No auth checks for custom transactions
Hi,
In my SAP system there are many custom trasanactions in which there are no auth checks in their respective programs,
Is their any way to restrict these transactions based on the organisational levels without doing any changes to the program.
Can we restrict these transactions by adding a authorization through se93 ?
If any documents are there on the same issue please share.
Thanks,
Sanketh.
I would take a slightly different approach, as a least worste option.
> Assuming that there is reluctance/inability to modify the code
In that case the code is modularized, but the security front-end is lazy.
What you can do is assign an authorization group to the report type program as well which has the org.value in the P_GROUP field of S_PROGRAM in it, and create a variant for it protected by P_ACTION = VARIANT. The users can submit reports if they are authorizated for the variant action as well, but not directly.
Then create an myriad of parameter transactions per org level and submit the report via transaction START_REPORT (so, via the varint!) with the variant set for the org. level in the selection screen.
But this completely defies thze concept of modularizing code and not maintaining redundant code, as well as redundant variants, and redundant menus of roles which could have been modularized as well.
The only potential "up side" of this is maintaining the SU24 data of the parameter transactions, but who does that?
Yes, if you maintained SE93 then the system would do it for you (automatic adjustement) but the scalability and flexibility of org. level maintenance in roles and well as the modularization (and maintainability) of code would be toasted.
Probably developers would not make authority-checks at all anymore, and that would be like going back to the conceptual stone ages.
Even the Commodore 64 was more modularized than that....
Cheers,
Julius
Similar Messages
-
Deselect auth. check for infocubes (Checks for infocubes) in RSSM
Hi,
An infocube I installed contains an authorisation relavant object (already exists) in BW3.5 system. By default the infocube is selected for auth. check in RSSM.
After I transported the cube to target system I realised the auth check in RSSM has also been transported with the cube.
Hence, I have deselected the auth. check for the infocube "Checks for infocubes" in RSSM and saved it. Then, I created a second transport and only transported the cube. But the changes I made in RSSM hasn't been transported.
Please can you advise me how to transport the changes I made in "Checks for infocubes" in RSSM?
Thanks a lot
MuraliHi,
check this threads:
Re: RSSM: Checks Authorization Objects for Infoprovider are not activ
Re: RSSM Transports
Normally system would check all the authorization relevant objects whenever a new Info cube is imported and in case if you want to transport these changes to Production system manually then follow the below listed steps:
1) In Development system, check or un-check the authorization relevancy using the transaction RSSM on a given Info provider
2) These changes are stored in table RSSTOBJDIR
3) Create a manuall transport request and include these entries covering the required Authorization objects manually.
R3TR TABU RSSTOBJDIR
Ex: If Info object 'A' is authorization relevant in Development system but not in Production system and you want to transport this change to Production system then include object 'A' table entries manually.
Regards
Andreas -
Need to deactivate structural auth. check for a custom Report
Hi all experts:
I have a report that is based on PNPCE logical database and it displays work hours for a project, all non-sensitive information. We would like a wide range of users to have access to this but since this is based on PNPCE logical database whenever a user runs it, the str. authorization check is performed. I have tried deactivate this check with P_ABAP object and coers 2 but it only ignores infotype auth. check but still checks the structural. We don't want to expand str. profile for users.
Do you know if there is a way to deactive this just for one report?
Your help will be greatly appreciated.
Regards,
NetThanks Kiran. I had tried that value but still got the same message. I am having problem understanding exactly when this value 2 ignores structural authorization because it works on some reports and not others. Anyway, we implemented BADI for this report to ignore structural auth. check and it is working fine.
Thanks again,
NT -
Authorization for customized transaction
Hi,
In our system, developers create one transaction ZSIDUPDATE.
Whenever I (Basis Admin) hit this transaction, error "No Authorization for Transaction" is occurred. I don't understand why the error is for authorization for this customized transaction because I have SAP_ALL & SAP_NEW profile.
Can anybody give the solution?
Regards,
RajeshHello Rajesh,
Check the report behind ZSIDUPDATE. I suppose there must be some kind of code which will allow only certain user to execute it based on their user ids. Either the user ids will be hardcoded or else they are being picked up from some table. This is not a classical authorization error. You may set a trace also but debugging is best. it will crack it open in seconds.
Regards.
Ruchit. -
Over due items are not considered in credit check for customer
Hi Gurus;
We have static credit active for the sales order which is blocking if the sales value is more than the customer credit balance but it is not checking for over due item i.e the billing document whose accounting document hasn't been cleared yet .Though i have maintained same number days for payment terms and risk category for the customer .
Kindly guide me if have missed out any configuration or setting .
Thanks in advance .Hi Nuru,
Hope you are using automatic credit check and not simple crdit check ..Check that.
Is ur update group a standard one..?
Please paste screenshots of FD33, credit status, OVA8 etc.
Regards
Jobi -
SCCM Version = SCCM 2012 R2 CU3
Background
I would like to setup some sort of safety check to help prevent accidentally sending and OSD out to all the servers managed by SCCM. The solution I am trying to use is making the TS do a check for a custom variable. If the variable is NOT set to TRUE
then it should reboot the machine back to the currently installed OS.
The variable is called "AllowOSD"
AllowOSD is set correctly on my "Test Servers" collection
I'm using the built in "Reboot Computer" step in the TS
The condition on the Reboot Computer step is very basic - "Task Sequence Variable AllowOSD is not equal TRUE".
I am testing the TS on a VM guest (Hyper-V)
I'm deploying via PXE for these tests...
The Issue
As soon as the TS starts I get the annoyingly generic 0x80004005 error - smsts.log posted on github -
smsts.log-A
Possibly related issue:
I have a vbscript that prompts for, and sets, the computer name. This works fine if placed after the format disk step, but if I place it before the format disk step then I get error 0x800700A1. If I format the internal HD first then I don't get an error
and it all works fine.
smsts.log posted on github - smsts.log-B
Be aware VM_1 and VM_2 have unformatted disks (vhdx). I don't want them to be formatted before checking that the task sequence should really be running in the first place. As already mentioned, I am trying to prevent someone wiping out a bunch of servers
by accident.
My Task Sequences are based on the defaults created by the wizard. Here are the step I'm using...
* Reboot if AllowOSD is not TRUE
Restart in Windows PE
* set Computer Name
Partition DIsk 0 - DIOS
Partition Disk 0 - UEFI
Install Operating System
Apply Windows Settings
Apply Network Settings
Setup Windows and Config Manager
* = steps I have created.
All other steps are defaults as created by wizard.
Please note the "Restart in Windows PE" step does a conditional check on "_SMSTSInWinPE" without any errors. it is looking like the use of custom variables is not supported until the local HD is formatted and mounted. Can
anyone confirm this behaviour, or what I can do to get around this problem.
I have tried using a vbscript but triggering a reboot from VB does nothing, hence using the Reboot Computer step in the TS.
Thanks
"Well I'm all out of ideas." - 85As others have stated, your options are limited the moment you rely on PXE and WinPE but I think all you need to do is refine your collection target a bit.
Why not instead of deploying your TS to All Systems (which is what I'm guess you're doing) and trying to put a condition in, deploy to a collection that is based on a workstation collection then include unknown computers? Then any "known workstation"
will have a MAC stored and thus be permitted to use the TS, unknown machines will be as well ... but "known servers" will be blocked?
COnsidering the PXE looks for permitted MAC addresses this should work (Ill try it in my own lab).
Tested and verified:
Simply create a collection with a parent collection of all systems.
Add a workstation query:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion LIKE "%Workstation%"
Then "include" unknown computers.
End result is any machine that has "server" in it's version that has already been deployed will not be able to use the deployment. If you'd rather base existing computer on an OU or group membership just modify the first query how you see fit.
This will let known workstations (or whatever) and unknown machines get deployed to ... but known machines NOT in that collection will be skipped. -
Last Date for customer transaction
Is there a SAP field which stores the last date for a customer transaction.
Thanks.yes there is a field which stores the last date for a customer transaction
Regards
PS: Be clear in your question. -
Auth. check for BP is invalid when do account search/activity creation
Hi Experts,
I have done the configuration for BP's anthorization group(B_BUPA_GRP).
But when I do the BP Search, the authorization check for B_BUPA_GRP is invalid and all BPs are shown.
This also happened when create activity.
When choose a Partner, the authorization check is invalid , too.
System is CRM 5.0.
Please help.
Thanks.
Apple
Edited by: mm19841228 on May 27, 2010 4:46 AMHi,
Perhaps something else to consider in your function is to include the SOUNDEX (<name>) function on the name being created against those in the table. If your users are typing in the names when creating them, then "typos" will be a problem in your search when using substr() or instr().
Note:
This will only be effective on the "English" language
Regards,
Mike -
Idoc for customer transactional data
Dear all,
Can any of you suggest which Idoc can be used for customer to customer postings.
Thanks & Regards
JKTECHAnybody please sugget
-
Bypass P_orgin auth check for standard MSS reporting
Hi SAPers,
on my HR system, I have 2 types of users : ESS/MSS users (via portal) and backend users (via sapgui).
ESS/MSS role does not contain any P_ORGIN authorization because it should be added to their authorizations if they are also backend users.
The problem is coming from standard MSS reports : the "time statement overview" among other report needs P_ORGIN (IT 0, 1, 2, 7, 8, ...) !
Is there a way to bypass the standard authorization check for MSS reports ?
Thanks in advance,
Olivier.>
Olivier TACA wrote:
> Example :
>
> Portal Role for ESS user contains P_ORGIN for IT 0006 (Address)
>
> Backend Role for backend user contains P_ORGIN for IT 0002 (Personal data) ... and S_TCODE for PA30 of course.
>
> The backend user, who is also an ESS user, can manage IT 0006, which is not foreseen in the backend role.
>
> I use P_PERNR for the portal role to manage access to infotype.
I see two issues here:
1. ESS is NOT setup correctly.
- You don't need P_ORGIN for ESS. You only need P_PERNR. The trace might even show an error looking for P_ORGIN but you do not need it. This is an example of a role I have using ESS services for addresses. I don't have P_ORGIN, P_ORGINCON or P_ORIGXXCON. Do NOT use PA30, for ESS, that is very dangerous. The ESS services can be added to a role and should be use for ESS.
Here is an example of what I have:
Manually HR: Master Data - Personnel Number Check P_PERNR
Manually Address Change - Permanent and Emergency
Authorization level D, E, M, S, W AUTHC
Infotype 0006 INFTY
Interpretation of assigned per I PSIGN
Subtype * SUBTY
2. MSS - I can't find the service for the report you are looking for. If you provide the MSS service I can run some traces and probably help you isolate your problem. Example of an MSS service (sap.com/mss~pla/PlanningPrimaryCosts).
I hope I didn't sound too harsh; I am just trying to help.
Regards,
-John N.
Edited by: John Navarro on Aug 5, 2008 5:46 PM -
Hi,
I have an custom program which i need to secure by auth group so i went to RSCSAUTH then i kept some auth grp...eg;- say "FI" under auth grp column....before this i did not create any auth grp named: FI any where in the system......
so my question is by doing this is considered as creation and assignment of auth grp to this custom program ???
and if i do this in dev then how come this piece carried to production.
Thanks,
Lisa PlThe field is however not limited to 4 characters, RSCSAUTH is protected by 7.
As you would hopefully develop and assign Auth Groups to programs in your development system, it does not make sense (to me) that the defined Auth Groups of the concept are necesarily known to the Prod system, as the role(s) for the report / transaction should be created / changed from the same source, ideally. So transporting the Groups themselves is only usefull if you are, for example, protecting programs or queries or report trees in production which are also maintained there. Transporting the program itself with the assigned TRDIR-SECU entry is not hindered (unless there is some feature of the STMS which does this - for example the production system is the domain controller).
You can assign the auth group in Production as well with RSCSAUTH, subject to having the correct authorization for it. But you should restrict that very carefully and take care with your client settings...
Other similar topics are changing menus in production.
Cheers,
Julius
PS: If the reason for your question is because of protecting the prgram to run online, then perhaps a simple SY-BATCH... check in the program is another (additional) option. S_PROGRAM P_ACTION = 'BTCSUMBIT' as well.
Edited by: Julius Bussche on Apr 20, 2008 8:58 PM -
Disable duplicate check for customer address on sales order creation
I am using the following tables to create sales order as well as customer and addresses together. All data are coming from third party system through dblink.
OE_HEADERS_IFACE_ALL
OE_LINES_IFACE_ALL
OE_CUSTOMER_INFO_IFACE_ALL
however, whenever the address to be created already exist in OFS, the sales order import program ended with:
Source/Order/Seq/Line Message
*1122/SOSHM006// Duplicate SHIP_TO ADDRESS found for SOSHM006_S. Please correct the data.*
*1122/SOSHM006// Duplicate BILL_TO ADDRESS found for SOSHM006_B. Please correct the data.*
how can I disable the above checking? ie: allow the address to be created even the address already exist.
See Example below, notice that the addresses for SOSHM006_S and SOSHM005_S are identical, and addresses for SOSHM006_B and SOSHM005_S are identical, but we want them to be created as separately addresses.
Example (first time)
Insert into ONT.OE_HEADERS_IFACE_ALL (ORDER_SOURCE_ID, ORIG_SYS_DOCUMENT_REF, ORG_ID, ORDERED_DATE, ORDER_TYPE, PRICE_LIST, SALESREP_ID, SALES_CHANNEL_CODE, SHIP_FROM_ORG_ID, CUSTOMER_NUMBER, BOOKED_FLAG, CREATED_BY, CREATION_DATE, LAST_UPDATED_BY, LAST_UPDATE_DATE, OPERATION_CODE, ORIG_SHIP_ADDRESS_REF, ORIG_BILL_ADDRESS_REF) Values (1122, 'SOSHM005', 86, sysdate, 'Corporate (NOR)', 'Corporate', 1, 'CORPORATE', 90, 'SHM01', 'Y', 0, sysdate, 0, sysdate, 'INSERT', 'SOSHM005_S', 'SOSHM005_B');
Insert into ONT.OE_LINES_IFACE_ALL (ORDER_SOURCE_ID, ORIG_SYS_DOCUMENT_REF, ORIG_SYS_LINE_REF, LINE_TYPE, INVENTORY_ITEM, ORDERED_QUANTITY, SHIP_FROM_ORG_ID, FULFILLMENT_SET_NAME, UNIT_LIST_PRICE, UNIT_SELLING_PRICE, CREATED_BY, CREATION_DATE, LAST_UPDATED_BY, LAST_UPDATE_DATE, OPERATION_CODE, SUBINVENTORY) Values (1122, 'SOSHM005', 'SOSHM005A_S', 'Corporate Line (NOR)', '01-09-PAC-3522-01', 1, 90, '1', 0, 0, 0, sysdate, 0, sysdate, 'INSERT', 'Mesad');
insert into OE_CUSTOMER_INFO_IFACE_ALL(CUSTOMER_INFO_REF, CUSTOMER_INFO_TYPE_CODE, current_customer_number, org_id, COUNTRY, ADDRESS1, CITY, STATE, POSTAL_CODE, IS_SHIP_TO_ADDRESS, IS_BILL_TO_ADDRESS, CREATION_DATE, CREATED_BY, LAST_UPDATE_DATE, LAST_UPDATED_BY) values('SOSHM005_S', 'ADDRESS', 'SHM01', 86, 'MY', 'Ship4 479, JALAN PASIR PUTEH 31650 IPOH PERAK.', 'IPOH', 'Perak', '31650', 'Y', 'N', sysdate, 0, sysdate, 0);
insert into OE_CUSTOMER_INFO_IFACE_ALL(
CUSTOMER_INFO_REF, CUSTOMER_INFO_TYPE_CODE, current_customer_number, org_id, COUNTRY, ADDRESS1, CITY, STATE, POSTAL_CODE, IS_SHIP_TO_ADDRESS, IS_BILL_TO_ADDRESS, CREATION_DATE, CREATED_BY, LAST_UPDATE_DATE, LAST_UPDATED_BY) values('SOSHM005_B', 'ADDRESS', 'SHM01', 86, 'MY', 'Bill4 479, JALAN PASIR PUTEH 31650 IPOH PERAK.', 'IPOH', 'Perak', '31650', 'N', 'Y', sysdate, 0, sysdate, 0);
Example (second time) - the differences are highlighted in bold.
Insert into ONT.OE_HEADERS_IFACE_ALL (ORDER_SOURCE_ID, ORIG_SYS_DOCUMENT_REF, ORG_ID, ORDERED_DATE, ORDER_TYPE, PRICE_LIST, SALESREP_ID, SALES_CHANNEL_CODE, SHIP_FROM_ORG_ID, CUSTOMER_NUMBER, BOOKED_FLAG, CREATED_BY, CREATION_DATE, LAST_UPDATED_BY, LAST_UPDATE_DATE, OPERATION_CODE, ORIG_SHIP_ADDRESS_REF, ORIG_BILL_ADDRESS_REF) Values (1122, *'SOSHM006'*, 86, sysdate, 'Corporate (NOR)', 'Corporate', 1, 'CORPORATE', 90, 'SHM01', 'Y', 0, sysdate, 0, sysdate, 'INSERT', *'SOSHM006_S'*, *'SOSHM006_B'* );
Insert into ONT.OE_LINES_IFACE_ALL (ORDER_SOURCE_ID, ORIG_SYS_DOCUMENT_REF, ORIG_SYS_LINE_REF, LINE_TYPE, INVENTORY_ITEM, ORDERED_QUANTITY, SHIP_FROM_ORG_ID, FULFILLMENT_SET_NAME, UNIT_LIST_PRICE, UNIT_SELLING_PRICE, CREATED_BY, CREATION_DATE, LAST_UPDATED_BY, LAST_UPDATE_DATE, OPERATION_CODE, SUBINVENTORY) Values (1122, *'SOSHM006'*, *'SOSHM006A_S'*, 'Corporate Line (NOR)', '01-09-PAC-3522-01', 1, 90, '1', 0, 0, 0, sysdate, 0, sysdate, 'INSERT', 'Mesad');
insert into OE_CUSTOMER_INFO_IFACE_ALL(CUSTOMER_INFO_REF, CUSTOMER_INFO_TYPE_CODE, current_customer_number, org_id, COUNTRY, ADDRESS1, CITY, STATE, POSTAL_CODE, IS_SHIP_TO_ADDRESS, IS_BILL_TO_ADDRESS, CREATION_DATE, CREATED_BY, LAST_UPDATE_DATE, LAST_UPDATED_BY) values( *'SOSHM006_S'* , 'ADDRESS', 'SHM01', 86, 'MY', 'Ship4 479, JALAN PASIR PUTEH 31650 IPOH PERAK.', 'IPOH', 'Perak', '31650', 'Y', 'N', sysdate, 0, sysdate, 0);
insert into OE_CUSTOMER_INFO_IFACE_ALL(
CUSTOMER_INFO_REF, CUSTOMER_INFO_TYPE_CODE, current_customer_number, org_id, COUNTRY, ADDRESS1, CITY, STATE, POSTAL_CODE, IS_SHIP_TO_ADDRESS, IS_BILL_TO_ADDRESS, CREATION_DATE, CREATED_BY, LAST_UPDATE_DATE, LAST_UPDATED_BY) values( *'SOSHM006_B'* , 'ADDRESS', 'SHM01', 86, 'MY', 'Bill4 479, JALAN PASIR PUTEH 31650 IPOH PERAK.', 'IPOH', 'Perak', '31650', 'N', 'Y', sysdate, 0, sysdate, 0);Hi George Chen
with sales order stock .. is ther a way of allocating the stock from unrestricted stock .. i understand that you have to have the stock in a "special" area to move it to the sales order?
excuse my ignorance but what is IS-AD solution?
thanks
Nick -
How to start creating a new component for custom transaction in IWEB client
Hello Experts,
I am new to CRM 2007 CRM web client programming.
I have a custom SAP GUI transaction in CRM and user wants to convert it into ICWEB transaction.
its using all custom tables and in all screens,
Please guide me how do I proceed in creating the component,display fields on the view....
I mean how to create the fields in the View, Do I need to write BSP code or Wizard helps me to generate and configure the fields on the view.
Please also let me know procedures create context notes which replicate the database tables which the data is saving or updating.
I am not clear cut info to proceed,
Please help me in this regards
thanks in Advance
Edited by: Madhavi Angi on Apr 23, 2009 2:57 PMHi Keith,
<<This particular rule is a sample one I set up that requires the existence of C:\IT\test.txt. But I don't see the actual text of that rule anywhere in the XML:>>
In your XML, if you see these lines:
<Expression>
<Operator>NotEquals</Operator>
<Operands>
<SettingReference AuthoringScopeId="ScopeId_811CF9C7-F08C-4528-8C02-E20811B33FD5" LogicalName="OperatingSystem_5c61496b-b4dc-4ca9-a3f7-30c3aec8e2a4" Version="1" DataType="Int64" SettingLogicalName="File_cccd7dc7-e590-494c-b166-6d4aea7abc57" SettingSourceType="File" Method="Count" Changeable="false" />
<ConstantValue Value="0" DataType="Int64" />
</Operands>
</Expression>
It has setting reference with GUID with Method="Count" means this is existential rule referenced to setting blah blah... (If method="Value" means that it has value rule defined) and for existential rule,
XML has "NotEquals" operator and value is "0" which means that if file not equals to zero means file exist (compliant).
Hope this helps.
This posting is provided "AS IS", provides no warranties, and confers no rights. -Praveen S. -
Sales Area check for custom partner function
When processing sales orders in our system, it does not check the sales area for the customer of a custom partner function. Can this be setup via config or is there a an exit that can be used for this.
Thanks,
RoyYogesh -- Thanks for your response. However, it does not address the functionality issue.
Currently, I created new partner function ZZ (for example).
I assigned this partner function ZZ to account group Z000.
I created new partner XYZ in account group Z000, in sales area XX00/XX/XX.
I created a sales order in sales area YY00/YY/YY.
Problem is that system allows me to assign partner XYZ to this sales order.
How do I prevent this?
How do I enfore that system will only allow partner XYZ in the sales order, if the partner is created in the same sales area?
Edited by: krist d on Dec 13, 2010 4:33 AM -
Check for transaction interface failure from POS to POSDM
Dear experts,
Would like to see if in your experience, you have encountered any report or functions that allow users in POSDM to check if sales transaction from a particular store has failed to do the inbound interface from POS to POSDM?
I am personally not aware of this, so if there is no such report based on your knowledge, would you have any workaround solution that you can suggest me?
Thanks so much.
DominicLink for Duplication Check process: http://scn.sap.com/docs/DOC-47529
Link for info on POS DM: http://help.sap.com/saphelp_posdm/helpdata/en/4e/9617be3aec6ea9e10000000a42189b/content.htm
Hi Dominic,
There are certain validation checks we have in POS DM to validate the transaction data when it comes to POS DM. These validations are like Master Data check, Duplication check, Sequence check for missing transactions and so on.
You can find more about the same in the given link. I don't know my editor is behaving strangely so the link is on the top. I am not able to paste the links in editor links are coming on top. Might be my IE issue.
Regarding implementing such validation in POSDM for incoming transaction you can refer my posted document for Duplication check in POSDM. From this document you will get an idea about how to implement the validation check.
Let me know if you need any other information.
Regards,
Amit
Maybe you are looking for
-
Hi experts, i have developed a report to send a mail with attachment. the mail is going li_objpack-head_start = 0. li_objpack-head_num = 1. li_objpack-body_start = 1. li_objpack-body_num = lv_tablines. li_objpack-doc_type = 'RAW'. append li_objpack.
-
The database error text is: (CS) "Driver not capable" (WIS 10901)
Hi all, We have an OLAP universe basically built on BW query and we are creating a web intelligence report on it. We added a new field to the cube "Date Changed" the infoobject used is delivered 0CPR_CHON which has 0DATE as ref. characteristic. When
-
我想在ALV加控制行翻页的,IF_SALV_WD_TABLE_SETTINGS~SET_DISPLAY_EMPTY_ROWS( abap_true ). 但就是不出来,还是只有旁边的下拉,请教大家怎么做?
-
ORA -04062 when running forms aginst a different schema
Hello, I am getting this error (ORA -04062 signature of 'procedure' has been changed)when I try to run my form aginst my test- schema (different from my development schema). I get rid of the error if I compile the form against the test schema. In the
-
CIVS-IPC-2930 Web Interface Inaccessible
We have a Cisco CIVS-IPC-2930 PTZ camera and the web interface is inaccessible. Navigating to the page returns an error "500 - Internal Server Error". Our VSM is still able to pull the feed from the camera, and I can access it via SSH, just not th