JMS adapter(MQSeries): Authorization check for queue access
Hi All,
We are getting the same error as mentioned in the note no.749743 now we are following the note but we are not able to figure out what specific SP level we need to apply as it is very generalised.
And From where we can get a newer version of the JMS Adapter.
How can we test our configuration directory object? I cant see any test configuration option under tools menu.
Please help me out.
Thanks in Advance
Regards
rahul
Rahul
Since you are using transport protocol as WebSphereMQ(Non-JMS)you have to provide some of the JMS Provider specific settings as mentioned in:
http://help.sap.com/saphelp_nw04s/helpdata/en/c1/739c4186c2a409e10000000a155106/content.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/cd/d85a9d6fab7d4dbb7ae421f710626c/content.htm
---Mohan
Similar Messages
-
ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole
Hi
After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
<i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
I have not found anything helpfull thusfar.
Thank you for your help in advanceHi,
We had the same problem after upgrading to 2004s sp13.
We applied all available patches and it went away.
Check out this thread:
<a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
Best regards,
Avisahi Zamir -
Authorization check for caller assignment to J2EE security role
Dears experts, in the default.trc logs in, my Enterprise Portal NW2004s, appear this error:
#1.#0018714E4A14005E000027E1000057B8000441BB7EF2FC03#1198173451524#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleReference#Guest#2126####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].#5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#
#1.#0018714E4A14005E000027E5000057B8000441BB7F8BDC21#1198173461543#com.sap.engine.services.security.roles.SecurityRoleImpl#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#2127####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ :
Any idea about it?
Thanks friendsHi Holger,
Thanks for the tip, it could be the case, I just checked and we are on Patch 0 for JEECOR as you can see here below:
sap.com/SAP-JEECOR 7.00 SP13 (1000.7.00.13.0.20070907082334) 20071028144036
sap.com/SAP-JEE 7.00 SP13 (1000.7.00.13.2.20071026143730) 20071203150628
Will inform some people internally to patch to atleast 3 to check if it still occures.
Anyway, Thanks again..
Benjamin Houttuin -
Authorization checks for bank account number in vendor master
I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
Thanks
-PeruHI Peru,
To supress a field in FK03 u will have to check
Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
But there bank account no is not there.
Moreover there r no authorization objects for all the fields that u gave.
So try creating screen variant/ transaction variant in SHD0.
Regards,
Kiran -
No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
In EP we are trying to access bsp
and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
How to give authorization please help
venkateswararaoFirst Check is the ICF service is active using the SICF transaction.
Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
and SAP_HR_HAP_MANAGER.
Add the above roles to your user , it should work -
Set Up Authorization Check for G/L Accounts into PO creation
Dear friends !
How could I activate check to the access to certain accounts into PO creation ?
I know that is possible to activate this into Purchasing customizing under path
SPRO > Materials management > Purchasing > Purchase order > Set Up Authorization Check for G/L Accounts
But could I use it to give access only to certain GL Accounts by user ? Is this the purpose of this customizing ?
If yes what´s the object should I use to link with user account !?
best regards,
AleHi ,
After you setup the configuration in transaction OMRP, please setup up
the authorisation group in the account code (FS02, the field is on the
"Control", technical name is BEGRU).
When a account assigned purchase order is created, the system checks for
object F_BKPF_BES with values from the BEGRU and activity 01. -
Authorization Check for Storage Location
Hi Experts,
I have the following requirement :-
I have Plant : P081 created under Company Code : P110.
I have got various Storage Locations under this Plant for example
KT01 - Main Stores
KT24 - Remote Store.
The KT24 store is basically a remote location store. I have activated the Authorization for the Storage Location KT24 in the SPRO Settings
Material Management --> Inventory Management and Physical Inventory --> Authorization Management --> Authorization check for storage location.
I have maintain the following authorizations for the Object M_MSEG_LGO as follows :-
1. OBJECT : M_MSEG_LGO.
>> 2. USER ID : 081Store
>> 3. PLANT : P081
>> 4. STORAGE LOCATION : Kt24
>> 5. ACTIVITY : 01-03
>> 6. MOVEMENT : 101, 102, 201, 221, 261
and authorization for T_code MIGO_GR and MIGO_GI . I want to restrict the user for transaction only for this storage location but the system is allowing the user to post GR document for KT01 stores also.
Can any one suggest a solution or settings that need to be done for the user to be restricted to prepared GR for Storage Location KT24 only.
Thanks in advance.
AJHi,
You set the authorizations to users with tcode PFCG. To know the reason of deny some access run tcode SU53 after SAP denies the access to some documents / objects.
Regards,
Eduardo -
Authorization check for surveys
Hello Friends,
Does anybody know if there is Authorization check for surveys?
I want to restrict access to surveys, depend on user and status of surveys (answered or not).
Thanks for any help.
LalasDear Lalas,
Unfortunately the survey runtime itself doesn't check any authorization.
But for my personal point of view, you might be able to look into the
following to fulfil your requirement:
1.add java script into the survey xml file
Or
2.define your own function module with additional authorization check,
and assign it to survey attributes in transaction CRM_SURVEY_SUITE,
as PBO or PAI function module.
(relevant steps necessary to activate the customer defined
authorization obj.)
Hope these could do help!
Regards, Gerhard -
Error :Authorization check for caller assignment to J2EE security role whil
Hi Experts,
i m working as a portal resource .
after the deployment of standered Sap e-rec package .
i m getting some error. i have assigned the recruiter role to one test user.
Now i m getting two issue:
1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
2) I m able to see few iview for the test user but those are also in detailed navigation view.
And few ivews are giving following error :
i)Internal error
ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
/System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
Full Message Text
ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
please suggest what can be done or what is pending from my side.Prajakta2602 wrote:
Hi Experts,
>
> the previous issue got solved..
> it was due to servies pack miss match and applying notes
> the Basis guy checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
> notes 1445294 and 1175239 were applied.
> now the issue is:
>
>
> After implemetation and i assigning the standerd sap roles
> 1)Recruiter Administrator
> 2)Recruiter
> to the test user .
> but for few iview it is showing error as in
> 1) you are not a authorized user
> 2) internal error
>
> please help experts.
>
> i m working on portal side have i to assign any role to that test user..
>
>
> Thnaks & Regards,
> Prajakta
You can run a quick check using the below steps:
1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
Regards,
Mahesh -
No Authorization check for MultiProvide (S_RS_MPRO)
Hello Every body
We have a problem regarding the authorization check for MultiProviders. We have assigned the auth. object S_RS_MPRO to a user for one specific MultiProvider. We have also turned on the settings for "MultiProvider" and "MultiPro. (Query) in IMG.
Unfortunately the user has access to all the MultiProviders. We have traced the user and have found out, that there is no authorization check for the MultiProviders.
We have tried to remove the settings mentioned above and use InfoCube (Query) setting instead in conjunction with S_RS_ICUBE. No luck here neither.
One thing that could be important to mention is that the Settings for "MultiProvider" and "MultiPro. (Query) in IMG has been implemented before the object has been assigned to a user.
For that We removed the settings from all Roles, and then we assigned the object to a user, and at last we activated the settings for "MultiProvider" and "MultiPro. (Query) in IMG. No luck here neither.
Bottom line is that the system does not check for S_RS_MPRO
Any kind of suggestion would be appreciated
/FZA
SAP_BW 350
SP 12
BI_CONT 353
PI_BASIS 2004_1_6400.820 BW-BEX-OT-OLAP-AUT 619778 No check of S_RS_ICUBE for Multiprovider 16.10.2003
2. 0.800 BW-WHM-DST-AUT 626385 Multiprovider: Authorization in query fails 07.10.2003
3. 0.790 BW-BEX-OT-OLAP-AUT 662617 Activity is 'Change', but only 'Display' is checked 07.01.2004
4. 0.760 BW-WHM-DST-AUT 626574 MultiProvider authorization check during query 17.10.2003
5. 0.760 BW-WHM-DBA-MPRO 520588 New authorization object S_RS_MPRO 05.11.2003
6. 0.750 BW-WHM-DST-AUT 736996 Authorization check performed on S_RS_MPRO 28.06.2004
7. 0.700 BW 693363 SAPBWNews BW SP03 NW'04 Stack 03 RIN 22.04.2005
8. 0.690 BW 692636 SAPBWNews BW SP02 NW'04 Stack 02 RIN
hallo
Please have allok at the mentioned OSS note
Mike -
How can I remove this extra authorization check for dynamic parameters
Hello expert,
I created a new dynamic hirarchical parameters as " client-->policy" in crystal report. these parameter value are coming from a physical table. the other part of report extract data by a oracle procedure. when I ran this report in client, it is ok for everything. but when I schedule it or run it in infoview, I need extra authorization for access these dynamic parameter, eventhough this is not for accessing other parameters. How can I remove this extra authorization check for dynamic parameters?Hi
Open the crystal designer Edit the parameter In the prompt window at the existing option you can find the LOV name.
Open the Business view manager and find that prompt name in u201CRepository Exploreru201D window and select that parameter right click that parameter Select edit rights provide rights for your user name in that window.
--Naga -
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps. -
Create authorization check for a report
Hi,
I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
Say the report name is ZHR_TIMEABC.
Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
Thanks in advance,
VGHi,
Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
Your inputs will be helpful to understand this concept.
Thanks,
VG -
Authorization Check for Special Stock Indicator in IE02
Dear Gurus,
Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
Would appreciate your help.
Thanks.Hi,
This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode. -
Authorization check for a program/table
Hi ,
Can anyone help me out in
How to do authorization check for an abap program and also a table.
I have no idea about the authorizations.
My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
1. should be able to execute the program
2. View of the entries of the table.
Thanks & Regards,
KeerthiHello Keerhi ,
I got you wrong at first!
If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
First find the role
second add the user in the role ( PFCG T code---> USers tab)
Raj
Maybe you are looking for
-
Hi all, On executing my program i get ALV with names of reports displayed. My requirement is that on clicking on the report name, I should be directed to SE38, where the corresponding report is opened in 'Change' mode. Please suggest how I can achiev
-
Message Monitor Missing Messages in Adapter Engine
All, I had over 200 messages in my adapter engine but recently I only see 115 for the same period. Additionally, all of the 850 (PO) inbound messages are gone. I see them in the Integration Engine but not in the Adapter Engine anymore. I need
-
Invalid data after converting clob to blob
GOAL: insert adresse or someth. into an msword file out of database Hi, I'm working with a 9i database and I'm trying to insert data in a clob. First I convert the blob, which is a stored xml- file in my databse, to a clob. after that i'm replacing t
-
Adding a Z field in Standard Database view
Hi ALL My requirement is to add a z field in a Standard Database View . Please advice how do i go ahead . Urgent help will be appreciated . Thanks Shweta
-
Dear Experts, I have writen a Z program which converts the format of the output file, i need to execute the standard program rfebck00 after execution is completed i need the final output values back in my Z program for further process.. I tried with