JCo BAPI authorization question

We are developing web applications using Jco connector.
The default authentication approach is to use connection pooling where all different users access BAPI via default (generic) user name and password.
My question is how to authenticate current (specific) user whether he has valid permission rights for some particular transaction, because for SAP-BAPI they are all the
same user (they are establishing connection with the same user name and password.)
Are there some BAPIs for checking user permission for some transaction?
Example code are very welcome
Thanks
Marino

I believe there are BAPIs under the category security/user that will provide you with details of the user and you can always of course build your own authentication scheme on the java side based on what's on the R/3 side, but to be honest I would suggest not using a generic user if you wish to keep the current authorization structure in R/3. The R/3 structure for authorization is a maze of objects and tables - virtually a skill in itself, there are people who make a living on it and it is a constant headache on every R/3 installation and enrvironment causing many issues.
I would recommend to simply use the current logged on user details and log on to the backend. If your user is not authorized you will get an exception from JCo that you can handle in your application. Believe me, it would be a lot simpler than anything else you could implement to achieve your objective.
Cheers,
Dion

Similar Messages

JCO-BAPI

HI,
      I am trying to retrieve the customer master information by using JCO from BAPI call.
Interface between JAVA-JCo-BAPI. (Source JAVA - Target BAPI) . As per my understanding , i need to create BAPI ,Create API...
So 1. what are the things need to give to java person inorder to establish the connection.
      2. Where do i instal JCo (in sap system or Java system )
     3. Shall i need to provide .jar files, if yes, how can i get those ?
Please answer the above questions....

Are you retrieving this information from within a mapping?
SAP has brought out the mapping api for lookups which replaces the jco calls.
I would suggest you have a look at this document and see if your scenario can be altered to this.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a03e7b02-eea4-2910-089f-8214c6d1b439

TS1277 i cant remember my 2 authorization questions answers and when when i click send to email it sends to an email adress thats not mine and now i cant use my $100 what should i do?

i cant remember my authorization questions answers and when i click send to email it sends to a random email thats not even created but hotmail.
what should i do???!

You need to ask Apple to reset your security questions. To do this, click here and pick a method; if that page doesn't list one for your country or you're unable to call, fill out and submit this form.
(126538)

Forgot my authorization questions how cani change them

i got a new computer and i dont remember my itunes authorization questions, how can i change them?

Click here and search the article for '2 out of 3'. Follow the instructions.
(74000)

Complicated Authorization Question

Complicated Authorization Question
I had my itunes software on my laptop with the songs on a portable hard drive. The laptop was stolen, the portable hard drive was not. I installed itunes on the new laptop and pointed to the music on the portable hard drive and it is telling me I am not authorized to play certain songs although I have authorized the computer. Also when I try to snyc my iphone it is saying it is going to erase all the songs on the iphone and replace them. I have purchased songs on the phone that are not in my itunes.
How do I resolve this?

Have you tried to play one of the songs in iTunes? It should then ask you to authorize them.

Authorization question-Two users on one computer

My wife and I are going to share a MacBook and all our iTunes purchases are shared under one iTunes account.
My questions are...Will iTunes need to be authorized twice? And do both user logins count towards the 5 authorizations?
Thanks for any help.

iTunes Store: About authorization and deauthorization - http://support.apple.com/kb/HT1420
I'm not 100% positive about this but I believe authorization is for a whole machine.

Multiple Libraries - Authorization Question - For NON-iTune purchased music

Please help! The questions come at the end.
I have an extensive classical music iTunes library in AAC format that I ripped from CDs I've purchased over the past 20 years. NON of these were purchased from iTunes. (I have another library on my PC with other music, and I have purchased some iTunes songs for that library). I access one or the other by pressing Shift, etc. No problem.
Both my son and I listen to classical music, and I wanted to share this library with him by moving my classical iTunes Library to his computer. (I copied the entire folder structure from my PC to his, nearly 50 GB worth). So he now has 2 libraries on his computer. One (the classical library) and his own iTunes library.
He can access the classical library (hold down shift key, etc.), but gets a message to "AUTHORIZE THE FILE SOURCE" before listening to the music. So my questions:
++ Why does he need to authorize music from non-iTunes source? I'm not trying to illegally give him anything from iTunes. My family owns this classical CD collection.
++ If he does need to authorize the FILE SOURCE, I suppose he would use MY iTUNES account information to do so. Is this correct? Or should he use HIS account information?
++ And if he does use my account info, _will he retain his iTunes account setting for his other iTunes Library_? I.e., He would have a classical music library that's authorized by me (I guess my second computer?), and his regular library with his account information?
This sounds more complicated than it is (maybe it IS more complicated than I think (sic).
Any help greatly appreciated.

I could be wrong, but if that's the exact message he's getting, it sounds more like a file permssions error in Windows rather than the typical iTunes authorization message which brings up an obvious request for an iTunes Store ID and password. I'd suggest he look at the Windows permissions for the folder and it's contents and see if perhaps he doesn't have the correct permissions to access that material.
Hope this helps.

Authentication and Authorization question.

Hi All,
I require your help in getting validated my understanding on Authentication and Authorization. This is wrt to WebLogic Server and WebLogic Portal.
Authentication.
1. The custom authentication provider can authenticate(user and group) against any datastore(LDAP OR DB). The LoginModule is a kind of blockbox and it can return true/false depending on authentication.
2. The end result of this process is true/false.
Authorization.
1. The custom authorization providers can authorize the authenticated user based on role. All these entities ie(user,group,role) can be either in LDAP OR DB.
2. The end result of this process is true/false.
Role mapping.
1. The custom role mapper can put all the roles that a user belongs and returns all Role. This can happen agaist LDAP OR DB.
2. The end result is list of roles for a user.
Security policy configuration.
Is it mandatory that a user/group/role should be existing in WebLogic Server LDAP server(OR Portal LDAP server) to create these policies and authorization rules. What i mean by is that can user,group,role can exist in application specific database and still can be used for creatiing security policies??
Thanks,
Prashanth Bhat.

The Security Providers are useful/can be used for developing a standard j2ee application , which will be deployed as standard j2ee application.
The DA means Delegated Administrator, which is way how portal components are restricted to different types of administrators.
The VE means Visitor Entitlemens, which is way how portal components are restricted to end users.
My question is whether thess(DAs and VEs) can also be put
our datastore for access rights??
Thanks,
Prashanth Bhat.

Help! Authorization question

OK, this might be a silly question, but I thought I'd give it a shot.
I have iTunes installed on two computers. One doesn't have the internet hooked up and to listen to certain songs, it says I need to authorize them. So is there any way I can authorize these songs without being hooked up to the internet?

You don't need to be connected to the internet in order to authorize the computer ( it's not the songs you are authorizing). Just play a few seconds of one of them.
See this.
About computer authorization.

Analysis Authorization questions

How does Analysis Authorizations work in below cases
1)Infoobject "A" set as Authorization relevant (In Bex explorer tab)
2)Infoobject "B" which is ATTRIBUTE of infooobject "A" set as Authorization relevant
3)Infoobject "A" and "B" both set as Authorization relevant
How to design query in each of the cases above with or without authorization variables and what parameters to be set in the RSECADMIN for infoobject "A" and "B" in each case like ":", "*" and what would be the behaviour after setting the above behaviour .
can any one give example above with demonstration please

Hi John,
please search first the forum and read the online documentation before posting these kind of questions. You should find more than enough information via the above mentioned channels. You save time and effort of your peers.
To answer your questions briefly:
1. 0COUNTRY is in the free characteristics (not in the drilldown) without any selections
==> You need the ':' value, since whenever you ommit a characteristic you basically see want to see the summary value (you summarize / accumulate over the specific characteristics). Nevertheless, as soon as you drilldown on the characteristic you need the specfic values of the drilldown.
- or-
2. 0COUNTRY is not used in the query.
==> You need ':', too.
Cheers
SAP NetWeaver BI Organisation

JCO Server implementation questions

Hi experts,
I want to try to create a JCO Server with the JCO 3 library.
I'm kinda lost in all the links I've found since there is still a lot of things from the JCO 2 on the internet and I don't understand everything I'm doing.
Please note that there is already a working Java JCO server with old IBM tools and we need to migrate to JCO 3.
So here are my questions :
What do I have to do exactly in the sm59 transaction ?
Here is what I get in the RSGWLST transaction http://i.imgur.com/IRgAyO8.png http://i.imgur.com/YyfDQbt.png (Loic-PC is my machine so I guess my java jco server is up.) Is everything ok ?
I have followed this link (Java Program for Creating a Server Connection - Components of SAP Communication Technology - SAP Library) to create my java jco server. What exactly are ServerDataProvider.JCO_GWHOST, ServerDataProvider.JCO_GWSERV and above all ServerDataProvider.JCO_PROGID)
How do I testmy Java JCO server ? I understood that I have to call STFC_TRANSACTION in se37 where I put my jco destination (previously set up in sm59 ?) and a string but I have a dump when I'm tying that.
I hope someone can help me, everything is still really blurry to me.
Regards
Here is the code I use to try to connect :
    static String SERVER_NAME1 = "JCO_SERVER";
    static String DESTINATION_NAME1 = "ABAP_AS_WITHOUT_POOL";
    static String DESTINATION_NAME2 = "ABAP_AS_WITH_POOL";
    static
        Properties connectProperties = new Properties();
        connectProperties.setProperty(DestinationDataProvider.JCO_ASHOST, "172.16.200.114");
        connectProperties.setProperty(DestinationDataProvider.JCO_SYSNR, "00");
        connectProperties.setProperty(DestinationDataProvider.JCO_CLIENT, "500");
        connectProperties.setProperty(DestinationDataProvider.JCO_USER,   "develop2");
        connectProperties.setProperty(DestinationDataProvider.JCO_PASSWD, "passw0rd");
        connectProperties.setProperty(DestinationDataProvider.JCO_LANG,   "en");
        createDataFile(DESTINATION_NAME1, "jcoDestination", connectProperties);
        connectProperties.setProperty(DestinationDataProvider.JCO_POOL_CAPACITY, "3");
        connectProperties.setProperty(DestinationDataProvider.JCO_PEAK_LIMIT,    "10");
        createDataFile(DESTINATION_NAME2, "jcoDestination", connectProperties);
        Properties servertProperties = new Properties();
        servertProperties.setProperty(ServerDataProvider.JCO_GWHOST, "sapdevdb02");
        servertProperties.setProperty(ServerDataProvider.JCO_GWSERV, "sapgw00");
        servertProperties.setProperty(ServerDataProvider.JCO_PROGID, "JCOServer");
        servertProperties.setProperty(ServerDataProvider.JCO_REP_DEST, "ABAP_AS_WITH_POOL");
        servertProperties.setProperty(ServerDataProvider.JCO_CONNECTION_COUNT, "2");
        createDataFile(SERVER_NAME1, "jcoServer", servertProperties);

Hi Loic.
The properties GWHost is Gateway Host and GWSERV stands for Gateway Server.
Please look at this link to get more details:
Possible Parameters (SAP Library - Components of SAP Communication Technology)
Could you please put your full code for this class?
I'm saying this because the code you have wrote only creates the propreties file that JCO uses to configure the server but you have to run your server through the main statement.
You have to do something like that on your StfcConnectionHandler class.
public static void main(String[] args) {
       step1SimpleServer();
See my example:
StfcConnectionHandler class--------------------
package main;
import com.sap.conn.jco.JCoException;
import com.sap.conn.jco.JCoFunction;
import com.sap.conn.jco.server.DefaultServerHandlerFactory;
import com.sap.conn.jco.server.JCoServer;
import com.sap.conn.jco.server.JCoServerContext;
import com.sap.conn.jco.server.JCoServerFactory;
import com.sap.conn.jco.server.JCoServerFunctionHandler;
public class StfcConnectionHandler implements JCoServerFunctionHandler {
private static final String SERVER_NAME1 = "YOUR_SERVER_NAME";
public void handleRequest(JCoServerContext serverCtx, JCoFunction function) {
System.out
.println("----------------------------------------------------------------");
System.out.println("call              : " + function.getName());
System.out
.println("ConnectionId      : " + serverCtx.getConnectionID());
System.out.println("SessionId         : " + serverCtx.getSessionID());
System.out.println("TID               : " + serverCtx.getTID());
System.out.println("repository name   : "
+ serverCtx.getRepository().getName());
System.out
.println("is in transaction : " + serverCtx.isInTransaction());
System.out.println("is stateful       : "
+ serverCtx.isStatefulSession());
System.out
.println("----------------------------------------------------------------");
System.out.println("gwhost: " + serverCtx.getServer().getGatewayHost());
System.out.println("gwserv: "
+ serverCtx.getServer().getGatewayService());
System.out.println("progid: " + serverCtx.getServer().getProgramID());
System.out
.println("----------------------------------------------------------------");
System.out.println("attributes : ");
System.out.println(serverCtx.getConnectionAttributes().toString());
System.out
.println("----------------------------------------------------------------");
System.out.println("req text: "
+ function.getImportParameterList().getString("REQUTEXT"));
function.getExportParameterList().setValue("ECHOTEXT",
function.getImportParameterList().getString("REQUTEXT"));
function.getExportParameterList().setValue("RESPTEXT", "Hello World");
static void step1SimpleServer() {
JCoServer server;
try {
server = JCoServerFactory.getServer(SERVER_NAME1);
} catch (JCoException ex) {
throw new RuntimeException("Unable to create the server "
+ SERVER_NAME1 + ", because of " + ex.getMessage(), ex);
JCoServerFunctionHandler stfcConnectionHandler = new StfcConnectionHandler();
DefaultServerHandlerFactory.FunctionHandlerFactory factory = new DefaultServerHandlerFactory.FunctionHandlerFactory();
factory.registerHandler("STFC_CONNECTION", stfcConnectionHandler);
server.setCallHandlerFactory(factory);
server.start();
System.out.println("The program can be stopped using <ctrl>+<c>");
public static void main(String[] args) {
step1SimpleServer();
StepByStepServer class
package main;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Properties;
import com.sap.conn.jco.ext.DestinationDataProvider;
import com.sap.conn.jco.ext.ServerDataProvider;
public class StepByStepServer
    static String SERVER_NAME1 = "SERVER";
    static String DESTINATION_NAME1 = "ABAP_AS_WITHOUT_POOL";
    static String DESTINATION_NAME2 = "ABAP_AS_WITH_POOL";
    static
        Properties connectProperties = new Properties();
        connectProperties.setProperty(DestinationDataProvider.JCO_ASHOST, "ls4065");
        connectProperties.setProperty(DestinationDataProvider.JCO_SYSNR, "85");
        connectProperties.setProperty(DestinationDataProvider.JCO_CLIENT, "800");
        connectProperties.setProperty(DestinationDataProvider.JCO_USER,   "farber");
        connectProperties.setProperty(DestinationDataProvider.JCO_PASSWD, "laska");
        connectProperties.setProperty(DestinationDataProvider.JCO_LANG,   "en");
        createDataFile(DESTINATION_NAME1, "jcoDestination", connectProperties);
        connectProperties.setProperty(DestinationDataProvider.JCO_POOL_CAPACITY, "3");
        connectProperties.setProperty(DestinationDataProvider.JCO_PEAK_LIMIT,    "10");
        createDataFile(DESTINATION_NAME2, "jcoDestination", connectProperties);
        Properties servertProperties = new Properties();
        servertProperties.setProperty(ServerDataProvider.JCO_GWHOST, "binmain");
        servertProperties.setProperty(ServerDataProvider.JCO_GWSERV, "sapgw53");
        servertProperties.setProperty(ServerDataProvider.JCO_PROGID, "JCO_SERVER");
        servertProperties.setProperty(ServerDataProvider.JCO_REP_DEST, "ABAP_AS_WITH_POOL");
        servertProperties.setProperty(ServerDataProvider.JCO_CONNECTION_COUNT, "2");
        createDataFile(SERVER_NAME1, "jcoServer", servertProperties);
    static void createDataFile(String name, String suffix, Properties properties)
        File cfg = new File(name+"."+suffix);
        if(!cfg.exists())
            try
                FileOutputStream fos = new FileOutputStream(cfg, false);
                properties.store(fos, "for tests only !");
                fos.close();
            catch (Exception e)
                throw new RuntimeException("Unable to create the destination file " + cfg.getName(), e);
Regards

Authorization questions PFCG...

Hi Guys
A Couple of questions...
We are upgrading from an older version of CRM without WEB UI to 7.0, we have composite roles on all our user, i.e. more than 1 role per user. As I have understood it you only have the possibility to assign on PFCG ROLE ID to a specific Business Role in the WEBGUI.
I know how to set up the business roles etc, these questions are more "how did they intend it to work"...
1. Overall Question, How should we use this PFCG role?
2. I have heard that you can leave it blank, what does this mean, that it the users authorization is as before i.e. as defined with the multiple composite roles stored directly on the user?
3. How does this PFCG Role on the Business Role work together with the PFCG Roles you have on the users directly? What is the meaning of the PFCG ROLE on the business role in relation to the ones on the user?
4. Should we delete the roles on the users and add them directly on the business role, we might have a problem there as many users work as "SALESPRO" but they have different authorizations, some are more senior than others. Would we then have to have several busines roles (SALESPROJR,SALESPROSR etc) as we can only have 1:1 between business role and pfcg role id.
5. What we would like to have basically is 2 or 3 Business roles that sets the layout and basic worksets, the authorization should behave as before per user not per business role.
Any relevant input on these questions will be greatly rewarded.
/Jabba

UGLY for some reason there are no line breaks... I will try to fix it so it is readable after lunch....
Thanks, Very Grateful for your comments but I think we have to be abit more specific. I will try to clarify
I understand how the standard roles work together with the standard PFCG ROLE IDs assigned to them. However we already have a structure for our authorization roles that is on user level via su01 and each user has several composite roles. To merge these roles into one PFCG role and assign it to a business role is unrealistic, this will create too many business roles for the user as there can be only a 1:1 relation between a Business role and PFCG ROLE assigned to the business role.
With that said I have been recommended to leave the PFCG ROLE id on the business role blank, this will lead to that the authorization on the user level kicks in.
However this raises some additional questions...
1 The authorizations in our old CRM system could not possibly cover the authorizations in the WEB GUI as we don't have a   WEBGUI today so are there any special authorizations we need to setup for the WEBGUI itself. Example: Lets say that in the old CRM system the user had authorization to create a service order. If the user keeps this authorization on su01 do we need to add any additional authorizations on the user or to the business role so he can access the workset and trigger create service order from the WEBGUI?
2 IF we had both a PFCG ROLE ID assigned to the Business Role and Composite roles directly on the user which one will actually be used? Will they both be used? What happens if the authorization on the Business role says "NO" and the authorization on su01 says "YES" Or is it really as it is stated above answer that if we specify a PFCG ROLE ID on the business role this will be used and nothing else?
3 What about our own authorization objects, is there a way to scan these and see if they are valid for CRM 7.0? How should we go about verifying our old authorizations in the new 7.0 system? Is there a report you can run? I guess also that some authorizations are not valid anymore, or how does the authorizations per transaction work. I mean we have in our roles added certain transactions, people will no longer use CRMD_ORDER how does this translate to the webgui?
4 We are using the salesorg structure today and the plan is based on what we know so far to assign business roles to the positions and not to assign a PFCG ROLE id at all to business role. Can anyone see any problems with this?
5 What is UIU_COMP is that a new auth object? What new auth objects are delivered in webgui?
Again thanks for any input on the above. Perhaps more people will be interested if we make this investigation thorough.
BTW I found this post Re: Reg: Business Role but it still leaves some questions unanswered.
Edited by: jabba hut on Nov 10, 2009 1:52 PM

(de)authorization questions

I pretty much know the how's of authorization and deauthorization of computers within iTunes and the Music Store.
What I don't know is why are we allowed to do the "deauthorize all" only once per year. And how is that year measured? It is a calendar year, 12 months since the last deauth, or what?
Also, does anybody know the mechanism by which a computer is identified? Is it the MAC address on the NIC or some other hardware or maybe a software token? That's probably a closely guarded secret to keep people from forging said token. And that's too bad that people would do that. But I wondered if a computer with Boot Camp/Windows XP would consume another authorization if the OS X partition already had been authorized. I haven't tried it yet and that's why I'm asking.
I'm really just curious about all that. I am trying to clean up my iTunes mess that's spread across about 4 computers and move it all to a centralized place.
Bob
MBP Mac OS X (10.4.6)

the only thing that i'm sure of as an answer to any of these questions is that when u deautherize all once a yr the yr is measured from when u actually deauthorize.

XSS Authorizations Question

Hello all,
XSS System Landscape components are installed. JCo configured, WebDynpro configured, users configured. Employee Search and profile changes are already properly working.
But as I begin to check on the other ESS services - there are a lot more services not accessible. I believe these are authorization issues. Does somebody have a list of all authorizations for ESS/MSS? We have placed S_SERVICE = *.
Also on our MSS scenario, we do not have cProjects, BI, SRM, but rather - only EP 7.0 and ECC 6.0. Is there a list of MSS services/functions with its corresponding component requirement/pre-requisite?
We have added SAP_ESSUSER_ERP05 and it seems not enough a role in the backend as most parts started to properly function when we added ESS_SAP_ESSUSER_ERP to the role.
Thank you.
Regards,
Jan

Hi,
if it's working after giving the user SAP_ALL, try to trace authorization errors with transaction ST01. There you can activate / deactivate and analyze the trace and assign the necessary authorizations.
br,
Tobias

HT1420 I forgot my authorization questions

I am trying to purchase my first app on my new iPhone 5 but iTunes wants to authorize my account first. Problem is that I can not remember the answers to my two Security questions

If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then the steps half-way down this page should let you reset them : http://support.apple.com/kb/HT5312
If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699
When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 link above to add a rescue email address for potential future use

JCo BAPI authorization question

Similar Messages

Maybe you are looking for