No authorization for backgroung user for log deletion

Similar Messages

• Authentication and authorization for AD users in UCM11g

  Hi all
  we are using webcenter content server 11g. I read some where that for 11g users authentication is done in weblogic server environment, mean content server for 11g in now managed by weblogic server only, am i right?. we have successfully integrated Active Directory with weblogic sever and user of AD are able to log-in UCM but they don't have any role like contributor or Admin. How to do this role mapping for AD user in UCM i.e. authorization for these users. Please provide any guidence on this issue any doc or blog, we are new to webcenter suite.
  Thanks
  Somesh

  As you already have weblogic integrated with AD, remains only role mapping and Single Sign-On integration. For authorization, AD must contain groups with exact names as roles in the Content Server. Those groups should be where Group Base parameter in the weblogic ActiveDirectoryAuthenticator point (like OU=Roles,OU=Oracle,DC=example,DC=com). Assigning AD user to the AD group named contributor, will add contributor role to logged Content Server user.
  As for SSO, refer to the:
  http://docs.oracle.com/cd/E23943_01/web.1111/e13707/sso.htm
  and
  http://docs.oracle.com/cd/E23943_01/doc.1111/e10792/c05_security.htm#autoId21
  Procedure steps are:
  Create a user account for the hostname of the web server machine in Active Directory
  Create krb5.ini file, and locate it in the C:\Windows directory at both machines (Domain Controller and WLS host)
  Generate the keytab file
  Create a JAAS Login File named krb5Login.conf
  Put both keytab and krb5Login.conf files to …/user_domains/domains/my_domain/
  Configure the Identity Assertion Provider
  Adjust Weblogic Server startup arguments for Kerberos authentication
  Redeploy CS (and optionally other servers) server with the documentation given deployment plan
  Check web browser configuration (IE and Firefox only)
  Take a deep breath and test
  If successful have a cake and cup of coffee else goto step one
  Regards,
  Boris

• Authorization for User to Jump the Query

  Hi,
  The user1 (log is not generating for this user in RSSM) cannot use the jump target in the reports which have been placed under a role, whereas the other user2 (log is able to generate for this user in RSSM) is able to jump target in the reports in SAP BI.
  I need to give the proper authorization to user1 same like user2.
  How can I solve this issue.
  Thanks in advance.
  Regards,
  Ravi Sankar

  I dont understand what you mean with "(log is able to generate for this user in RSSM)"
  In RSSM you can create authorization objects....
  If you want to give some authorizations for  a specific query you must check the SU53 in order to see the objects that you need to add to the users profile.....
  The procedure is.......give th user the Query link in order to open the query....and obviously that action gives you an authorization error.....then enter to the SU53 and this transaction shows you the authorization object you need to add to the profile.....
  I hope this helps
  Regards

• User DOMAIN / user has no access authorization for computer IP_address

  Dear Forum,
  When running a function module FTP_CONNECT with RFC destination SAPFTPA (in SM59). I always get a message "User <DOMAIN>/<user> has no access authorization for computer <IP_address>". Trying it with IE, I have no problem.
  There is always an event viewer security failure log when I try it:
  ===========================================
  Logon Failure:
       Reason:          Unknown user name or bad password
       User Name:     <user>
       Domain:          <DOMAIN>
       Logon Type:     8
       Logon Process:     IIS    
       Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:     GDCS009D
       Caller User Name:     GDCS009D$
       Caller Domain:     ERP
       Caller Logon ID:     (0x0,0x3E7)
       Caller Process ID:     968
       Transited Services:     -
       Source Network Address:     -
       Source Port:     -
  For more information, see Help and Support Center at
  ===========================================
  Please help....
  Regards,
  Agoes

  Hi ,
  Each and every SAP client ( as it is client dependent)
  Go to SE16
  Table name : SAPFTP_SERVERS
  Go to Menu TABLE ---> Create new entries
  FTP SERVER NAME  *
  FTP SERVER PORT 21
  Save
  Regards
  Venkat

• QM-IDI : User QMIDI has no RFC authorization for function group QIRF

  Hi,
  I am in the process of trying to connect from Labware LIMS to SAP ECC 6, specifically the quality module. The aim is to use Labware to connect to SAP via the QM-IDI interface to
  1) Download inspection lots from SAP
  2) Upload usage decisions and inspection lot results to SAP.
  Initially I specified an account on SAP of the type 'Communications Data', however any time I tried to connect to SAP from LIMS via the interface with this account it gives an <i>'Incorrect Username/Password'</i> error in the trace logs. I then changed the account to a dialog user, which seems to be partially more successful, however the trace logs captures the following error 'User QMIDI has no RFC authorization for function group QIRF' when I try to connect from LIMS to SAP via the QM-IDI interface after changing the user to type dialog.
  I would appreciate any guidance on how to resolve this issue.
  Regards.

  i got stuck on configuring idi. plz guide me. bond_chaitu at yahoo dot com

• UWL:User  has no RFC authorization for function group SDIFRUNTIME .

  Hi,
  In portal, while registering the system in UWL , I am getting this error:
  (Connector) :com.sap.mw.jco.JCO$Exception:User <userid> has no RFC authorization for function group SDIFRUNTIME .
  I have given the permission to the user id as owner for the system, with which I am logged in, and registering the system.
  It is also confirmed, that in the backend, the same user has authorization for the said RFC.
  Please help as it is urgent.
  Thanks,
  Sonali
  Edited by: Sonali M S on May 30, 2008 6:32 AM

  Hi Sonali,
         If your component is a webdynpro component, back end system is accessed via a logical system / JCO Destination. User id ( Lets say JCOUSER) and password is given for accessing backend via this JCO connection. This user id is different from particular user's backend user id. Verify whether JCOUSER has required authorizations in backend.
       I hope it helps.
  Regards,
  Uday.

• Need authorization for business document services attachment list with user status in ps claim for clm2 and clm3

  Dear Friends,
  client wants to restrict the attachment list changing, deletion after the user status sets to close in PS Claims for transaction clm2 and clm3.
  Currently any one can attach documents as GOS and delete even the claim is completed and status is closed.
  How can we restrict all users even who created the claim can not change create and delete attachment list documents once the claim is completed and approved and user status sets to closed.

  HI,
  what is the claim creation transaction in that 01 is for creation 02 is for edit and 03 for display so with the help of basis consultant you can assigned transaction in user's assigned role accordingly.
  But user who is authorize for create claim can not modified or edit once he save the job. this would be limitation.
  Regards,
  Sanjeev

• Authorizations for users to change their own data

  Hi
  All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
  We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
  How to design role which should apply to all user requirements and they should get their Personnel no by default
  Kind Regards
  Vinod

  Hi,
     For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
  (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
  1. Authorization level:  *               
  2. Interpretation of assignment
     User - personnel no:  I  
  3. Infotype           :  0002
  4. Subtype            :  *
  A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96

• No authorization for activating user status PLIM

  Dear Gurus,
  I'm a newbie to SAP. Currently i'm facing the problem with Tcode KO01 while i'mtrying to create Internal Order. I can initialize the program but after i entered the Order type and pressed enter. Error msg "No authorization for activationg user status PLIM" pop-up. Pls help on this urgently.
  Thanks.

  Dear Payal,
  I checked /nSU53 just after i got the error msg. It said authorization check failed. Authorizaton object B_USERST_T status management: Set/Delete User Status using Transaction.
  Activity:01
  Authorization key: <Dummy>
  Object Catagory: ORC
  Status Profile: 00000002
  What should i do after this???

• How do i stop workstation users from saving their network password or credentials for logging into a 2008 R2 Server workgroup?

  I have a small workgroup of about 30 users that are a mix of XP Pro, 7 Pro and 8.1 desktop / laptop users that connect to a Windows 2008 R2 Server to use Quickbooks Enterprise, share files and printers. I dont want the users to be able to save their password
  on their workstations, I want them to have to log in every time they connect to the server. How do I turn that off?Is the something on the server in Group Policy or a secruity setting that will not allow a saved credential for logging onto the server?

  Hi,
  I have a small workgroup of about 30 users that are a mix of XP Pro, 7 Pro and 8.1 desktop / laptop users that connect to a Windows 2008 R2 Server to use Quickbooks Enterprise
  By connecting to the server, do you mean users log on locally or through remote desktop services, or just through network to access network resources instead of log on to the server directly?
  If it’s log on locally, please disable auto logon feature by configure the registry entry
  AutoLogonCount to 0, it is under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
  If it’s remote desktop connection, please clear Logon Credentials for corresponding remote desktop sessions.
  If it’s network access, then it is by design because network logon has a single-sign-on feature.
  More information for you:
  How to disable Auto Login?
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/705b0cf8-53f1-45f9-b6bf-2ba61c8d10bf/how-to-disable-auto-login?forum=winservergen
  How Interactive Logon Works
  http://technet.microsoft.com/en-us/library/cc780332(v=WS.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Not all users are displayed for log on after a reboot or startup...

  Problem summary: Not all users are displayed for log on after a reboot or startup...
  This problem only occurs after a fresh start-up or restart. The only users displayed are the initial (admin user) and "Guest". Two other (non-admin) users are not shown for log on.
  To work around this problem and get them to log on we have to log on as the admin user, then we can see the other users in the Fast User Switching menu (top right-hand corner of the screen), listed under the current logged on user. After selecting the non-admin user we can log in and use the laptop as normal.
  If we lock the screen, use fast user switching or log out all users; all users are available for log in, until a reboot is done; at which point the non-admin users disappear again and we have to log in as the admin user and use fast user switching again.
  The laptops are both brand new MacBook Airs. The initial configuration of Mac OS X Yosemite was done using the Apple ID of the purchaser (parent) and then the OS was patched, immediately, through the App store (no further updates available as of the date of this posting). After this Family Sharing was activated and new users set up for the two children who will be using these laptops.
  Has anybody else experienced this problem with Yosemite?
  Cheers,
  David.

  David,
  Users not enabled for FileVault unlock are only able to log into the computer after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is restarted.
  FileVault has to be On.
  To Enable the users to be able to unlock FileVault Go to:
  System Preferences > Security & Privacy > FileVault ( Tab ) > Click the Lock in the bottom left > Put in your administrator password > Should see an option to Enable Users > Enable User.
  Hope that helps,
  Weston
  Supporting Articles,
  OS X: About FileVault 2 - Apple Support

• Downloaded free game for my iPad 2; made several in-app purchases. The game no longer works, it's happen to all users (customers). Deleting and re-downloading refreshes the game to level 1. How can I get a refund?

  Downloaded free game for my iPad 2; made several in-app purchases. The game no longer works, it's happen to all users (customers). Deleting and re-downloading refreshes the game to level 1. How can I get a refund?

  You can contact iTunes and ASK for a refund. Then make make an exception to their all sale are final policy.
  Refunds from the App Store or iTunes - Apple Club
  In the future set the restrictions so that in-app purchases are prohibited and that a password is always required.
  iOS: Understanding Restrictions

• List of users who have authorization for a particular transaction?

  Hi All,
  Can anyone guide me how to know the list of users who have authorization for a particular transaction?
  I need this to find out the list of authorizations that are obsolete ,when the particular trnsaction is obsolete in an Upgrade process.
  Thanks in advance.

  we can get the list of users for a particular transaction as below.
  get the tcode and place in AGR_TCODES and we get the list of roles .
  loop the roles and pass each role to AGR_USERS and we get list of users for that role.
  finally we got the list of users for that tcode.

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• BPS retraction (CCA) - authorizations for background user (R/3)

  Hi,
  I'm  trying to retract plandata for statistical key figures from BW to R/3. During data retraction I get an error message in BW. The message is about missing authorities on R/3 side, but without any detailed information. We use the standard backround user for BW => R/3 RFC connections. So my question is, if the background user needs additional authorizations for data retraction? Are there any notes or documentation?
  Thanks for help,
  Tanja

  Hi,
  I remember having faced this issue...
  I fixed it by creating a RFC connection for the retraction itself connecting with a service user (S_BWRETR) having profiles SAP_ALL, SAP_NEW.
  hope this helps...
  Olivier.