTER:  Read file with filter function                      
         -  WRITE_WITH_FILTER: Change file with filter function                    
         -  DELETE:            Delete file                                                                               
  o  FILENAME: Name of accessed file                                                                               
  Example                                                                               
  TYPE-POOLS SABC.                                                                               
  CALL FUNCTION 'AUTHORITY_CHECK_DATASET'                                      
           EXPORTING  PROGRAM          = 'ZDATASET'                                
                      ACTIVITY         = SABC_ACT_READ                             
                      FILENAME         = '/tmp/sapv01'                             
           EXCEPTIONS NO_AUTHORITY     = 1                                         
                      ACTIVITY_UNKNOWN = 2.                                                                               
  Notes                                                                               
  The values to be passed as the ACTIVITY are defined as constants in the      
      TYPE-POOL SABC.

• Authorization issues on opening a dataset

  hello,
  I am not sure if this is the correct forum for this or not.
  I have an ABAP program that was written before I got here that performs the following statement
  OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
  where w_file is a file on the app server. the users that run this program have no issues.
  I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
  Runtime Error OPEN_DATASET_NO_AUTHORITY
  Except. CX_SY_FILE_AUTHORITY
  I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
  thanks in advance for your help

  Hi Timothy
  Well it is the correct forum
  When ever your accessing the file system the authorization object S_DATASET is checked.
  This object has Filename, activity and <b>program name</b> as input parameter.
  Best Practice would require you to limit access as much as possible, so my guess is that access only has been given to the original program, and not your new one - that's why your getting the ShortDump.
  You can find the documentation here: http://help.sap.com/saphelp_webas620/helpdata/en/fc/eb3d5c358411d1829f0000e829fbfe/frameset.htm
  Regards
  Morten Nielsen

• Flexconnect with ISE Issue

  Hi Everyone,
  I have a issue trying to deploy Flexconnect in WLC integrated with ISE.
  In the scenario, the users are working properly through the wireless network and they are able to authenticate, the NAC agent is invoked and everyone can get authorization access to the network using Radius NAC as NAC State. But when we tick the feature ""FlexConnect Local Switching"" and change the users cannot get IP Address from DHCP and the client status in WLC show POSTURE_REQD.
  We can see this in ISE that the user is able to authenticate but never get authorization and the NAC state is not showing in the PC.
  Any idea about this issue?? This is maybe any limitation or configuration error?
  Regards

  There are some documents for this type of deployment:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080c090eb.shtml
  http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bcb905.shtml#anc13
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Authorization Issue with ODS

  Dear all,
  I have an authorization issue with two ODS.
  One I activated for BEx reporting --> Is working fine in Dev, but I get error with
  missing authorization in QUA, althought some authorizations.
  Same issue with a newly created ODS, which works in Dev, but gives an error
  with missing authorization in QUA.
  What can be the reason for this? Any input is highly appreciated!
  Cheers,
  Claudia

  Hi,
  check that the role(s) are transported from your DEV and your QA, and that the user has the correct role(s)
  Check as well in your QA transaction RSSM for your ODSs objects; it might be that by transporting the ODS, some authorizations have been applied by default.
  hope this helps...
  Olivier.

• Issues with Analysis Authorization on Infoset

  Hi all
  We are facing an issue with Analysis Authorization on Infoset, it doesnt seem to throw authorization error when we access a record that is outside the authorization. We tried to use the same authorization set up from the same user we try to access the a record that is outside the authorization it behaves correctly.
  Here is my setup
  0CRM_MKTELM__0CRMCAMPTYP = ZA11
  0TCAACTVT = *
  0TCAIPROV = *
  0TCAVALID = *
  When I tried to access ZA12 it should throw an authorization error but for infoset it doesnt seem to work. Is there anything that we should take note for Infoset?

  Hi Chee,
  I am getting similar issue.
  I believe navigational attribute was already a authorization relevant in your case.
  What and where did you set it as authorization relevant to make it work on infosets.
  Regards,
  Ramz

• Issues with Analysis Authorization checks in APO

  Hi Friends,
  I am facing an issue with Analysis authorization checks in APO.
  We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
  Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
  This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
  In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
  However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
  Resultant trace results are as below: This should not happen..
  I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
  Will it be possible for you to advise on what could I be missing.

  Hi All,
  If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
  while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
  Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
  Please advise.. Thanks..
  Regards,
  Prakash

• Authorization issue with VA02 radio buttons

  Hello All,
  We are stuck at one authorization issue. The user navigates using tcode VA02.
  1)     Execute Tcode -VA02=>
  2)     2) puts order number # 100001 =>
  3)     press enter =>
  4)     press enter =>
  5)     Screen: Change (Company Name) Return 100001: Overview =>
  6)     Option: Display doc. Header details (looks like a magnifying glass beside PO_date) =>
  7)     This bring us to Change (Company Name) Return 100001: header Data =>
  8)     select status tab =>
  9)     on Status tab lower end there is a button u201CObject Statusu201D =>
  10)     Press it => 
  11)     Come to Change Status :
  12)     On this screen There is Status with status no. on the right side with 7 options
  e.g:
  u2022     1 BLK Approval Required for,
  u2022     2 BL1 Approval for Credit,
  u2022     3 BL2 Approval for material Replacer
  We need to restrict the radio button access for user for which we are unable to find the authorization object.
  Could any one help.
  Thanks & Regards
  gab

  Hi,
  Use ST01 to trace the user activities and check which objects its hitting when you click on those buttons, then you can restrict radio buttons using those objects.
  I have'nt run the tcode myself and performed the steps you mentioned, but if you think its calling other transaction from those buttons you can manage tht in SE97, or add the t-code VA02 in the S_tcode auth object in PFCG.
  Hope this should get you going
  Thanks,
  Vijay

• Authorization issue with 1080p videos

  I deleted the movies Toy Story 1, 2, and 3, and upgraded them to 1080p.  Now when I try to play them on my ATV3, I get a message saying that authorization is required.  Other movies purchased with the same account work OK.  I tried deauthorizing iTunes, signing out of the iTunes store on the iMac and ATV3, but nothing has worked.  I also tried deleting one of the movies again and redownloading, which had no affect.  I sent email to apple support, and they just sent a link with instructions to do the same things I had already tried.  I read in a couple of other threads that apple was had trouble with their authorization servers, but that was back in March.
  Any suggestions to resolve this issue would be greatly appreciated.

  Hi,
  check that the role(s) are transported from your DEV and your QA, and that the user has the correct role(s)
  Check as well in your QA transaction RSSM for your ODSs objects; it might be that by transporting the ODS, some authorizations have been applied by default.
  hope this helps...
  Olivier.

• Sap bi authorizations issue with query designer..

  i am using bw 3.x and bi 7 query designer with different kind of probs?...
  i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
  and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
  please suggest if any authorizations should be added or not

  hi suman chakravar,
  thanks for replying,
  can u be little bit clear about the steps.
  i went to tcode su01 and entered profile 0bi_all..it doesnt work.
  and executed tcode su56.there i can find list of BI related authorization profiles
  i added s_rs_all profile to my user. even then i face the same problem.
  i can see only queries in query designer of bi 7 format and i can not view info providers.
  i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
  Edited by: satishchow on Dec 14, 2011 3:23 PM

• Authorization Issue with P_HAP_DOC

  Hi experts,
  we have a problem with our authorizations approach concerning the appraisal documents.
  The situation is the following: We have two different approaches for appraisals. 1st as a manager you give appraisals to your assigned employees and as the employee you can see the appraisals assigned to you and can maintain in certain statuses. That works fine. So generally the access should be restricted to the line. This is achieved by using structural authorizations for the line manager.
  But secondly we have a feedback appraisal where also "further participants" shall give their feedback to any employee. Those further participants do not need to be in the same line!
  Currently we ran into the problem that the 2nd scenario is not working because we need also to restrict the access to employees. But if we grant the access with a certain structured profile (that contains all "P") all performance appraisal can be see from everybody.
  Can it be that the problem is because the further participants are not treated as appraisers in respect of authorizations.
  Does anybody have any idea how to approach a suitable solution? Any help is welcome.
  Please share your thoughts.
  Thanks and regards
    Michael

  Hi Subbu,
  thanks for your reply and the helpful comment.
  The process is not exactly as you discribed. The scenario where we have the problem is a feedback appraisal that is initiated by the HRBP (business person from HR). He creates the appraisal document with the employee as appraisee and direct manager as appraiser. But additionally the manager can request a second feedback provider who can be place anywhere in the org structure, not necessarily in the same line.
  And this is exactly the problem. This person as further participant need to have access to this special appraisal document but not any other of this person (not even to one of the same kind).
  Can this requirement be achieved by your suggestion?
  What we need for our requirement is that we allow the access to the object P through structural authorizations. He also needs to have access to objects VA, VB and VC to be able to work on any appraisal at all. This combination unfortunatly now leeds to our problem that the employees now can see all appraisals with all results.
  Thanks and regards
    Michael

• ISE Authorization Policy

  Hey guys,
  I have a question regarding ISE Authorization Policy. In my test lab, I don't have any wired station, and what I have is a wireless lapotp. I have configured to allow only EAP-TLS authentication. Now, my problem is I keep getting "15039 Rejected per authorization profile."
  Under the Policy > Authorization, I created a rule where I just want to allow on EAP-TLS either via machine or user identity, and the bottom is the default DenyAccess. When I tried to join the wireless network, I kept getting denied. I checked the ACL counters on the WLC side and it was not increasing.
  I changed the default DenyAccess to PermitAccess, and I was able to join the wireless network no problem, and the ACL counters on the WLC side increased.
  It seems like I am hitting the default Authorization Policy first which is on the bottom of the authorization policy.
  I attached the failed and authenticated logs that I got from ISE.
  Has anyone have encoutered this issue?
  The version that I have is 1.1.1
  Thanks
  P.S.
  I went back to check my autorization condition, and it is blank (See the 1st screenshot)

  Hi,
  it is obvious that you are not matching any condition.
  rather than keeping the condition blank, fill it with a condition that is always match and try if that helps.
  Regards,
  Amjad
  Rating useful replies is more useful than saying "Thank you"