LDAP authorization problem in OC4J 10.1.3. using OID

Similar Messages

• LSADMIN CMS authorization problem - How To Transport XI Content Using CMS

  We are configuring CMS using the "How To Transport XI Content Using CMS".  For the LSADMIN user we have added the SAP_XI_CMS_SERV_USER and SAP_SLD_ORGANIZER roles.  We have followed all of the steps in the guide.
  The problem we are encountering is that when we define the domain but put in the LSADMIN as the user, we get an error - "SLD (URL http://server:50000) server exception: HTTP response code: 403 Forbidden"
  We then gave the LSADMIN all of the roles of XISUPER and restarted the J2EE engine.  We still have the same problem.  So we changed the CMS User to be XISUPER and we could save the domain.  Now, we have another problem - when we try to export from dev using CMS, we get the following problem:
  "Sent on 3/9/06 at 1:26 PM: Unable to establish connection to CMS server http://servername:50000. Unable to transfer the following transport lists:  Export list for ...
  Details: unknown exception: com.sap.cms.util.exception.conf.CMSCFinderException: Workspace name does not exist: com.sap.cms.util.exception.conf.CMSCFinderException: Workspace name does not exist: version=0,dtrWSName=
  Check the availability of the CMS and the user authorizations and send the transport request again if necessary
  We are on SP16.  Anyone encountered this issue?
  Regards,
  Jay

  Here are all of roles we have given LSADMIN in client 100:
  SAP_CMS_ADMINISTRATOR
  SAP_SLD_DEVELOPER
  SAP_SLD_GUEST
  SAP_SLD_ORGANIZER
  SAP_XI_BPE_MONITOR_ABAP
  SAP_XI_CMS_SERV_USER
  SAP_XI_CMS_SERV_USER
  SAP_XI_DEMOAPP
  SAP_XI_DEVELOPER
  SAP_XI_DEVELOPER_ABAP
  SAP_XI_DEVELOPER_J2EE
  SAP_XI_MONITOR
  SAP_XI_MONITOR_ABAP
  SAP_XI_MONITOR_J2EE
  But on the J2EE side, we only see the following roles for LSADMIN:
  - Authenticated Users Built-in Group Authenticated Users
  - Everyone Built-in Group Everyone
  - SAP_XI_CMS_SERV_USER Exchange Infrastructure: Change Management Service User
  I checked client 000, and noticed that LSADMIN only had the SAP_XI_CMS_SERV_USER.  So this the problem.  I added all of the roles to LSADMIN in client 000 and restarted J2EE and now i can see all of the roles under the LSADMIN user in UME.
  We noticed the problem that our UME configuration was pointing to client 000 and not client 100.  If we go to Visual administrator and go to the Services->UME Provider, we see that - ume.r3.connection.master.client points to client 000.  We will need to change this.
  That was the issue.  UME was pointing to the wrong ABAP client.  I appreciate all of your help.
  Regards,
  Jay

• Using OWSM for SAML verification and LDAP authorization

  I can verify SAML tokens by using EM security (verifying SAML tokens) but when I use OWSM I get this error at the proxy (by adding the step : SAML - Verify WSS 1.0 Token to the policy of a server agent)
  Exception in thread "main" java.lang.NoSuchMethodError: oracle.security.wss.saml.SAMLAssertionIssuer.<init>(Ljavax/xml/rpc/handler/soap/SOAPMessageContext;Lorg/w3c/dom/Document;Loracle/security/wss/config/SamlTokenConfigType;Z)V
  Also I need to LDAP authorize the subject of SAML after verification of SAML token. Is it just enough to put the LDAP authorize step after SAML verification?
  Won't I need any EXTRACT CREDENTIAL step?
  Regards
  Farbod

  When we were asked to combine OBIEE 10g with Active Directory, we chose external Table Authorization to get information on the groups, a user is part of.
  In general, one could follow these articles to achieve AD Authentication:
  [http://www.oraclebidwh.com/2008/10/obiee-ldap-authentication-using-microsoft-ad/|http://www.oraclebidwh.com/2008/10/obiee-ldap-authentication-using-microsoft-ad/]
  [http://www.oraclebidwh.com/2008/11/obiee-ldap-authentication-using-microsoft-ad-2/|http://www.oraclebidwh.com/2008/11/obiee-ldap-authentication-using-microsoft-ad-2/]
  To sum it up: Read User-information from AD. Knowing a user's login-name then, one could query an external table, which consists of user and group information. Everything is setup within initializationBlocks, which could be created in the administration tool.
  Problem: As you already said, the problem is, that this external user--group table has to be filled and updated "manually". That is, someone has to input new users or at least assign them to the existing groups.
  In our case, there's an admin who knows what sql is and how to work with it.
  Another solution could be, to prepare a xml-file, containing user and group information and add it to your repository. The tables could then be queried, too. Although, xml files can become quite unhandy, if a lot of information is held within it, they can be edited via external tools or at least with a standard text editor.

• LDAP authorization for VPN

  I am having problems getting the LDAP authorization to work. None of the instructions I find seem to coincide with my version of ASDM 5.0(7) and ASA 7.0(7).
  SO if anyone has the right instructions for these version can you send me a link?
  I get as far of testing it and it fails. When I test it asks for a user name but never a password. so I am not sure what I am doing wrong.
  Any help appreciated.

  Post your AAA & VPN profile config from the device please?

• How I fixed my authorization problem

  There have been many posts on the authorization problem that has cropped up since the latest update of iTunes, and there doesn't seem to be universal cure. I fought it myself for a couple of weeks, and recently fixed it on my PowerBook and thought I would share it with others.
  The common theme here seems to be that it affects people who have had more than one account in iTunes. For the record, I have NEVER purchased music from the iTMS using a different account, so I was confused as to why this was happening to me.
  I have two Macs in play here: an older eMac at home and a PowerBook G4. My initial iTunes library started on the eMac, and then I moved it to my PowerBook a little over a year ago when I bought it. I purchased music from the iTMS on both Macs, using the exact same account.
  When I upgraded iTunes on my PowerBook, I reauthorized using my only account, and the music that I had purchased since I transfered my library worked just fine. The music that I had purchased on my eMac simply would not authorize!
  It dawned on me yesterday that I setup a .mac account on my PowerBook several months ago, although I never used it in the iTMS and I never used it on the eMac at home. I also realized that I had NOT run iTunes on the eMac since the most recent upgrade.
  I installed the iTunes upgrade on my eMac, and proceeded to authorize it with my only known iTMS account. No issues, and all purchased music was auhtorized, including songs that would not play on my PowerBook.
  On my PowerBook, I decided to authorize using my .mac username and password, even though I have NEVER used it to purchase music. I didn't even own that account when the music files in question were purchased. As I suspected though, the authorization went through and I can now play all of my purchased music from iTMS.
  When I try to step through this logically, it makes my head hurt. There is definitely a major problem with Apple's DRM authorization relationship somewhere, as there should be no reason at ALL for any of my music to require my .mac account.
  I don't know if this will help anyone, but if you're struggling with it and you have a .mac account, give it a shot and it might work.

  The fact that you saw no glitches while running Logic before applying the update means almost nothing because that uses only a small subset of system resources. Far more significant is that Safe Mode restored some missing functionality: because it disables non-essential items like user fonts, third party drivers, & so on, it points to problems in those areas.
  Equally significant, the fact that there are relatively few reports of post-update problems among the several million Snow Leopard users points away from the update itself as the cause of your problems.
  Separate & apart from that, it so happens that I'm a sound engineer/system designer/board operator with nearly 40 years of professional touring experience. FWIW, I never have & never will update the software of any system I must rely on professionally (whether it is running on a Mac, a PC, or dedicated hardware) unless & until I can thoroughly test it first and I have a trustworthy backup/recursion strategy to fall back on in case of problems.
  I strongly suggest you learn from your unpleasant experience & do the same. I have had far fewer problems with Macs than with PC's, but nothing is 100% reliable to begin with. Changing the OS software part way through the tour is just asking for trouble, no matter how reliable that has been in the past. Even if the budget allows for nothing better than a stack of burned CD's & a couple of consumer grade CD players, no professional tour can afford to be without some fallback strategy in place. That should be self-evident & require no warning from Apple or anybody else.

• Authorization problem when using the Transaction Launcher

  Hi All,
  We have an authorization problem when we call a transaction (EL37) in ECC from the IC Web Client.
  We believe that we have done all the necessary customizing in CRM and when we press the link in the Navigation Bar we are asked to logon to our ECC system. After logging on, we get an error message saying that "You do not have authorization for transaction EL37". If I then enter the transaction directly in the white command field in top of the ECC screen, then I have no problem calling the transaction.
  My user has SAP_ALL, so it shouldn't be a problem with the authorizations. Maybe it has something to do with the transaction IC_LTXE? I have also tried to add this transaction to my user profile, but that didn't help.
  Does anyone have a suggestion for how to fix this problem?
  Kind Regards,
  Gitte.

  Hi,
  I have found the solution for the problem myself. The transation code in the Transation Launcher Wizard must be written in capitals! We had entered 'el37' and have now changed it to 'EL37'.
  Best Regards,
  Gitte.

• Archive Link Authorization problem for Business Partner.

  Hi Experts,
  Currently we are attaching documents to respective objects through Tr. OAWD & these documents are available in service for object as attachment, until this it is working fine.
  But we are facing problem of authorization for archive link of ISU- Business Partner. Letu2019s say we had two users USER-A & USER-B responsible to upload documents of Business partners started with 1 & 2 respectively.
  We needed authorization control for USER A&B so that,
  USER-A should upload documents for Business Partner 1001 to 1999
  & USER-B should upload documents for Business Partner 2001 to 2999
  we need to know can we restrict USER A&B so that they can not upload documents for Business Partner for which they are not responsible. we allready checked the roles "SAP_BC_SRV_ARL_*  " but not found useful to restrict USER A&B.
  Thanks in advance....

  Hi Sam,
  as this sounds like you search for suitable authorization objects I think that the authorization trace in transaction ST01 could be useful for you. For further information please see the following link: http://wiki.sdn.sap.com/wiki/display/PLM/AuthorizationTraceintransactionST01
  Best regards,
  Christoph

• Deployement problem in oc4j with hibernate + JPA and Spring

  Dear All,
  From last 2 days I am facing a problem in deployment of our application in oc4j client of oracle app server.
  I am getting the following exception
  Operation failed with error: [mkclsets:mkclsets] - Exception creating EntityManagerFactory using PersistenceProvider class oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider for persistence unit mkclsetsPersistenceUnit.When I am deploying the same application in tomcat app server its working fine. But I am unable to deploy the same in oc4j.
  I am using the following technologies
  Spring 2.0
  Struts 2.0
  Hibernate 3.3
  JPA 1.0
  OC4J 10.1.3.3.0
  IDE : my eclipse 6.0
  My persistence.xml
  <persistence xmlns="http://java.sun.com/xml/ns/persistence"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd"
      version="1.0">
       <persistence-unit name="mkclsetsPersistenceUnit" transaction-type="RESOURCE_LOCAL">
            <!-- jta-data-source>mkclDS</jta-data-source-->
            <provider>org.hibernate.ejb.HibernatePersistence</provider>
            <!-- properties>
                 <property name="hibernate.dialect" value="org.hibernate.dialect.Oracle10gDialect"/>
                 <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.OC4JTransactionManager"/>
            </properties-->
       </persistence-unit>
  </persistence>Datasource-context.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:aop="http://www.springframework.org/schema/aop"
      xmlns:tx="http://www.springframework.org/schema/tx"
      xsi:schemaLocation="
      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
      http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
      http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
       <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" lazy-init="true"/>
       <!--  following code is for using oracle -->
          <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" lazy-init="true">
            <property name="driverClassName">
                 <value>oracle.jdbc.driver.OracleDriver</value>
            </property>
            <property name="url">
                 <value>jdbc:oracle:thin:@//xxxx.xxxx.xxxx.xxxx:1521/mydb</value>
            </property>
            <property name="username">
                 <value>tpsadmin</value>
            </property>
            <property name="password">
                 <value>tpsadmin</value>
            </property>
       </bean>
       <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" lazy-init="true">
            <property name="persistenceUnitName" value="mkclsetsPersistenceUnit"/>
            <property name="dataSource" ref="dataSource"/>
            <property name="jpaVendorAdapter">
                 <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" lazy-init="true">
                      <property name="database" value="ORACLE"/>               
                      <property name="showSql" value="true"/>
                 </bean>
            </property>
       </bean>
       <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" lazy-init="true">
            <property name="entityManagerFactory" ref="entityManagerFactory"></property>
       </bean>
       <tx:annotation-driven transaction-manager="transactionManager"/>     
  </beans>Server.xml (oc4j/j2ee/home/config)
  <?xml version="1.0"?>
  <application-server  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/application-server-10_1.xsd"  application-directory="../applications"
  check-for-updates="adminClientOnly"
  deployment-directory="../application-deployments"
  connector-directory="../connectors"
  schema-major-version="10" schema-minor-version="0" >
       <shared-library name="global.libraries" version="1.0" library-compatible="true">
            <code-source path="../applib"/>
       </shared-library>
       <shared-library name="global.tag.libraries" version="1.0" library-compatible="true">
            <code-source path="../../home/jsp/lib/taglib/"/>
            <code-source path="../../../j2ee/home/jsp/lib/taglib/"/>
            <code-source path="../../../lib/dsv2.jar"/>
            <import-shared-library name="oracle.xml"/>
            <import-shared-library name="oracle.jdbc"/>
            <import-shared-library name="oracle.cache"/>
            <import-shared-library name="soap"/>
       </shared-library>
       <shared-library name="oracle.persistence" version="1.0" library-compatible="true">
            <code-source path="../../../toplink/jlib/toplink-essentials.jar"/>
            <import-shared-library name="oracle.jdbc"/>
       </shared-library>
       <shared-library name="hibernatejpa" version="1.0">
            <code-source path="ejb3-persistence.jar"/>
            <code-source path="hibernate3.jar"/>
            <code-source path="hibernate-annotations.jar"/>
            <code-source path="hibernate-commons-annotations.jar"/>
            <code-source path="hibernate-entitymanager.jar"/>
            <code-source path="jboss-archive-browsing.jar"/>
            <code-source path="jta.jar"/>
       </shared-library>
       <shared-library name="db" version="1.0">
            <code-source path="ojdbc14.jar"/>
       </shared-library>
       <shared-library name="displaytab" version="1.0">
            <code-source path="commons-beanutils-1.7.0.jar"/>
            <code-source path="commons-lang-2.3.jar"/>
            <code-source path="displaytag-1.1.1.jar"/>
       </shared-library>
       <shared-library name="ehCache" version="1.0">
            <code-source path="backport-util-concurrent.jar"/>
            <code-source path="ehcache-1.4.0-beta2.jar"/>
            <code-source path="jsr107cache-1.0.jar"/>
       </shared-library>
       <shared-library name="json" version="1.0">
            <code-source path="ezmorph-1.0.4.jar"/>
            <code-source path="json.jar"/>
       </shared-library>
       <shared-library name="other_sets" version="1.0">
            <code-source path="commons-fileupload-1.1.jar"/>
            <code-source path="dom4j-1.6.1.jar"/>
            <code-source path="dwr.jar"/>
            <code-source path="javassist.jar"/>
            <code-source path="log4j-1.2.13.jar"/>
       </shared-library>
       <shared-library name="spring2" version="1.0">
            <code-source path="aspectjrt.jar"/>
            <code-source path="aspectjweaver.jar"/>
            <code-source path="cglib-nodep-2.1_3.jar"/>
            <code-source path="spring.jar"/>
       </shared-library>
       <shared-library name="struts2" version="1.0">
            <code-source path="antlr-2.7.2.jar"/>
            <code-source path="commons-collections.jar"/>
            <code-source path="commons-io-1.1.jar"/>
            <code-source path="commons-logging-1.0.4.jar"/>
            <code-source path="freemarker-2.3.8.jar"/>
            <code-source path="ognl-2.6.11.jar"/>
            <code-source path="struts2-core-2.0.9.jar"/>
            <code-source path="struts2-spring-plugin-2.0.9.jar"/>
            <code-source path="xwork-2.0.4.jar"/>
       </shared-library>
       <rmi-config path="./rmi.xml" />
       <jms-config path="./jms.xml" />
       <javacache-config path="../../../javacache/admin/javacache.xml" />
       <j2ee-logging-config path="./j2ee-logging.xml" />
       <log>
            <file path="../log/server.log" />
       </log>
       <java-compiler name="javac" in-process="false" options="-J-Xmx1024m -encoding UTF8" extdirs="C:\Program Files\Java\jdk1.5.0_07\jre\lib\ext" />
       <global-application name="default" path="application.xml" parent="system" start="true" />
       <application name="javasso" path="../../home/applications/javasso.ear" parent="default" start="false" />
       <application name="ascontrol" path="../../home/applications/ascontrol.ear" parent="system" start="true" />
       <application name="Test" path="../applications\Test.ear" parent="default" start="true" />
       <application name="OraTest" path="../applications\OraTest.ear" parent="default" start="true" />
       <global-web-app-config path="global-web-application.xml" />
       <transaction-manager-config path="transaction-manager.xml" />
       <web-site default="true" path="./default-web-site.xml" />
       <cluster  id="6745699755968" />
  </application-server>Orion-application.xml (oc4j/j2ee/home/config)
  <?xml version="1.0"?>
  <orion-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/orion-application-10_0.xsd" deployment-version="10.1.3.1.0" default-data-source="jdbc/OracleDS" component-classification="external"
  schema-major-version="10" schema-minor-version="0" >
  <imported-shared-libraries>
       <import-shared-library name="hibernatejpa"/>
       <import-shared-library name="db"/>
       <import-shared-library name="displaytab"/>
       <import-shared-library name="ehCache"/>
       <import-shared-library name="json"/>
       <import-shared-library name="other_sets"/>
       <import-shared-library name="spring2"/>
       <import-shared-library name="struts2"/>
  </imported-shared-libraries>
  </orion-application>Please help to deploy my application, I created one application with struts2 and spring2 and that is working fine, but when I try to add JPA with hibernate 3.3 I am unable to deploy it.
  Thanks a lot in advance.
  With best regards,
  Ishaan

  Hi,
  Thank you very much for your reply. the previous Exception has gone but now I get the following one.
  Exception: NoClassDefFoundError: Missing class: org.dom4j.DocumentException Dependent class: org.hibernate.ejb.HibernatePersistence Loader: hibernatejpa:1.0 Code-Source: /C:/oracle123/j2ee/home/shared-lib/hibernatejpa/1.0/hibernate-entitymanager.jar Configuration: in /C:/oracle123/j2ee/home/config/server.xml The missing class is available from the following locations: 1. Code-Source: /C:/oracle123/j2ee/home/shared-lib/other_sets/1.0/dom4j-1.6.1.jar (from in /C:/oracle123/j2ee/home/config/server.xml) This code-source is available in loader other_sets:1.0.
  [Jun 2, 2008 10:57:17 AM] Operation failed with error: Missing class: org.dom4j.DocumentException Dependent class: org.hibernate.ejb.HibernatePersistence Loader: hibernatejpa:1.0 Code-Source: /C:/oracle123/j2ee/home/shared-lib/hibernatejpa/1.0/hibernate-entitymanager.jar Configuration: in /C:/oracle123/j2ee/home/config/server.xml The missing class is available from the following locations: 1. Code-Source: /C:/oracle123/j2ee/home/shared-lib/other_sets/1.0/dom4j-1.6.1.jar (from in /C:/oracle123/j2ee/home/config/server.xml) This code-source is available in loader other_sets:1.0. with bset regards,
  ishaan

• LDAP CUA problem -- Could not logon to directory

  Hi Experts,
  I'm facing difficulties in accessing Active directory from SAP.
  The LDAP Connectors were setup correctly  (status with Green light).
  The System User were also setup as: UserID :DirectoryUser; Distinguished Name:"cn=DirectoryManager" (DirectoryManager is a username in my Active Directory)
  The LDAP Servers were also setup as: Hostname="sapserver001.abc.com", port number="389", Product name="MS03 Microsoft Windows 2003 Active Directory (Domain Mode)", Protocol Version="LDAP Version 3", LDAP Application="User", Base entry           ="ou=Company00", System Logon="DirectoryUser"
  But when I tried to logon the directory, system returns message:"Could not logon to directory"
  Could not logon to directory
  Message no. LDAPRC049
  Diagnosis
  The combination of user name (DN) and password transferred to the directory was not accepted by the directory.
  Procedure
  Check the set or entered data for the user and password for the directory.
  If you are using an application with which you do not need to enter this data directly, you can find the data as configuration setting in the LDAP server used ("System User" field).
  Procedure for System Administration
  Check whether you can log on to the directory with the entered data using the LDAP protocol.
  Note: A frequent error when using the Microsoft Active Directory is that the user enters their Microsoft Windows user name instead of the full Distinguished Name, since it is also possible to log on to the directory using this Microsoft Windows logon with Microsoft tools (such as ldp.exe). However, these tools do not use the user/password logon used by the SAP system.
  Could anyone help me find the solution?
  For more information, I'm using Windows server 2003 as my AD server.
  Ad server: sapserver001.abc.com
  sap server:sapserver002.abc.com
  In the control panel of sapserver001.abc.com., I open "Active Directory users and computers", within abc.com, I created an OU as "Company00", and under that OU, I created the InetOrgPerson "DirectoryManager".
  That's all the information I can provide.
  Any suggestions will be appreciated.
  Thank you very much in advance.
  Best regards,
  Nick

  Hi, all,
  Thanks for your reply.
  The problem has been solved. that's because I specified wrong user name, if I enter"DirectoryManager" instead of "cn=DirectoryManager" in the Distinguished Name field, it will be ok. or, I should input entire path "cn=DirectoryManager,OU=employees,DC=abci,DC=com".
  Just one more question: is there any tools or commands that can display the detail information of Active Directory on windows server 2003? I just wonder whether the detailed path like ""cn=DirectoryManager,OU=employees,DC=abci,DC=com"" can be shown by the tool or command.
  And I have run ABAP program RSLDAPSCHEMAEXT to get an LDIF file for SAP fields extention on AD server, after successfully imported into the Directory, where can I find out/verify the added fields which are coming from SAP?
  Sorry I'm lack of knowledge of Active Directory, any suggestions are appreciate.
  Best regards,
  Nick

• How to deal authorization problem in KE30

  Hi to all
  Please tell me how to deal authorization problem in KE30.
  My requirement is to restrict report based on sales office so that other region's emplyee can't be able to see different regions sales data.
  Please guide me on this issue.
  Thanks & Regards
  Anubhav

  closed.

• ATV2 "authorization" problem

  So, I purchased an ATV2 at Heathrpw airport before I left UK as well as a cheap (£14.95) HDMI cable.
  I wanted to use the ATV2 in my home in Switzerland and purchased a Sony Bravia TV to watch it on.
  1. My first problem, when streaming content from my iTunes is that the ATV2 sometimes gets "disconnected" from the television, i.e. I see the blnk HDMI1 screen for a split second, then it reconnects.
  2. Second problem is that after about 15 minutes of watching anything on my ATV2, the picture turns to a combination of pink and blue, the picture is still visible but i have never seens anything like this.
  3. third and most annoying problem: I rented a movie directly from ATV2 last night (with my UK iTunes account), paid for it, and when it pops up on the screen saying it is ready to be watched, I pressed play but it loads, then authorizes and then a message appears that "this device is not authorized to play this content".
  I thought that perhaps this was one movie, so I rented a second one. When that didnt work, I figured it may be because I am in Switzerland and using a UK iTunes account, so I logged into my swiss one and rented something else. To no avail!
  *Things I have done to try and fix the problems*
  1. I have authorized and de-authorized my computer
  2. I have reset the ATV2 to its factory settings
  3. I have tried Swiss as well as UK iTunes accounts to rent movies
  This is increedibly frustrating and I hope someone can help! Thank you in advance!

  I too got an ATV 2 very recently. From my iMac I can order movies and watch them (as well as music, etc.). From my MacBook Pro I can do all except stream movies. Every time I try something new on the MacBook Pro (I keep buying the same two movies, so "they" know I am sincere), I get authorization problems.
  1. REMOTE: I can preview but not watch ATV 2 movies using the remote: "your apple tv is not authorized to play this content."
  2. MACBOOK PRO: I cannot use my macbook pro itunes to order and watch movies (music yes, movies no): "Authorization is required..." even though I have authorized/reauthorized the laptop 10 times. And I have reset/restored ATV 2.
  3. IMAC: I can use my iMac itunes to order movies. I then choose that computer on the ATV 2 screen and movies stream.

• Extended Notification authorization problem

  Hi All,
  We configured extended notification for all the workflow in ECC 6.0.
  We have been moved to production system. When users selecting the workitem link in the outlook, they are getting an authorization problem saying that 'You don't have an authorization to execute SWNWIEX'.
  However, with this transaction the user can execute the ANY workitem just by entering the Work item id.  The transaction does not check if the work item is actually in the users inbox, I would think this could be a security issue.
  could you anyone please help me out.
  -Steve

  Hello,
  I don't think giving access to tx SWNWIEX allows all users access to all workitems.
  Where did you read that? It could be the case for your account, but not everybody's.
  Test it out.
  regards
  Rick Bakker
  Hanabi Technology

• BI Authorization problem query in web

  Hello Guru,
  i have authorization problems to execute query on the Web.
  When i try to execute query on web i have these messages:
  - Missing display authorization msg R9 108
  - Missing authorization to execute query msg R9 108
  - User doesn't have authorization for selected component
    Component selected can not be executed
    Contact person responsible for the authorizations if user need authorization to execute this component
    Function is checked with object "Business explorer - components" with these fields:
      - InfoCube ZSD_007
      - Component type ERP
      - Component ZTEST_SD_007
      - Activity  16
    Message number BRAIN 800
  In BI i have add to my usere all these profiles and role, but the problem still again:
  Profiles:
  SAP_ALL                                                                               
  S_A.SYSTEM               System administrator (Superuser)
  S_RS_ADMWB_A        All Administrator Workbench Authorizations
  S_RS_EXPL_A             All Business Explorer Authorizations
  T-BS590005                  Profile for role Z_RS_RREPU
  T-BS590006                  Profile for role Z_RS_RREDE
  Roles:
  SAP_BW_CFO_ADMIN
  Z_RS_RREDE   (copy from template  RS_RREDE)
  Z_RS_RREPU   (copy from template  RS_RREPU)
  I can not understand if this problem is related to BI authorization or maybe something in Netweaver
  please help me
  Kind regards
  Boris

  Hello,
  i can execute query from transaction RSRT, anyway also from this transaction when select "ABAP WEB" , web page is open but i have same authorizations problem.
  In transaction SU53 seems everithing correct (i have all authorizations) .... this is probably becouse my problem is in Portal or netweaver side and not in BI ???
  any suggestion?
  Thanks in advance
  Boris

• URGENT: Authorization Problem with SolMan 4.0

  Hi all,
  I'm still configuring the SolMan 4.0 . I did all the basic customizing but still have an authorization problem. If I want to create a new support message and want to choose the System/IBase, i get the message "no authorization". And the "KeyUser"-User or "FirstLevelSupport"-User even cannot open the transaction "notif_create".
  I tried randomly some roles without any proper results:
  SAP_OP_DSWP
  SAP_RMMAIN_EXE
  SAP_SCDT_ALL
  SAP_SCDT_DIS
  SAP_SCIDM_ALL
  SAP_SCIDM_DIS
  SAP_SCOUT_ALL
  SAP_SETUP_DSWP
  SAP_SMSY_ALL
  SAP_SMSY_DIS
  SAP_SOL_AC_COMP
  SAP_SOL_KW_ALL
  SAP_SOL_PM_COMP
  SAP_SOL_PROJ_ADMIN_ALL
  SAP_SOL_PROJ_ADMIN_DIS
  SAP_SOL_SERVTRANS_CREATE
  SAP_SOL_TRAINING_EDIT
  SAP_SOL_TRANSPORT_DIS
  SAP_SOL_TRANSPORT_EXE
  SAP_SOLAR01_ALL
  SAP_SOLAR02_ALL
  SAP_STWB_2_ALL
  SAP_STWB_INFO_ALL
  SAP_STWB_SET_ALL
  SAP_STWB_WORK_ALL
  SAP_SUPPCF_ADMIN
  SAP_SUPPCF_PROCESS
  SAP_SUPPDESK_ADMIN
  SAP_SUPPDESK_PROCESS
  SAP_SV_FDB_NOTIF_BC_PROCESS
  SAP_SV_SOLUTION_MANAGER
  The "KeyUser" has the Roles:
  SAP_SUPPCF_CREATE
  SAP_SUPPDESK_CREATE
  The "Processor" has the roles:
  SAP_SUPPCF_PROCESS
  SAP_SUPPDESK_PROCESS
  Has anyone an idea??
  Best Regards
  Philipp

  Hi Phillipp,
  did you do the step 1.4 from service.sap.com/solutionmanager media library technical papers Service Desk: Additional Information ? You have to create the ibase ....
  Lando
  P>S> Don't forget the points if this answer is hepfull

• LDAP Authorization Example

  Hello;
  Does anyone have a good example of an LDAP authorization script? The examples on the Cisco website don't provide enough detail. This version of LDAP is Windows 2003 Active Directory.
  Thank You

  Refer this document to Configuring an LDAP Server for VPN Concentrator User Authorization
  http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/config/ldapapp.htm#1533072