No authorization for backgroung user for log deletion
Hello,
I have included program SBAL_DELETE in a process chain in order to delete expired application logs periodically. But it doesn't work because I get always this message from backgroung monitor: "You do not have authorization to delete all these logs".
If I run program manually via SLG2 it works correctly.
The background user has profile S_BI-WHM_RFC.
Can anybody advice what am I missing?
Thank you.
Branislav
Hi Branislav
For the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
To work with process chains, you require authorization for authorization object S_RS_PC
Check this link
http://help.sap.com/saphelp_nw04s/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
Regards,
Naveen
Similar Messages
-
Authentication and authorization for AD users in UCM11g
Hi all
we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
Thanks
SomeshAs you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
As for SSO, refer to the:
http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
and
http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
Procedure steps are:
Create a user account for the hostname of the web server machine in Active Directory
Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
Generate the keytab file
Create a JAAS Login File named krb5Login.conf
Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
Configure the Identity Assertion Provider
Adjust Weblogic Server startup arguments for Kerberos authentication
Redeploy CS (and optionally other servers) server with the documentation given deployment plan
Check web browser configuration (IE and Firefox only)
Take a deep breath and test
If successful have a cake and cup of coffee else goto step one
Regards,
Boris -
Authorization for User to Jump the Query
Hi,
The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
I need to give the proper authorization to user1 same like user2.
How can I solve this issue.
Thanks in advance.
Regards,
Ravi SankarI dont understand what you mean with "(log is able to generate for this user in RSSM)"
In RSSM you can create authorization objects....
If you want to give some authorizations for a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
I hope this helps
Regards -
User DOMAIN / user has no access authorization for computer IP_address
Dear Forum,
When running a function module FTP_CONNECT with RFC destination SAPFTPA (in SM59). I always get a message "User <DOMAIN>/<user> has no access authorization for computer <IP_address>". Trying it with IE, I have no problem.
There is always an event viewer security failure log when I try it:
===========================================
Logon Failure:
Reason: Unknown user name or bad password
User Name: <user>
Domain: <DOMAIN>
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: GDCS009D
Caller User Name: GDCS009D$
Caller Domain: ERP
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 968
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
===========================================
Please help....
Regards,
AgoesHi ,
Each and every SAP client ( as it is client dependent)
Go to SE16
Table name : SAPFTP_SERVERS
Go to Menu TABLE ---> Create new entries
FTP SERVER NAME *
FTP SERVER PORT 21
Save
Regards
Venkat -
QM-IDI : User QMIDI has no RFC authorization for function group QIRF
Hi,
I am in the process of trying to connect from Labware LIMS to SAP ECC 6, specifically the quality module. The aim is to use Labware to connect to SAP via the QM-IDI interface to
1) Download inspection lots from SAP
2) Upload usage decisions and inspection lot results to SAP.
Initially I specified an account on SAP of the type 'Communications Data', however any time I tried to connect to SAP from LIMS via the interface with this account it gives an <i>'Incorrect Username/Password'</i> error in the trace logs. I then changed the account to a dialog user, which seems to be partially more successful, however the trace logs captures the following error 'User QMIDI has no RFC authorization for function group QIRF' when I try to connect from LIMS to SAP via the QM-IDI interface after changing the user to type dialog.
I would appreciate any guidance on how to resolve this issue.
Regards.i got stuck on configuring idi. plz guide me. bond_chaitu at yahoo dot com
-
UWL:User has no RFC authorization for function group SDIFRUNTIME .
Hi,
In portal, while registering the system in UWL , I am getting this error:
(Connector) :com.sap.mw.jco.JCO$Exception:User <userid> has no RFC authorization for function group SDIFRUNTIME .
I have given the permission to the user id as owner for the system, with which I am logged in, and registering the system.
It is also confirmed, that in the backend, the same user has authorization for the said RFC.
Please help as it is urgent.
Thanks,
Sonali
Edited by: Sonali M S on May 30, 2008 6:32 AMHi Sonali,
If your component is a webdynpro component, back end system is accessed via a logical system / JCO Destination. User id ( Lets say JCOUSER) and password is given for accessing backend via this JCO connection. This user id is different from particular user's backend user id. Verify whether JCOUSER has required authorizations in backend.
I hope it helps.
Regards,
Uday. -
Dear Friends,
client wants to restrict the attachment list changing, deletion after the user status sets to close in PS Claims for transaction clm2 and clm3.
Currently any one can attach documents as GOS and delete even the claim is completed and status is closed.
How can we restrict all users even who created the claim can not change create and delete attachment list documents once the claim is completed and approved and user status sets to closed.HI,
what is the claim creation transaction in that 01 is for creation 02 is for edit and 03 for display so with the help of basis consultant you can assigned transaction in user's assigned role accordingly.
But user who is authorize for create claim can not modified or edit once he save the job. this would be limitation.
Regards,
Sanjeev -
Authorizations for users to change their own data
Hi
All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
How to design role which should apply to all user requirements and they should get their Personnel no by default
Kind Regards
VinodHi,
For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
(i.e) For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:
1. Authorization level: *
2. Interpretation of assignment
User - personnel no: I
3. Infotype : 0002
4. Subtype : *
A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96 -
No authorization for activating user status PLIM
Dear Gurus,
I'm a newbie to SAP. Currently i'm facing the problem with Tcode KO01 while i'mtrying to create Internal Order. I can initialize the program but after i entered the Order type and pressed enter. Error msg "No authorization for activationg user status PLIM" pop-up. Pls help on this urgently.
Thanks.Dear Payal,
I checked /nSU53 just after i got the error msg. It said authorization check failed. Authorizaton object B_USERST_T status management: Set/Delete User Status using Transaction.
Activity:01
Authorization key: <Dummy>
Object Catagory: ORC
Status Profile: 00000002
What should i do after this??? -
I have a small workgroup of about 30 users that are a mix of XP Pro, 7 Pro and 8.1 desktop / laptop users that connect to a Windows 2008 R2 Server to use Quickbooks Enterprise, share files and printers. I dont want the users to be able to save their password
on their workstations, I want them to have to log in every time they connect to the server. How do I turn that off?Is the something on the server in Group Policy or a secruity setting that will not allow a saved credential for logging onto the server?Hi,
I have a small workgroup of about 30 users that are a mix of XP Pro, 7 Pro and 8.1 desktop / laptop users that connect to a Windows 2008 R2 Server to use Quickbooks Enterprise
By connecting to the server, do you mean users log on locally or through remote desktop services, or just through network to access network resources instead of log on to the server directly?
If it’s log on locally, please disable auto logon feature by configure the registry entry
AutoLogonCount to 0, it is under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
If it’s remote desktop connection, please clear Logon Credentials for corresponding remote desktop sessions.
If it’s network access, then it is by design because network logon has a single-sign-on feature.
More information for you:
How to disable Auto Login?
https://social.technet.microsoft.com/Forums/windowsserver/en-US/705b0cf8-53f1-45f9-b6bf-2ba61c8d10bf/how-to-disable-auto-login?forum=winservergen
How Interactive Logon Works
http://technet.microsoft.com/en-us/library/cc780332(v=WS.10).aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Not all users are displayed for log on after a reboot or startup...
Problem summary: Not all users are displayed for log on after a reboot or startup...
This problem only occurs after a fresh start-up or restart. The only users displayed are the initial (admin user) and "Guest". Two other (non-admin) users are not shown for log on.
To work around this problem and get them to log on we have to log on as the admin user, then we can see the other users in the Fast User Switching menu (top right-hand corner of the screen), listed under the current logged on user. After selecting the non-admin user we can log in and use the laptop as normal.
If we lock the screen, use fast user switching or log out all users; all users are available for log in, until a reboot is done; at which point the non-admin users disappear again and we have to log in as the admin user and use fast user switching again.
The laptops are both brand new MacBook Airs. The initial configuration of Mac OS X Yosemite was done using the Apple ID of the purchaser (parent) and then the OS was patched, immediately, through the App store (no further updates available as of the date of this posting). After this Family Sharing was activated and new users set up for the two children who will be using these laptops.
Has anybody else experienced this problem with Yosemite?
Cheers,
David.David,
Users not enabled for FileVault unlock are only able to log into the computer after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is restarted.
FileVault has to be On.
To Enable the users to be able to unlock FileVault Go to:
System Preferences > Security & Privacy > FileVault ( Tab ) > Click the Lock in the bottom left > Put in your administrator password > Should see an option to Enable Users > Enable User.
Hope that helps,
Weston
Supporting Articles,
OS X: About FileVault 2 - Apple Support -
Downloaded free game for my iPad 2; made several in-app purchases. The game no longer works, it's happen to all users (customers). Deleting and re-downloading refreshes the game to level 1. How can I get a refund?
You can contact iTunes and ASK for a refund. Then make make an exception to their all sale are final policy.
Refunds from the App Store or iTunes - Apple Club
In the future set the restrictions so that in-app purchases are prohibited and that a password is always required.
iOS: Understanding Restrictions -
List of users who have authorization for a particular transaction?
Hi All,
Can anyone guide me how to know the list of users who have authorization for a particular transaction?
I need this to find out the list of authorizations that are obsolete ,when the particular trnsaction is obsolete in an Upgrade process.
Thanks in advance.we can get the list of users for a particular transaction as below.
get the tcode and place in AGR_TCODES and we get the list of roles .
loop the roles and pass each role to AGR_USERS and we get list of users for that role.
finally we got the list of users for that tcode. -
How to Control authorization for users with certain status for level 2 WBS Element
Dear All,
Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
Pre-requisite:
There is only 2 level of project i.e.
Lev_ WBSE_______Description
1___ 7-14.E_______summay outage controller
2___ 7-14.E.2310__ Plant/unit # 2310
2___ 7-14.E.2310__ Plant/unit # 2220
Project Controller (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
User ID_ Plant #
123345_ 2310
122455_ 2220
Issue:
After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
Solution required:
Can any one tell how to control this scenario either by standard or enhancement available to control authorization
BR
Saqib UsmanHi,
Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
Thank you and regards,
Varshal Kachole
The SCN Rules of Engagement -
BPS retraction (CCA) - authorizations for background user (R/3)
Hi,
I'm trying to retract plandata for statistical key figures from BW to R/3. During data retraction I get an error message in BW. The message is about missing authorities on R/3 side, but without any detailed information. We use the standard backround user for BW => R/3 RFC connections. So my question is, if the background user needs additional authorizations for data retraction? Are there any notes or documentation?
Thanks for help,
TanjaHi,
I remember having faced this issue...
I fixed it by creating a RFC connection for the retraction itself connecting with a service user (S_BWRETR) having profiles SAP_ALL, SAP_NEW.
hope this helps...
Olivier.
Maybe you are looking for
-
Error 1722 Uninstall Failure - BDS 6.1
Running a Windows 7 machine, and trying to uninstall an old version of BDS (6.1) because I no longer use BB. I'm getting 'Error 1722 - There is a problem with this Windows Installer package'. This seems to be a common error, but I've yet to see a goo
-
Securing Thunderbolt to FireWire adapters in a lab
The obvious way to do this would be to use a Thunderbolt extension cable and affix the adapter under the desk with glue, or a bolt. But I can't seem to find any mention of a TB extension cable (DisplayPort extension cables are easy enough, but not Th
-
Can you share Bex Calculated Key Figures in BI-IP
We have a requirement to establish P&L planning for a company. Two questions: 1. There are a number of calculations that are required for various values (i.e. current month, previous month, current month contract to date, previous month contract to
-
Photoshop Elements 9 Editor from Mac App Store - Specifics
I have a user who can't install a set of actions. The installation of 3rd party actions so they will show up in the panels of Elements requires something to trigger a rebuild of the UI, and typically that can be done by removing the file ThumbDatabas
-
Error installing Portal Platform 6.0 SP3 with WAS 6.40
Hi, While installing EP Platform 6.0 SP3, we get the error in the step " Start SAP J2EE Engine". The error says " CJS - 20024 J2EE engine JC00 of SAP system did not come up after ... seconds:giving up" We are using JDK version 1.4.2_05 on windows 200