Non-Super User Authorization

Dear expert,
  SBO only allow super user to modify the authorization.  Is there any solution for non-super user to change the authorization setting.
Regards,
Kit

Kit,
Login as SuperUser,
1. Go to Administration>System Initialization>Authorization-->General Authorization.
2. Select your User -->In the right hand side window select "No user Authorizations" at the end of the window -->Give full authorization.
Let me know if this works.
Thanks
Krishna
Message was edited by:
        Krishna Kishor Kammaje

Similar Messages

  • Xfce4 Can't Start File Manager or Settings w/Non-Super User

    This is possibly a very stupid question, but I've been weeding through the forums and the wiki for a couple of hours now to no avail.  I've just installed Xfce and have it working in conjunction with GDM.  I can login just fine with my non-root account, but then I'm unable to adjust the Settings or load the File Manager as I am able to do when I login using root.
    In the case of trying to load the Settings dialog box, I click on the icon in the panel, and it does absolutely nothing.  When I click on the File Manager icon, however, an hourglass appears as if it is trying to load, but then after about 30 seconds the hourglass disappears and nothing opens.
    I have installed Firefox, and it works just fine under either account, and so I'm thinking it may be a simple permissions/groups problem...any thoughts?

    The ownership of both the .cache and .config directories for some reason belonged to root and not my user.  I completely wiped out those directories, and restarted Xfce while logged into my account and it seems to be working now.  Thanks for the help xerverius.
    On a side note, I also noticed that the .local directory is also owned by root and not myself.  There is nothing in it currently but a share directory, but does the ownership need to be changed for this as well?  It's completely unrelated to the Xfce problem, but I thought it was a little strange...

  • Authorization for super user

    I want to create a super user on the production server who can create and save the queries only (no other authorization). He can save queries only under $TMP.
    For that I have already created role for super user in the transaction PFCG and in business content S_RS_COMP and S_RS_COMP1 I have given all authorization.
    Now User is able to create the query, but when He is going to save it the Error message is coming- 'No authorization for create and change'.
    Please suggest what I am missing.
    Regards,
    Dheeraj

    Hi Dheeraj,
    Have you given auth as per http://help.sap.com/saphelp_nw04/helpdata/en/41/05453caff4f703e10000000a114084/content.htm : Analyst3?

  • How to Track which Super user change the License Administration

    Hi Experts,
    My client recently encounter the License was allocated from a particular user id by an super user, resulting the end user unable to perform transaction when log onto SAP B1 8.8 PL19.
    Is there any way which we can trace and control which super user edit the License Administration and allocated the license to other user?
    Thanks in advance.
    Cheers'
    Vincent

    Hi Vincent,
    1. Login through manager then Go To Administrator--> System Initialization--> Authorization--> Additional Authorization Creator
    2. Additional Authorization Creator screen appear.
    3. Select any content on right side screen and click on Add Same Level button
    4. Authorization ID : Give any Name
    5. Name : Give any Name
    6. Option : Full/None
    7. Forms ID : Click on Edit Button --> Enter ID for License Administrator 60070.
    8. Click Update and Ok.
    9. Go To Authorization--> General Authorizations--> Select User in which you have block Graph--> User Authorization
    here select No Authorization.
    Just untick supper user check box of other user and give rights
    Thanks,
    Srujal Patel

  • Access to ZMSS## t-codes in R/3 by non-HR Users

    In our production system, a user with no HR access was able to access the following transaction codes:
    ZMSS01
    ZMSS02
    ZMSS03
    ZMSS04
    ZMSS05
    These transactions cannot be accessed from the main SAP Easy Access Menu (in R/3). But if you are in a different transaction code and you type “/nZMSS##”, then it opens the transaction. For example, a non-HR user from the Finance team was in transaction ZKKS1 (Variances: Manufacturing Orders and Product Cost Collectors) was able to type /nZMSS01 and accessed the HR reports.
    These are all t-codes that were built for use on the Enterprise Portal to run reports. When used in R/3, they open the same reports.  Since the user does not have any HR authorizations, they were not able to execute the reports to get results, however this is a security concern as a non-HR user has access to HR reporting screens (even though they cannot execute the reports).
    Is anyone familiar with how users could be getting this additional access? Also how does a user have access to the transactions ZMSS## from another SAP transaction but not from the SAP Easy Access Menu? Is there a way to restrict access to these report transactions?
    Thank you,
    Gao

    Gao,
    Did the developers of the t_codes add authorization objects to the transaction codes and programs? If not they should as that is the security restriction you add to a transaction to limit users.
    Go t_code SE93 --> Enter ZMSS01 --> Display and see the authorization object field and maintain the Authorization Object for this t_code.
    *Documentation:
    Auth. object in user master maintenance
    Element of the authorization system.
    An authorization object combines up to 10 authorization fields, which are checked using the AND connective.
    Authorizations are checked against objects in the system. Authorization objects enable complex checks (linked to several conditions) of an authorization. For the authorization check to be successful, the user must pass the check for each field contained in the object.
    Procedure
    Enter the name of the authorization object, which is checked against the authorizations of the calling user when a transaction is started. If the user does not have the necessary authorizations, the transaction will be cancelled.
    You should normally specify an object, which is also checked within the program.
    This check only takes place when calls are made via START TRANSACTION and via the entry "/n<Transaction code>".
    The check is not performed for CALL TRANSACTION or for parameter transactions. If a critical transaction is called in this way, it is the responsibility of the caller to perform the necessary check (AUTHORITY-CHECK).

  • Non root user can delete root files, bug?

    We're having an odd permissions based problem on Solaris 10 u5 x86_64, (new install, fully patched as of 2 days ago) It means that non root users can delete root owned files, which is something I've never seen before, and I've been doing this for almost 10 years.
    We're installing into an 80Gb container on VMware ESX server 3.0.1. The OS takes 20Gb (2 processors, 4Gb memory, 8Gb swap) most of the remaining 60Gb is being used as both file systems and raw devices under disksuite as soft partitions. It's one of the file systems, /apps (where we plan to install sybase) that is giving us "issues"
    Essentially:
    # more /etc/vfstab |grep apps
    /dev/md/dsk/d0 /dev/md/rdsk/d0 /apps ufs 2 yes -
    # newfs -v /dev/md/rdsk/d0
    /dev/md/rdsk/d0: Unable to find Media type. Proceeding with system determined parameters.
    newfs: /dev/md/rdsk/d0 last mounted as /apps
    newfs: construct a new file system /dev/md/rdsk/d0: (y/n)? y
    mkfs -F ufs /dev/md/rdsk/d0 20971520 -1 -1 8192 1024 264 1 546 8192 t 0 -1 8 7 n
    /dev/md/rdsk/d0: Unable to find Media type. Proceeding with system determined parameters.
    Warning: 4096 sector(s) in last cylinder unallocated
    /dev/md/rdsk/d0: 20971520 sectors in 3414 cylinders of 48 tracks, 128 sectors
    10240.0MB in 214 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)
    super-block backups (for fsck -F ufs -o b=#) at:
    32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488, 885920,
    20055584, 20154016, 20252448, 20350880, 20449312, 20547744, 20646176,
    20744608, 20843040, 20941472
    # mount /apps
    # ls -al /apps
    total 20
    drwxr-xr-x 3 root root 512 Sep 10 12:31 .
    drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
    drwx------ 2 root root 8192 Sep 10 12:31 lost+found
    # su - sybase
    Sun Microsystems Inc. SunOS 5.10 Generic January 2005
    sol10% cd /apps
    sol10% rm *
    rm: lost+found is a directory
    sol10% rm -rf *
    rm: cannot read directory lost+found: Permission denied
    sol10% ls -al
    total 20
    drwxr-xr-x 3 root root 512 Sep 10 12:31 .
    drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
    drwx------ 2 root root 8192 Sep 10 12:31 lost+found
    sol10% exit
    sol10% logout
    # chgrp sybase /apps
    # chmod g+w /apps
    # ls -ald /apps
    drwxrwxr-x 3 root sybase 512 Sep 10 12:31 /apps
    # ls -al /apps
    total 20
    drwxrwxr-x 3 root sybase 512 Sep 10 12:31 .
    drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
    drwx------ 2 root root 8192 Sep 10 12:31 lost+found
    # su - sybase
    Sun Microsystems Inc. SunOS 5.10 Generic January 2005
    sol10% cd /apps
    sol10% rm -rf *
    sol10% ls -al
    total 4
    drwxrwxr-x 2 root sybase 512 Sep 10 12:34 .
    drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
    sol10% id
    uid=***(sybase) gid=***(sybase)
    sol10% exit
    sol10% logout
    # pwd
    # ls -ald /apps
    drwxrwxr-x 2 root sybase 512 Sep 10 12:34 /apps
    # ls -al /apps
    total 4
    drwxrwxr-x 2 root sybase 512 Sep 10 12:34 .
    drwxr-xr-x 38 root root 1024 Sep 10 12:09 ..
    It's a new "bare metal" (in as much as there is no metal) install. I created the sybase user from scratch by hand editing passwd, group and shadow, buy copying and pasting the data out of the NIS maps. All I've done besides the install & patch is setup networking manually, and created the metadb's and the soft partitions and the mount points & newfs'ed & mounted three of them . I then changed ownership of /apps to be sybase:sybase, and handed it to the database team for the sybase install. they came back and said "should we be able to do this?" as they habitually run rm rf * knowing they can't delete root owned files, only now they can... This is true even if I just chgrp the directory and give them group write permissions. They can still delete anything owned by root, even if it doesn't have group permissions just like the lost+found directory. No other "real" machine we have, x86 or SPARC does this, but we've never installed u5 before either.
    As you can imagine losing the lost+found directory is a bit of a problem, however what's really worrying me is if they can do that, what happens when they run sybase as the sybase user? If it borks can they trash the OS and write/overwrite random files?
    It's a VM, so in as much that's not a problem, but the reason it's a VM is somebody wants to send a VM to a client as a demo, and at present it's highly unstable IMO.
    Does anyone have any idea where to start? My thoughts are that it may be a VMware issue, (though the hardware and the guest OS is supported) it could be a bug, because I've never seen that weird newfs error before, and then I found this:
    http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6622243
    Or it could be me, and the fact that I'm hand configuring it, and u5 now requires I do it "properly" with useradd, etc. I'd like to test, but the guy wants it built, and wants it now, so I patched it up, and gave it back to the database team and told them to be careful.
    I'd be interested in you opinions regardless.
    The full spec of the "machine" is below, sol10 is not it's name for obvious reasons, and I've hashed out the ID & GIUD for similar reasons.
    # uname -a
    SunOS sol10 5.10 Generic_127128-11 i86pc i386 i86pc
    # prtdiag
    System Configuration: VMware, Inc. VMware Virtual Platform
    BIOS Configuration: Phoenix Technologies LTD 6.00 09/06/2007
    ==== Processor Sockets ====================================
    Version Location Tag
    Pentium(R) Pro CPU socket #0
    Pentium(R) Pro CPU socket #1
    ==== Memory Device Sockets ================================
    Type Status Set Device Locator Bank Locator
    DRAM in use 0 RAM slot #0 RAM slot #0
    DRAM in use 0 RAM slot #1 RAM slot #1
    DRAM in use 0 RAM slot #2 RAM slot #2
    DRAM in use 0 RAM slot #3 RAM slot #3
    ==== On-Board Devices =====================================
    VMware SVGA II
    ES1371
    ==== Upgradeable Slots ====================================
    ID Status Type Description
    0 unknown ISA ISA Slot J8
    0 unknown ISA ISA Slot J9
    0 unknown ISA ISA Slot J10
    1 in use PCI PCI Slot J11
    2 in use PCI PCI Slot J12
    3 in use PCI PCI Slot J13
    4 available PCI PCI Slot J14
    # dmesg
    Wednesday, 10 September 2008 15:33:35 BST
    Sep 10 10:17:44 sol10 busra: [ID 490441 kern.info] NOTICE: ndi_ra_free: bad free, dip ffffffff803807a8, resource type memory
    Sep 10 10:17:44 sol10 busra: [ID 883242 kern.info] NOTICE: ndi_ra_free: freeing base 0xe0000, len 0x4000 overlaps with existing resource base 0x0, len 0xf4000000
    Sep 10 10:17:44 sol10 rootnex: [ID 349649 kern.info] pci0 at root: space 0 offset 0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] pci0 is /pci@0,0
    Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
    Sep 10 10:17:44 sol10 Rev. 1 LSI, Inc. 1030 found.
    Sep 10 10:17:44 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci1000,30 (mpt) instance 0 vector 0x11 ioapic 0x2 intin 0x11 is bound to cpu 0
    Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
    Sep 10 10:17:44 sol10 mpt0 Firmware version v0.0.0.0 (?)
    Sep 10 10:17:44 sol10 scsi: [ID 365881 kern.info] /pci@0,0/pci1000,30@10 (mpt0):
    Sep 10 10:17:44 sol10 mpt0: IOC Operational.
    Sep 10 10:17:44 sol10 pci: [ID 370704 kern.info] PCI-device: pci1000,30@10, mpt0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] mpt0 is /pci@0,0/pci1000,30@10
    Sep 10 10:17:44 sol10 scsi: [ID 193665 kern.info] sd0 at mpt0: target 0 lun 0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] sd0 is /pci@0,0/pci1000,30@10/sd@0,0
    Sep 10 10:17:44 sol10 genunix: [ID 408114 kern.info] /pci@0,0/pci1000,30@10/sd@0,0 (sd0) online
    Sep 10 10:17:44 sol10 unix: [ID 190185 kern.info] SMBIOS v2.31 loaded (1695 bytes)
    Sep 10 10:17:44 sol10 genunix: [ID 408114 kern.info] /cpus (cpunex0) online
    Sep 10 10:17:44 sol10 pseudo: [ID 129642 kern.info] pseudo-device: dld0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] dld0 is /pseudo/dld@0
    Sep 10 10:17:44 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: i8042 (i8042) instance 0 vector 0x1 ioapic 0x2 intin 0x1 is bound to cpu 1
    Sep 10 10:17:44 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: i8042 (i8042) instance #0 vector 0xc ioapic 0x2 intin 0xc is bound to cpu 1
    Sep 10 10:17:44 sol10 i8042: [ID 526150 kern.info] 8042 device: keyboard@0, kb8042 # 0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] kb80420 is /isa/i8042@1,60/keyboard@0
    Sep 10 10:17:44 sol10 i8042: [ID 526150 kern.info] 8042 device: mouse@1, mouse8042 # 0
    Sep 10 10:17:44 sol10 genunix: [ID 936769 kern.info] mouse80420 is /isa/i8042@1,60/mouse@1
    Sep 10 10:17:44 sol10 unix: [ID 950921 kern.info] cpu0: x86 (GenuineIntel family 6 model 15 step 8 clock 2000 MHz)
    Sep 10 10:17:44 sol10 unix: [ID 950921 kern.info] cpu0: Intel(r) Xeon(r) CPU E5335 @ 2.00GHz
    Sep 10 10:17:47 sol10 unix: [ID 950921 kern.info] cpu1: x86 (GenuineIntel family 6 model 15 step 8 clock 2000 MHz)
    Sep 10 10:17:47 sol10 unix: [ID 950921 kern.info] cpu1: Intel(r) Xeon(r) CPU E5335 @ 2.00GHz
    Sep 10 10:17:47 sol10 unix: [ID 557827 kern.info] cpu1 initialization complete - online
    Sep 10 10:17:47 sol10 rootnex: [ID 349649 kern.info] iscsi0 at root
    Sep 10 10:17:47 sol10 genunix: [ID 936769 kern.info] iscsi0 is /iscsi
    Sep 10 10:17:52 sol10 genunix: [ID 454863 kern.info] dump on /dev/dsk/c1t0d0s1 size 8197 MB
    Sep 10 10:17:53 sol10 pci: [ID 370704 kern.info] PCI-device: pci8086,7191@1, pci_pci0
    Sep 10 10:17:53 sol10 genunix: [ID 936769 kern.info] pci_pci0 is /pci@0,0/pci8086,7191@1
    Sep 10 10:17:54 sol10 mac: [ID 469746 kern.info] NOTICE: e1000g0 registered
    Sep 10 10:17:54 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci8086,100f (e1000g) instance 0 vector 0x12 ioapic 0x2 intin 0x12 is bound to cpu 0
    Sep 10 10:17:54 sol10 e1000g: [ID 766679 kern.info] Intel(R) PRO/1000 Network Connection, Driver Ver. 5.1.11
    Sep 10 10:17:54 sol10 pseudo: [ID 129642 kern.info] pseudo-device: zfs0
    Sep 10 10:17:54 sol10 genunix: [ID 936769 kern.info] zfs0 is /pseudo/zfs@0
    Sep 10 10:17:55 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pm0
    Sep 10 10:17:55 sol10 genunix: [ID 936769 kern.info] pm0 is /pseudo/pm@0
    Sep 10 10:17:55 sol10 pseudo: [ID 129642 kern.info] pseudo-device: power0
    Sep 10 10:17:55 sol10 genunix: [ID 936769 kern.info] power0 is /pseudo/power@0
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: devinfo0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] devinfo0 is /pseudo/devinfo@0
    Sep 10 10:17:56 sol10 rootnex: [ID 349649 kern.info] xsvc0 at root
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] xsvc0 is /xsvc
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pseudo1
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] pseudo1 is /pseudo/zconsnex@1
    Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: lp (ecpp) instance 0 vector 0x7 ioapic 0x2 intin 0x7 is bound to cpu 1
    Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: ecpp0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ecpp0 is /isa/lp@1,378
    Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x2 intin 0x4 is bound to cpu 0
    Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: asy0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
    Sep 10 10:17:56 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x2 intin 0x3 is bound to cpu 0
    Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: asy1
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
    Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: ide (ata) instance 0 vector 0xe ioapic 0x2 intin 0xe is bound to cpu 1
    Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: ide (ata) instance 0 vector 0xe ioapic 0x2 intin 0xe is bound to cpu 0
    Sep 10 10:17:56 sol10 genunix: [ID 640982 kern.info] ATAPI device at targ 0, lun 0 lastlun 0x0
    Sep 10 10:17:56 sol10 genunix: [ID 846691 kern.info] model VMware Virtual IDE CDROM Drive
    Sep 10 10:17:56 sol10 genunix: [ID 479077 kern.info] ATA/ATAPI-4 supported, majver 0x1e minver 0x17
    Sep 10 10:17:56 sol10 pci: [ID 370704 kern.info] PCI-device: ide@0, ata0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ata0 is /pci@0,0/pci-ide@7,1/ide@0
    Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:17:56 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:17:56 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:17:56 sol10 scsi: [ID 193665 kern.info] sd1 at ata0: target 0 lun 0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] sd1 is /pci@0,0/pci-ide@7,1/ide@0/sd@0,0
    Sep 10 10:17:56 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: fdc (fdc) instance 0 vector 0x6 ioapic 0x2 intin 0x6 is bound to cpu 1
    Sep 10 10:17:56 sol10 isa: [ID 202937 kern.info] ISA-device: fdc0
    Sep 10 10:17:56 sol10 fdc: [ID 114370 kern.info] fd0 at fdc0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] fd0 is /isa/fdc@1,3f0/fd@0,0
    Sep 10 10:17:56 sol10 genunix: [ID 314293 kern.info] device pciclass,030000@f(display#0) keeps up device sd@0,0(sd#1), but the latter is not power managed
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: nvidia255
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] nvidia255 is /pseudo/nvidia@255
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ramdisk1024
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] ramdisk1024 is /pseudo/ramdisk@1024
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lockstat0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] lockstat0 is /pseudo/lockstat@0
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: llc10
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] llc10 is /pseudo/llc1@0
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lofi0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] lofi0 is /pseudo/lofi@0
    Sep 10 10:17:56 sol10 pseudo: [ID 129642 kern.info] pseudo-device: dtrace0
    Sep 10 10:17:56 sol10 genunix: [ID 936769 kern.info] dtrace0 is /pseudo/dtrace@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: profile0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] profile0 is /pseudo/profile@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: systrace0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] systrace0 is /pseudo/systrace@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fbt0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fbt0 is /pseudo/fbt@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: sdt0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] sdt0 is /pseudo/sdt@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fasttrap0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fasttrap0 is /pseudo/fasttrap@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcp0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fcp0 is /pseudo/fcp@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcsm0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fcsm0 is /pseudo/fcsm@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lx_systrace0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] lx_systrace0 is /pseudo/lx_systrace@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ucode0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] ucode0 is /pseudo/ucode@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fssnap0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] fssnap0 is /pseudo/fssnap@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: winlock0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] winlock0 is /pseudo/winlock@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: vol0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] vol0 is /pseudo/vol@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: rsm0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] rsm0 is /pseudo/rsm@0
    Sep 10 10:17:57 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pool0
    Sep 10 10:17:57 sol10 genunix: [ID 936769 kern.info] pool0 is /pseudo/pool@0
    Sep 10 10:17:57 sol10 ipf: [ID 774698 kern.info] IP Filter: v4.1.9, running.
    Sep 10 10:18:05 sol10 nfs4cbd[395]: [ID 867284 daemon.notice] nfsv4 cannot determine local hostname binding for transport tcp - delegations will not be available on this transport
    Sep 10 10:18:10 sol10 sendmail[598]: [ID 702911 mail.crit] My unqualified host name (localhost) unknown; sleeping for retry
    Sep 10 10:18:10 sol10 sendmail[600]: [ID 702911 mail.crit] My unqualified host name (localhost) unknown; sleeping for retry
    Sep 10 10:18:17 sol10 mac: [ID 736570 kern.info] NOTICE: e1000g0 unregistered
    Sep 10 10:19:10 sol10 sendmail[598]: [ID 702911 mail.alert] unable to qualify my own domain name (localhost) -- using short name
    Sep 10 10:19:10 sol10 sendmail[600]: [ID 702911 mail.alert] unable to qualify my own domain name (localhost) -- using short name
    Sep 10 10:20:10 sol10 pseudo: [ID 129642 kern.info] pseudo-device: devinfo0
    Sep 10 10:20:10 sol10 genunix: [ID 936769 kern.info] devinfo0 is /pseudo/devinfo@0
    Sep 10 10:24:54 sol10 mac: [ID 469746 kern.info] NOTICE: e1000g0 registered
    Sep 10 10:24:54 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: pci8086,100f (e1000g) instance 0 vector 0x12 ioapic 0x2 intin 0x12 is bound to cpu 0
    Sep 10 10:24:54 sol10 e1000g: [ID 766679 kern.info] Intel(R) PRO/1000 Network Connection, Driver Ver. 5.1.11
    Sep 10 10:24:59 sol10 e1000g: [ID 801725 kern.info] NOTICE: pci8086,100f - e1000g[0] : Adapter 1000Mbps full duplex copper link is up.
    Sep 10 10:28:21 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:35:17 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:35:17 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:35:17 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: lp (ecpp) instance 0 vector 0x7 ioapic 0x2 intin 0x7 is bound to cpu 1
    Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: ecpp0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ecpp0 is /isa/lp@1,378
    Sep 10 10:35:17 sol10 pcplusmp: [ID 637496 kern.info] pcplusmp: asy (asy) instance 0 vector 0x4 ioapic 0x2 intin 0x4 is bound to cpu 0
    Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: asy0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] asy0 is /isa/asy@1,3f8
    Sep 10 10:35:17 sol10 pcplusmp: [ID 398438 kern.info] pcplusmp: asy (asy) instance #1 vector 0x3 ioapic 0x2 intin 0x3 is bound to cpu 0
    Sep 10 10:35:17 sol10 isa: [ID 202937 kern.info] ISA-device: asy1
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] asy1 is /isa/asy@1,2f8
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: nvidia255
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] nvidia255 is /pseudo/nvidia@255
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ramdisk1024
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ramdisk1024 is /pseudo/ramdisk@1024
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lockstat0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lockstat0 is /pseudo/lockstat@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: llc10
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] llc10 is /pseudo/llc1@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lofi0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lofi0 is /pseudo/lofi@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: profile0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] profile0 is /pseudo/profile@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: systrace0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] systrace0 is /pseudo/systrace@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fbt0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fbt0 is /pseudo/fbt@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: sdt0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] sdt0 is /pseudo/sdt@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcp0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fcp0 is /pseudo/fcp@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fcsm0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fcsm0 is /pseudo/fcsm@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: lx_systrace0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] lx_systrace0 is /pseudo/lx_systrace@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: ucode0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] ucode0 is /pseudo/ucode@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: fssnap0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] fssnap0 is /pseudo/fssnap@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: winlock0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] winlock0 is /pseudo/winlock@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: pm0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] pm0 is /pseudo/pm@0
    Sep 10 10:35:17 sol10 pseudo: [ID 129642 kern.info] pseudo-device: rsm0
    Sep 10 10:35:17 sol10 genunix: [ID 936769 kern.info] rsm0 is /pseudo/rsm@0
    Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 10:55:50 sol10 genunix: [ID 935449 kern.info] ATA DMA off: disabled. Control with "atapi-cd-dma-enabled" property
    Sep 10 10:55:50 sol10 genunix: [ID 882269 kern.info] PIO mode 4 selected
    Sep 10 11:28:55 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    Sep 10 12:28:56 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    Sep 10 13:29:01 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    Sep 10 14:29:10 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    Sep 10 15:29:38 sol10 in.routed[502]: [ID 798604 daemon.error] empty response from 129.0.1.124
    # prtconf
    System Configuration: Sun Microsystems i86pc
    Memory size: 4132 Megabytes
    System Peripherals (Software Nodes):
    i86pc
    scsi_vhci, instance #0
    isa, instance #0
    i8042, instance #0
    keyboard, instance #0
    mouse, instance #0
    lp, instance #0
    asy, instance #0
    asy, instance #1
    fdc, instance #0
    fd, instance #0
    pci, instance #0
    pci15ad,1976 (driver not attached)
    pci8086,7191, instance #0
    pci15ad,1976 (driver not attached)
    pci-ide, instance #0
    ide, instance #0
    sd, instance #1
    ide (driver not attached)
    pci15ad,1976 (driver not attached)
    display, instance #0
    pci1000,30, instance #0
    sd, instance #0
    pci15ad,750, instance #0
    iscsi, instance #0
    pseudo, instance #0
    options, instance #0
    agpgart, instance #0
    xsvc, instance #0
    objmgr, instance #0
    acpi (driver not attached)
    used-resources (driver not attached)
    cpus, instance #0
    cpu (driver not attached)
    cpu (driver not attached)
    # format
    Searching for disks...done
    AVAILABLE DISK SELECTIONS:
    0. c1t0d0 <DEFAULT cyl 10440 alt 2 hd 255 sec 63>
    /pci@0,0/pci1000,30@10/sd@0,0
    Specify disk (enter its number): 0
    selecting c1t0d0
    [disk formatted]
    Warning: Current Disk has mounted partitions.
    /dev/dsk/c1t0d0s0 is currently mounted on /. Please see umount(1M).
    /dev/dsk/c1t0d0s1 is currently used by swap. Please see swap(1M).
    /dev/dsk/c1t0d0s3 is currently mounted on /usr. Please see umount(1M).
    /dev/dsk/c1t0d0s4 is currently mounted on /var. Please see umount(1M).
    /dev/dsk/c1t0d0s5 is currently mounted on /opt. Please see umount(1M).
    /dev/dsk/c1t0d0s6 is part of SVM volume sp:d8. Please see metaclear(1M).
    /dev/dsk/c1t0d0s7 contains an SVM mdb. Please see metadb(1M).
    FORMAT MENU:
    disk - select a disk
    type - select (define) a disk type
    partition - select (define) a partition table
    current - describe the current disk
    format - format and analyze the disk
    fdisk - run the fdisk program
    repair - repair a defective sector
    label - write label to the disk
    analyze - surface analysis
    defect - defect list management
    backup - search for backup labels
    verify - read and display labels
    save - save new disk/partition definitions
    inquiry - show vendor, product and revision
    volname - set 8-character volume name
    !<cmd> - execute <cmd>, then return
    quit
    format> p
    PARTITION MENU:
    0 - change `0' partition
    1 - change `1' partition
    2 - change `2' partition
    3 - change `3' partition
    4 - change `4' partition
    5 - change `5' partition
    6 - change `6' partition
    7 - change `7' partition
    select - select a predefined table
    modify - modify a predefined partition table
    name - name the current table
    print - display the current table
    label - write partition map and label to the disk
    !<cmd> - execute <cmd>, then return
    quit
    partition> p
    Current partition table (original):
    Total disk cylinders available: 10440 + 2 (reserved cylinders)
    Part Tag Flag Cylinders Size Blocks
    0 root wm 1 - 131 1.00GB (131/0/0) 2104515
    1 swap wu 132 - 1176 8.01GB (1045/0/0) 16787925
    2 backup wm 0 - 10439 79.97GB (10440/0/0) 167718600
    3 usr wm 1177 - 1829 5.00GB (653/0/0) 10490445
    4 var wm 1830 - 2091 2.01GB (262/0/0) 4209030
    5 unassigned wm 2092 - 2614 4.01GB (523/0/0) 8401995
    6 unassigned wm 2617 - 10439 59.93GB (7823/0/0) 125676495
    7 unassigned wm 2615 - 2616 15.69MB (2/0/0) 32130
    8 boot wu 0 - 0 7.84MB (1/0/0) 16065
    9 unassigned wm 0 0 (0/0/0) 0
    partition> quit
    FORMAT MENU:
    disk - select a disk
    type - select (define) a disk type
    partition - select (define) a partition table
    current - describe the current disk
    format - format and analyze the disk
    fdisk - run the fdisk program
    repair - repair a defective sector
    label - write label to the disk
    analyze - surface analysis
    defect - defect list management
    backup - search for backup labels
    verify - read and display labels
    save - save new disk/partition definitions
    inquiry - show vendor, product and revision
    volname - set 8-character volume name
    !<cmd> - execute <cmd>, then return
    quit
    format> q
    # metastat -p
    d8 -p c1t0d0s6 -o 109973513 -b 61440
    d7 -p c1t0d0s6 -o 109461512 -b 512000
    d6 -p c1t0d0s6 -o 109051911 -b 409600
    d5 -p c1t0d0s6 -o 88080390 -b 20971520
    d4 -p c1t0d0s6 -o 67108869 -b 20971520
    d3 -p c1t0d0s6 -o 46137348 -b 20971520
    d2 -p c1t0d0s6 -o 41943043 -b 4194304
    d1 -p c1t0d0s6 -o 20971522 -b 20971520
    d0 -p c1t0d0s6 -o 1 -b 20971520

    An easy way to think of it is this -- everything in Unix is a file. Including directories; they are just a file which contains a list of the files in that directory, and pointers to them.
    If the 'sybase' user has write permission on the directory, they have permission to edit that "list", and can add or remove files to the list. It doesn't matter who the files on the list belong to, because the files are not what is being modified. Only the list of files is being modified. (Of course, in Unix, if you erase the file's listing from all of the lists it's on, the file itself goes away for housekeeping purposes.)
    One thing that would have stopped the 'sybase' user from removing the lost+found directory is if that directory itself had files in it -- without write permission to the lost+found directory, that user could not have removed those files, and since one cannot remove a non-empty directory, that operation would have failed. Since lost+found was empty in this case, it could be removed simply by having permission to write to the /apps directory.
    This behavior does change if you set the sticky bit on the directory -- in that case, files may only be removed by the owner of the file or directory, or if the user has write permission to the file. This would have prevented the sybase user from removing the lost+found directory. (Note, this also applies to the 'rename' function call.) This would probably be the best way to handle your situation, since you apparently do want the sybase user to be able to add files to /apps, but do not want them to be able to remove lost+found.
    Edited by: MadBishop on Sep 12, 2008 7:46 AM

  • Not able to access the module from user level i.e., other than Super user.

    Hello Friends,
    I created company with super user and normal user, for a normal user gave the rights of sales. When logged in with normal user try to create sales order i am experiencing following system message "To generate this document, first define the numbering series in Administration module [Message 131-3]".
    Could you please advise me in this regard.
    Thanks,
    Rayudu

    Hi,
    Please check the following thread which is being discussed:
    Re: "Define the numbering series in Admin module"
    For the issue you have reported, kindly refer Note 1057873, which will resolve your issue.
    Note says:-
    Symptom
    When trying to open a document a user gets the system message:
    'To Generate this document, first define the numbering series in the Administration module'
    Other terms
    Authorizations, Document Numbering, Series, access
    Reason and Prerequisites
    SAP Business One Functionality, Consulting
    Solution
    A document numbering series have been defined and the user have authorisation to the document type in:
    Administration -> System Initialisation -> General Authorisations -> Sales-AR/Purchasing-AP
    All document numbering series are also given a Group.
    Administration -> System Initialisation -> Document Numbering
    Double click to the left of the row to view the existing numbering
    series for the document type. The field 'Group' is here. By default this value is 1.
    For the Groups there is a separate authorisation.
    Administration -> System Initialisation -> Authorisations -> General Authorisations -> Administration -> System Initialisation -> Series
    After expanding the 'Series', give the user authorisation to the
    Serie/Group that is defined for the document numbering serie it is trying to open.
    Also, check for more similar threads in the forum which could help you.
    Regards,
    Jitin

  • SQL tab not working in V2.1 EA1 for non-DBA users -- how to fix?

    In v2.1 EA 1 the tab to show the SQL script (DDL) in the object browser is not working for non-DBA users. In the prior version, these users would see a message about DBMS_METADATA and then the message would indicate that an "internal generator" would be used to generate the DDL script. After that brief message the DDL would show up as expected. This doesn't seem to be the case in the newest version.
    I issued the following two grants to a particular user which worked, but I am reluctant to issue the grants to "PUBLIC".
    SQL> grant execute on DBMS_METADATA to XXXXX;
    SQL> grant select_catalog_role to XXXXX;
    So, my questions are:
    1) Will the old functionality (that didn't require these privileges) be added to V2 at some point?
    2) What security implications are there for issueing the above grants to PUBLIC?
    NOTE: After granting execute on the DBMS_METADATA package, it still didn't work. I left that grant in place and granted SELECT_CATAOG_ROLE, so I can't say for sure that the 1st grant was required.
    Edited by: user615070 on Nov 19, 2009 9:30 AM
    Edited by: user615070 on Nov 19, 2009 10:06 AM

    An OEM account is separate from the database account. You need to use OEM UI to create an OEM account, however, for certain tasks to be done in the databases which OEM is monitoring they will also require separate database accounts within those databases. For example, to view the performance tab in OEM UI, a database account is required.
    OEM only has two types of users, i.e. Super Administrator and Administrator, but don't go by the names. You can grant an OEM 'Administrator' account access to specific targets and what they can do within OEM, such as only viewing reports, targets, and so on. For access within a database, the user created need not be a DBA either.
    I hope you understand.

  • Managed System Configuration Super User Issue

    Hi folks ,
    I have a strange error in Solman SP8 Managed System Config .
    In Step 5 : "Enter System Parameters" , for entering super user , it throws an error even though the user credentials are valid.
    This happens for some of the managed systems only . The error says : " Issue with connection to system <SID> <Client>".
    It does not seem to be using the right RFC and I feel it is checking for the user in 000 client , regardless of which client we give . Because if we give 000 credentials it works.
    Please help . As without this I cannot save any of the system parameters like Load Balancer URL etc.
    Thanks,
    Shaswat

    I have seen this exact issue when my IE cached the page and was stuck with the client 000 RFC's selected on step 3.  I just exit managed sys config and clear my cache and start solman_setup again. To avoid this all together I set my IE to check for newer versions of stored pages every time I visit page. (under internet options -> general -> browsing history -> tempory internet files)
    Then
    In step 3 create the user to avoid security issues or auditor problems later on.  This way the SM_ADMIN_XXX will have the proper roles required. Please note (The user is not authorized to use a Trusted RFC (authorization object S_RFCACL). To authorize the user, assign the role SAP_SM_S_RFCACL manually).
    Confirm there is no error and hit next.  For an explicit save. 
    Now go to step 5 and select the client that the RFC's were created on and hit test credentials.
      This should solve your issue. 

  • Basic Authentication for Non-AD Users

    Hello
    we are implemented windows integrated single sign on using spnego module and adjusted the login stacks as directed;
    Evaluate TicketLogin.Module = SUFFICIENT
    SPNEGO mdoule = OPTIONAL
    Ceate TicketLoginModule = SUFFICIENT
    BasicpasswordLogin Module = REQUISITE
    Create Ticket Login Module = REQUISITE
    This is tested an all works fine for AD users on the network.
    We have also activated the parameter;
    ume.usermapping.refsys.mapping.type = attribute
    So that we can perform user mapping of AD user id is different from backend sap user id.
    However, when Non-AD users, for example internet users or third parties want to access the portal we want them to be challanged by basic username and password authentication.
    All we get is page cannot be displayed. (we've made sure IP address / network etc is in place, this worked before implementing spnego)
    The security log shows the following error;
    #1.#001E680F70D100750000000D0000571E00046EE5C2DB2770#1247833002551#/System/Security/Authentication#sap.com/irj#com.sap.engine.services.security.authentication.logincontext#Guest#0##n/a##b010c47072cb11de8c4c001e680f70d1#SAPEngine_Application_Thread[impl:3]_26##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
    User: N/A
    Authentication Stack: ticket
    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule             SUFFICIENT  ok          false                 true
    2. com.sap.security.core.server.jaas.SPNegoLoginModule                     OPTIONAL    ok          exception             true      
    Access Denied. No authorization header received.
    3. com.sap.security.core.server.jaas.CreateTicketLoginModule               SUFFICIENT  ok          false                 true
    4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule   REQUISITE   ok          false                 false
    5. com.sap.security.core.server.jaas.CreateTicketLoginModule               REQUISITE   ok          false                 true       #
    What does it mean by no authorisation header?
    This is only affecting non-AD users.
    what have I missed / done wrong?
    cheers

    Could you try this one :
    Evaluate TicketLogin.Module = SUFFICIENT
    SPNEGO mdoule = OPTIONAL
    Create TicketLoginModule = SUFFICIENT
    BasicpasswordLogin Module = REQUISITE
    Create Ticket Login Module = OPTIONAL

  • Creating a package such that its postinstall script runs as a non-root user

    The pkgmap(4) man page I have (says "Last change: 30 Apr 1999"; from SUNWman 42.6,REV=6.1) says of the owner and group fields in a pkgmap entry line:
    "This field is not used for linked files or non-installable files. It is used optionally with a package information file. If used, it indicates with what [owner/group] an installation script will be executed."
    The pkgmap file I get after running pkgmk on my prototype file contains a line like
        1 i postinstall 292 23672 1166416139for the postinstall script. The man page quote above suggests that if I want the script to be run with user and group fred/staff (say), I can hand-edit this line to instead be
        1 i postinstall fred staff 292 23672 1166416139However, pkgadd doesn't like this, complaining and failing thus:
        pkgadd: ERROR: bad entry read in pkgmap
            pathname=postinstall
            problem=extra tokens on input line
        pkgadd: ERROR: unable to process pkgmapFurthermore, there doesn't seem to be anything I can put in my prototype file to get these fields into the generated pkgmap. The corresponding owner/group fields are syntax errors for a package information file in a prototype file.
    All this, and the wording in the Application Packaging Developer's Guide, suggest that the pkgmap man page is wrong and there isn't a way to specify a non-root user and group as which you want your package's install scripts to run.
    On the other hand, the pkgadd confirmation "This package contains scripts which will be executed with super-user permission during the process of installing this package. / Do you want to continue with the installation of <PCBBserv> [y,n,?]" suggests that there might be some way to make a package such that it contains scripts which will be executed with ordinary user permissions, and thus not warrant a confirmation.
    Any suggestions?
    Thanks,
    John

    tpolich wrote:One more quick question, is rc.local run the backround or say if I asked for input would the system boot hang?
    Yes, rc.local itself would hang, but if you background the process inside rc.local using the '&' symbol at the end of the command, then that command will be backgrounded and rc.local can continue.

  • PA30 User Authorizations

    Hi,
    I have developed a webdynpro application which enables users to change their personel details like changing work contact no , emails , cell no etc. the users can access the iview through ESS.
    I am facing some authorization issues as the changes can be done only if a user have authorization for TC: PA30 , But we have non sap users who use ESS and try to change their details. Is there any other way we can get around this problem ??
    Regards,
    Kumar

    Hi Ramm,
    I followed as suggested
    country        infotype         subtype      use case
    08     0040     0011     A1
    08     0105     0001     A1
    08     0105     0005     A1
    08     0105     0010     A1
    08     0105     0020     A1
    Its coming up with an error saying that
    There is an inconsistency in the usecase maintained for this record.
    Message no. HRXSS_PER003
    System Response
    There is an inconsistency in the usecase maintained for this record.
    Procedure
    In order to change the usecase goto the view "V_T7XSSPERSUBTYP" and change the corresponding usecase of the infotype/subtype.
    Thanks,
    Kumar

  • Allow Non-Admin Users Update Software Installed In Their Computers

    Hello All;
    At our location, we have several users who are not always in the office. In some instances, the imac or macbook pro ask for several updates such as Office 2011, and Adobe CS 5 and 6. And, the second issue, these users are not part of the administrator group or ever will be the administrator of their computers.
    Is it possible to adjust the authorization file to allow non-admin users to run these sort of updates?
    or
    Is there a product on the market that can push updates to all these different programs?
    Thanks Kindly

    Is there a product on the market that can push updates to all these different programs?
    Apple Remote Desktop, for one.

  • Allowing non-admin users to use certain programs without authenticating

    I would like to allow certain programs to be run by non-admin users without forcing them to authenticate as an admin. Here is my example: I'm running Parallels Desktop with a VM to Windows. I want to allow my children to use this VM to access Windows programs. But, when starting a VM, the Mac OS requires an administrator to authenticate. Needless to say, I don't want my children to be administrators on the machine. I've been assured that this is not an issue related to how Parallels works (from the support team at Parallels). Instead, this is an issue with the Mac. i'm not sure one way or the other, but it seams useful to be able to (in general) allow non-admin users to use certain programs without forcing them to authenicate as administrators.
    There is only one summary in the Mac help on allowing non-admin users to change the time zone settings by directly editing the /etc/authorization file. Does anybody know if this procedure would work for other programs?
    Thanks!

    If you know what the requested right is, that procedure can be applied to any right in an application with a graphic interface by duplicating and modifying entries. The contents of that file don't control usage of sudo in the Terminal.
    (25922)

  • Regarding Super User

    Hi
    I have given three Super User. Right now i want to give some restrictions to one user , How to do It, Generally if we have given user as super user then we can't do it anything what to do.
    For Ex: PLd cration d Changes Restrictions.
    Regards
    Giri Venkat

    Dear Giri,
    In order to resolve the issue, log in as one of the superuser :
    1. Go to administration --> Setup --> User --> Select the user and uncheck the Super user option.
    2. Then assign the necessary authorization to this user, under Administraion --> System Initialization > Authorization> General authorization.
    Note : For a Super user, the system will apply full authorization to all module, also you will not be able to edit the authorization
              for a Superuser. This is the system definition.
    Regards,
    Rakesh Pati
    SAP Business One Forum Team

Maybe you are looking for

  • Switch device manager not working no matter what I do

    Hello everyone.  I have just purchassed a 8330 and I am trying to transfer all my contacts from my Palm 690 Centro over the BB.  NOthing I do works...all options are greyed out.  I have the most current software for Palm OS and Hot sync.  Can anyone

  • 6602 as X4 encoder/ex​ternal clock

    Hello, Im trying to use a PCI 6602 to read the output of a linear encoder.  I have a few (I think simple) questions about setting things up... Right now I am only using CTR 0 (channel A hooked up to pin 2, B to 40, and Z to 3).  I have been trying to

  • Why do I REPEATEDLY get "Activation server is temporarily unavailable"  when trying to complete iPhone 3GS Restore?

    Why do I REPEATEDLY get the message "Activation server is temporarily unavailable"  when trying to complete iPhone 3GS Restore? I live in Italy and am using an unlocked phone originally sold in the US.

  • How to install Sun solaries 9 or 10.

    Hi, I am trying to install Sun solaries 9 or 10.over AMD 64. Please guide me to install sun on AMD. Any help greatly appreciated. Thanks, Chandan.

  • Incorrect Key Photo

    I sync my iPhoto library to a Nano 4g and a Touch, both by syncing All Events. On the Touch in the Photos display the correct Key Photo thumbnail is shown against each Event description, but on the Nano the first 9 events have no kay photo thumbnail