Info provider based Security

Similar Messages

• BI Statistics NW2004S Content - Virtual Info Provider 0TCT_VC01

  Hi
  We implemented BI NW2004S statistics for front end OLAP analysis  which consists of info providers 0TCT_C01, 0TCT_C02. However, when we activated the queries, we are not seeing enough data in queries even though the info providers are loaded correctly. SAP has provided content for 0TCT_VC01 & 02 as virtual info providers which are used in multi providers -0TCT_M01 & M02 along with the base info providers mentioned above. All content queries are built on these multi providers and currently in our multi provider we have just base info providers but not virtual info providers.
  Now my question is, on virtual info providers - These virtual info providers are based on DTP and am just wondering which data source I should use to maintain transformation as info provider based on DTP would require transformations to load the cube. I have used data sources 0TCT_DS01 & 02 to map transformations to base info providers 0TCT_C01 & C02 respectively.
  Pls confirm on how I should use these virtual info providers as part of multi providers and which data source should I use to maintain transformation.
  I am hoping that by including virtual info providers into the above multi providers, I would be able to see the data to analyze query performance during user navigations.
  Appreciate your response.
  Thanks

  RSDDSTAT_OLAP->0TCT_DS01(data source)->InfoPackage->0TCT_C01(0TCT_MC01)->0TCT_MC01_Q*(queries)
  The cube 0TCT_C01 gets filled from data source 0TCT_DS01 which is again gets data from the view RSDDSTAT_OLAP.
  So whenever you run queries (3.x or 7.0) or templates (3.x or 7.0) or workbook (3.x or 7.0), this view gets filled.
  So, you please schedule the releavant process chain or infopackage which will fill the cube 0TCT_DS01, then you will be able to use the queries built on this cube.These process chains are starting with 0TCT*.The installation steps and scheduling steps are very well explained in the note 934848.
  P.S. SAP delivered queries are based on multicube 0TCT_MC01 (built on 0TCT_C01 and 0TCT_VC01) and not on 0TCT_C01
  0TCT_VC01 Usage -
  The purpose of virtual cube 0TCT_VC01 is to give delta data.
  For ex, you would've scheduled the process chain for loading 0TCT_C01 every day in the mid-night. If you are running the query built on 0TCT_MC01 cube in the morning, you will miss the data from yesterday mid-night till today morning. To give this delta data, the virtul cube is used in the multi cube.
  Hope it Helps
  Chetan
  @CP..

• Error reading data from Info Provider

  Hi Folks,
  I am executing a report and am getting the following error message:
  Error reading data of Info Provider.
  System Error: Whole Number Overflow on Multiplication.
  The infoprovider being read is a Virtual Info provider Based on DTP/3.x InfoSource.
  Let me know what could be the potential problem here ? How would I fix such issues.
  Regards
  Arjun

  Hello,
  There is some problem in data. Check if in transformation u have any formulas or routines.
  regards,
  Shashank

• Problems generating Hana analytic privileges based on BW info provider

  Hi Experts
  We generate Hana views based on BW Info Providers. We follow the guide “SAP First Guidance – SAP NetWeaver BW 7.40 on HANA View Generation”. . The views appear perfectly in Hana Studio but we are not able to generate the authorizations in Hana.
  On the BW side we have a authorizations relevant info object in the DSO that generate the View in Hana. The info object is linked to an authorization object that again is linked to a role. The role is the assigned to a user. We have synced all our users from BW to Hana using the standard concept (same username in BW and Hana).
  When the view is generated we can see that view in Hana and we can see that a role is also create in Hana. But there are no analytical privilege created and there are no entries added in the table RS2HANA_AUTH_STR. The user also do not get the role assigned to him.
  Are there any other steps that need to be done to be able to generate the authorizations in Hana based on BW authorizations?
  We use BW 7.4 and the generate function (not the import function into Hana).
  Kind regards
  Erik

  Hi Erik,
  Please check if below characteristics are included in the analysis authorization assigned to the user:
  0TCAIPROV = Info provider id
  0TCAACTVT = 03
  0TCAVALID = *
  0TCAKYFNM = *
  <authorization relevant characteristic of your info provider> = Required value.
  If you are assigning these authorizations now, run RS2HANA_CHECK tcode for this user. This should generate analytic privilege and user should get the role in HANA.
  Thanks

• Identiying the Profiles based on the input of Info provider

  Hi BW Experts,
  Right now i know the Info Provider Name.I just want to identify the profile name based on the input of Info Provider.
  Can you suggest me any TCODES for identiying the profiles.
  Thanks,
  Jelina.

  Hi,
  I'm explainning below the steps I usually take.
  You'll need to:
  1) Access RSSTOBJDIR table.
  2) Fill INFOCUBE parameter with the infocube's technical name and the AKTPS one with 'X'.
  3) Get the authorization(s) object(s) - OBJECT column.
  4) Go to the AGR_1251 table.
  5) Fill OBJECT parameter with the value(s) of step 3.
  It will be returned a list with the required profiles to access the infocubes entered on step 2.
  Regards,
  Tiago.

• Trying to purchase Lion, but am asked "To use this apple ID you must first login to My Info Web page then provide additional security information.  It won't let me get there to provide info for this purchase?

  Trying to purchase Lion, but next window ask that I must login to my info web page to provide additional security info, in order to use this apple ID.  But the next page says that Safari can't load.  I emptied the cache and reset, but lost as to what to do next in order to purchase lion?

  solved

• How can I turn off the WLS 6.1 security in order to develop my own application-based security module?

  Dear Colleagues,
  I am currently developing a J2EE application using WLS 6.1.
  My team and I have to implement a security requirement to suit our company's needs.
  The security requirements are that, users' password need to be aged (30 days maximum) and we need to provided a GUI front-end (JSP) to allow users to change their password when these expire after 30 days.
  Our internal contacts in the company, have already taken the lead to find out about whether we will be able to use the WLS 6.1 platform to do this and the answer we got back, was.
  Now we need to develop our own security module.
  I have 2 questions:
  1. How can we turn off the WLS security in order develop our own application-based security module?
  2. How can we develop a security module that allows us to age users' password and provide them with facilities to change their passwords when these expire?
  At the moment, we are using the default BEA WebLogic login.jsp page and there some configuration in the web.xml for this. I will be grateful if you could advise me on how to turn this default security off so that we can write our own security module.

  hi,
  1.You can write your own realm in 61 which can plugged for your security
  calls.
  2. once you write your ownrealm.. you can access it through weblogic
  api/ur api..
  thanks
  kiran
  "Richard Koudry" <[email protected]> wrote in message
  news:3dd0d081$[email protected]..
  Dear Colleagues,
  I am currently developing a J2EE application using WLS 6.1.
  My team and I have to implement a security requirement to suit ourcompany's needs.
  >
  The security requirements are that, users' password need to be aged (30days maximum) and we need to provided a GUI front-end (JSP) to allow users
  to change their password when these expire after 30 days.
  >
  Our internal contacts in the company, have already taken the lead to findout about whether we will be able to use the WLS 6.1 platform to do this and
  the answer we got back, was.
  >
  Now we need to develop our own security module.
  I have 2 questions:
  1. How can we turn off the WLS security in order develop our ownapplication-based security module?
  >
  2. How can we develop a security module that allows us to age users'password and provide them with facilities to change their passwords when
  these expire?
  >
  At the moment, we are using the default BEA WebLogic login.jsp page andthere some configuration in the web.xml for this. I will be grateful if you
  could advise me on how to turn this default security off so that we can
  write our own security module.

• Error in Role Based security using weblogic 9

  Hi All,
  Currently I am working with Weblogic Server 9. I am trying to use role based security. Below is the entries for web.xml.
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Success</web-resource-name>
            <url-pattern>/form.jsp</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
            <role-name>admin</role-name>
       </auth-constraint>
       <user-data-constraint>
  <transport-guarantee>INTEGRAL</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>myrealm</realm-name>
  </login-config>
  <security-role>
       <role-name>admin</role-name>
  </security-role>
  When I am calling form.jsp from the browser it is asking for the username and password, but after giving the username and password it is showing the followig error:
  Error 403--Forbidden
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  So can any one provide me the solution for the above problem.
  Thanks in advance.
  By,
  Sandip Pradhan

  Here is a blog post for the backend (WebLogic Admin GUI) http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-role.html and a blog post for the web.xml in your project http://disaak.blogspot.com/2009/11/migrating-to-weblogic-configure-ear.html.

• Form based security in WebLogic 7.0 - back button quirk

  I have an application comprised of several JSPs that are protected via Form based
  security and enforce an SSL connection via the appropriate declarations in the
  web.xml. This aspect of the application seems to be working with the exception
  of one small quirk.
  If a user presses that back button until such time as the receive the container
  provided login page once again, and subsequently provide a valid user id and password,
  they are NOT successfully logged in. Rather, they receive the ugly 403 Forbidden
  error that states that the server understood the request, but is refusing to fufill
  it. This only seems to happen given the above course of events involving the
  use of a back button in the browser (or selection of an item from the history
  list). I suspect that this has something to do with the session id being cached
  or something, but I'm not sure? Can anyone offer any assistance on this one?
  Also, does anyone know of a way of preventing the user from bookmarking this container
  provided login page as this also seems to be causing problems for users. If they
  bookmark the first protected page of the application all is fine, but if they
  bookmark the login page they receive the 403 error.
  Thanks in advance!

  The cure for the symtops described below was to simply add a welcome-file-list
  element with appropriate welcome pages to the web.xml descriptor. It makes sense
  now that I have worked it out.
  Todd
  "Todd Gould" <[email protected]> wrote:
  >
  I have an application comprised of several JSPs that are protected via
  Form based
  security and enforce an SSL connection via the appropriate declarations
  in the
  web.xml. This aspect of the application seems to be working with the
  exception
  of one small quirk.
  If a user presses that back button until such time as the receive the
  container
  provided login page once again, and subsequently provide a valid user
  id and password,
  they are NOT successfully logged in. Rather, they receive the ugly 403
  Forbidden
  error that states that the server understood the request, but is refusing
  to fufill
  it. This only seems to happen given the above course of events involving
  the
  use of a back button in the browser (or selection of an item from the
  history
  list). I suspect that this has something to do with the session id being
  cached
  or something, but I'm not sure? Can anyone offer any assistance on this
  one?
  Also, does anyone know of a way of preventing the user from bookmarking
  this container
  provided login page as this also seems to be causing problems for users.
  If they
  bookmark the first protected page of the application all is fine, but
  if they
  bookmark the login page they receive the 403 error.
  Thanks in advance!

• Evidence based security

  Does wcf 4.5 and onwards support evidence based security. Please refer to some useful links on msdn. Thanks in advance.

  Hi DotNetIndia,
     As per my research of this case, the following links which may guide you to provide the corresponding details :
  1.Refer about Security Considerations and Best Practices for WCF
  http://visualstudiomagazine.com/articles/2013/08/01/security-considerations-and-best-practices-for-wcf-4-apps.aspx   
  2.Refer about WCF : Understanding Security
       http://dotnetwithme.blogspot.com/2007/08/wcf-understanding-security.html
  3.Refer about Authentication and Authorization in WCF Services     
     https://msdn.microsoft.com/en-us/library/ff406125.aspx
  4.Refer about Best Practices for Security in WCF
      https://msdn.microsoft.com/en-us/library/ms731059(v=vs.110).aspx
  5. Refer about new features in WCF4.5
      https://msdn.microsoft.com/en-us/library/dd456789(v=vs.110).aspx

• RBAC / Role Based Security Set Up in R12

  We are working with a 3rd party consulting organization to implement Role Based Access Control in E-Business Suite R12. We have approximately 50 users and with 35 responsibilities today and are currently in the process of designing our role based security set up. In advance of this the consulting company has provided us with effort estimates to cutover from the current responsibility structure to RBAC. We are told this must be done while all users are off the system. The dowtime impact to the business is very high, expecially considering our small user base.
  With RBAC cutover downtime estimates such as these I can't understand how any company larger than ours could go live with it?
  Does anyone have previous Role Based Access Control implementation experience in EBS R11i or R12 and could provide some insight on their experience and recommendations, best practice for cutover to mitigate impacts to the business as we cannot accept the 90 hours of downtime outlined by the consulting company below?
  Disable users old assignments:
  *12.00 hours*
  Disable Responsibilities targeted for the elimination:
  *12.00 hours*
  Disable Responsibilities targeted for the elimination:
  *16.00 hours*
  Setup OUM options and profiles:
  *6.00 hours*
  Setup Roles and Hierarchies:
  *14.00 hours*
  Grant Permissions:
  *12.00 hours*
  Setup Functional Security and disable the obsolete responsibilities:
  *12.00 hours*
  Setup Data Security and disable the obsolete data accesses:
  *6.00 hours*
  Total *90 hours*
  Note - all activities must be performed sequentially*
  Any advice or experiences you could share would be extremely valuable for us. Thank you for taking the time advance to review & respond.

  On Srini`s comments "Creating Roles.. will have to be done manually "... I would like to know will the same approach be followed for PRODUCTION instance also. Say if we need to create 35 responsibilities and 50 roles so should this be done manually in PRODUCTION.
  I have not worked on this but I know that in my previous company this was done using scripts. Need to find more on this.

• Information Broadcasting(Event Data change in Info provider)

  Hi All,
  Does anyone have experince on the functionality Information Broadcasting ,Can you please help me where we use Trigger event when change in the info provider in the process chains.I want to know when we use the (Trigger event in the Broadcaster) in the process chains,how will it take effect in the Information Broadcasting scheduler screen when we select the particular Info provider when there is any data change.Can you please elaborate on the topic if any one has used the event data change in the info provider.Actually I Executed and scheduled the pocess chains, when I go to the Process chain log ,It says that the Job is finished and the data change is occured for the Cube,but I dont get any error message and I dont get any mail to my Inbox.Can you please through some light  if anyone has worked on this,Answers are always appreciated and rewarded.
  Thanks.

  Hi,
  Usually we trigger an event in SM64 tcode..if u want to create an event u will go for SM62.
  In addition to time- and calendar-based job scheduling, the background processing system supports event-driven scheduling.
  Triggering an event notifies the background processing system that a particular condition has been met. The background processing system reacts by starting any jobs that were waiting for that event.
  Events are not saved. Once an event occurs and triggers any jobs that were waiting for that event, the event is discarded
  U can monitor process chain via Tcode 'CCMS'..
  Information broadcasting allows you to make objects with Business Intelligence content available to a wide spectrum of users, according to your own requirements.
  Go through this
  Information Broadcasting:
  http://help.sap.com/saphelp_nw04/helpdata/en/a5/359840dfa5a160e10000000a1550b0/content.htm
  Including an Event Data Change in a Process Chain :
  http://help.sap.com/saphelp_nw04/helpdata/en/ec/0d0e405c538f5ce10000000a155106/content.htm
  Regards-
  Siddhu
  Message was edited by: sidhartha

• Is there any difference in upgrade for position based security model

  Hello Gurus,
  I am working on a Upgrade project from 4.6c to ECC6.0 , In 4.6C R/3 system position based security concept is used.
  Are there any extra precautions need to be taken while upgrading in a position based security model ?
  Or
  Is it the same procedure either it is a role based security model or a postion based security model.
  iam new to this upgrade stuff, please kindly direct me in the right direction.
  Also please provide if any documents are available.
  Thanks,
  Sanketh.

  Hi,
  Already there are many document posted on SDN on same . Security upgrade is standard and mostly deal with role modification and can you elaborate more on Position based. Positiong related assignment also taken care with respective functional team  for ex :HR and technical team Workflow if there are any issues.
  Better you go throug the upgrade document .see post already available in forum before starting with upgrade.
  Experts correct me in case of correction.

• Info set , info provider and info spoke

  Hi gurus plz give me the difference in between info set and info provider and info spoke. and give me what are the prerequisites are needed to process infoset, infoprovider and info spoke?
  Regards
  Vidhu

  InfoProvider
  An InfoProvider is an object for which queries can be created or executed in BEx
  Check this for more,
  http://help.sap.com/saphelp_nw04/helpdata/en/4d/c3cd3a9ac2cc6ce10000000a114084/content.htm
  Infoset:
  An InfoSet is a special view of a dataset, such as logical database, table join, table, and sequential file, and is used by SAP Query as a source data. InfoSets determine the tables or fields in these tables that can be referenced by a report. In most cases, InfoSets are based on logical databases.
  SAP Query includes a component for maintaining InfoSets. When you create an InfoSet, a DataSource in an application system is selected.
  Navigating in a BW to an InfoSet Query, using one or more ODS objects or InfoObjects.You can also drill-through to BEx queries and InfoSet Queries from a second BW system, that isConnected as a data mart.
  The InfoSet Query functions allow you to report using flat data tables (master data reporting).Choose InfoObjects or ODS objects as data sources. These can be connected using joins.You define the data sources in an InfoSet. An InfoSet can contain data from one or more tables that are connected to one another by key fields.The data sources specified in the InfoSet form the basis of the InfoSet Query.
  Check the link for more,
  http://help.sap.com/saphelp_nw2004s/helpdata/en/ad/2225391d4f000be10000000a114084/frameset.htm
  InfoSpoke:
  Info spoke is an open hub destination defines to which target the data is to be relayed.
  Check this link for more,
  http://help.sap.com/saphelp_nw2004s/helpdata/en/ad/2225391d4f000be10000000a114084/frameset.htm
  Check this doc also,
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/eb462104-0701-0010-07ae-d866630e0989
  Hope this gives you a good idea...

• Configure Keystore-Based Security on BPEL 11g Service

  Hi,
  I've been exploring OWSM, but haven't found a guide to attach a JKS keystore-based security to a BPEL service. I'm looking for information like attaching a keystore to weblogic, and configuring SOA services to interact via this security mechanism.
  Thanks in advance,

  Doesn't help.
  That is basically telling me how to create, import, export, etc. keystores which I already know and have in place.
  The menu structure given in the doc doesn't match what I have.
  I have no place in that menu to store a keystore. Here's what I have:
  soa-infra -> Security - gives me Application Policies & Application Roles. No keystore options.
  I have a BPEL composite deployment under soa-infra that calls a secure webservice.
  I can call the service manually (from a browser) on this server, so I know I'm not getting blocked by anything.
  When I try to make the call from the BPEL service, I get this error:
  oracle.fabric.common.FabricInvocationException: Unable to access the following endpoint(s): https://www....
  Caused by: javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  I guessed this was something to do with the keystore.
  If it's not then what is causing it?