SAP_ALL ACCESS

Similar Messages

• How do I copy transport files SAP_ALL access but no RFC.

  Hi All:
  <u>Background:</u>
  I have two window servers. They are on two different transport domains. I have SAP_ALL access to both and File system access to one, lets call it DV1. I also have remote desktop access to DV1.
  DV2 (seperate transport domain) can ping the first server but not establish an RFC connection (router restrictions: Unchangeable!). No OS level access to this machine.
  <b>I need to move a complete package (called ZHR1) from DV2 to DV1.</b>
  Is there a way to do this?
  Thanks
  <b>T.M</b>

  Hi Tony,
  As I understand it, you've created a transport in DV2 containing the complete package ZHR1. You've released the transport in DV2 which has created a data and cofile in the transport directory of the server hosting SAP system DV2.
  First question. What Basis release is system DV2? You may have the opportunity to download the data and cofile from the transport directory using AL11 to your workstation. After that, you can store the downloaded DV2 data and cofile in the transport directory on the server hosting SAP system DV1 (where you say you have O/S level access), with the correct file permissions.
  Once you have stored the DV2 data and cofile in DV1's transport directory, you can import it in the normal way.
  Gary

• Security batch job to evaluate users with SAP_ALL access:

  Hello,
  I need to run some kind of batch report or program that runs for users that have SAP_ALL access.
  Basically we need to run a report or program that shows what these users that currently have SAP_ALL are executing on a daily basis.
  Do you have or know of a report/program that we can schedule nightly to find this information out ?
  Thanks,
  Steve

  Hi Steve,
  I don't think any SAP standard report or query is available for this. You probably have to design your own Z report/query to achive this.
  However since SAP_ALL is a restricted access and you will have very few users with this access, if you want to find it out programs/transation being executed by these users, it can be done manually from ST03, through "Memory Use Statistics", probably this may help to identify the tables using which you can design your own report.
  Regards,
  Sanujit
  Edited by: Sanujit Purohit on Jul 20, 2010 2:25 AM

• Doesnot ask for access key. error No authorization for the 'S_DEVELOP'

  Hi,
  After applying patches,in transaction F-43 one of the field Inv Recd Date( BSEG-ZOLLD) is not getting displayed.
  after analzing we found that ZOLLD is not there in screen SAPMF05A(0302).
  in my development server when i try to change the screen it says "You have no authorization for the authorization object 'S_DEVELOP', which would allow you to change the screen concerned"
  my profiles contains sap_all and sap_new rights even then I am getting this error.
  Why doesnt it ask for access key ?
  Kindly guide me .
  Regard

  > Please check in Su24, if iy has S_develop object or not,
  In SU24? why? and what or who is "iy"?
  > since you say you have SAP_ALL access please regenerate SAP_ALL its a composite profile this should work fine.
  What does the fact that it is a composite profile matter? Besides that I've already made a remark about regenerating it.
  > But you need to check at SU24 against f-43 whether S_develop missing or not,if missing please insert manually
  Ehm, do you really think the SU24 settings for a transaction influence the changeability of it's underlying screens/programs etc? It will not matter at all what you do with S_DEVELOP in SU24.

• SOCO, when PO creation "No authorization to access document BBP_PD_PO"

  Hello,
  I am in SOCO transaction trying to creta a PO from two SC.
  I have this error "No authorization to access document BBP_PD_PO"
  Someone know who to resolve it?
  Cheers,
  Marta

  Hi
  Seems like Z roles created in the PFCG transaction by BASIS team is having problems.
  For time being, to verify this, Try giving SAP_ALL access to the user to confirm the same. Ask BASIS guys to help you out.
  In Transaction SU53 -> you can get the detailed Authorization object missing in the user's profile.
  Try executing the same transaction in SRM GUI and then you will be able to get to know that which Authorization object is missing.
  Regards
  - Atul
  After attaching the missing object in the user's profile, the problem will be solved.

• Restricting RFC User access

  We have some RFC users with SAP_ALL access.
  Auditors placed it in high risk .Now we have to trace what access is actually needed for these users and revoke SAP_ALL
  I tries two options
  1.used ST03G to find the tcodes being used by RFC users.However, this is not of much help
  2.Use the Security Audit logs(Cumbersome to collect 2-3 months data)
  Its there any better and easier method to find what access is need by an RFC?
  If anyone done this excercise please help me out!
  Regards
  Deepa

  Hi Deepa.
  I would have attacked it with a reverse trace.
  First of all to remove all authorisations from the user.
  Then add object S_RFC to a role and assign it to the user.
  Activity 16
  RFC_TYPE FUGR and
  RFC_NAME = ' '  (Make sure RFC_NAME is not * otherwise you might open new vulnerabilites)
  Now you can start the trace and execute the job that is to be done, now only add what is neccessary for the program to run.
  In many cases it is just an additional RFC_NAME to be added.
  Regards
  Fredrik

• Error in creation of source system

  Hi Experts,
  We are facing a problem while creation of source system. We are getting an error "You have no authorization for basic types (activity 03)" Kindly help me to resolve this issue.
  Regards,
  Jitendra

  Hi there,
  if you get the error again, please go tcode su53 directly and see for which object the authorization is missing. I understand you have SAP_ALL access but for any authorization issue we normally go to SU53 tcode and verfiy.
  So once you get the object name then go to SU01 and open your id. Go to authorization tab and find for that object and see if '03' activity is assigned to you or not.
  If this step is absolutely fine then we can think of alternative solution.
  Regards,
  Anup

• Employee Data in Dev Client

  We did a client copy from Prod to Dev. Now the HR data is in Dev client. Dev client use to be the playground for our IT staffs to do development and testing with SAP_ALL access.
  Do you think it is a risk and we should remove the SAP_ALL from IT staffs?
  Please share how your manage this in your organisation. TQ.

  Hi
  If you think k in the near future some of your processes will be moved to production and you r not 100% live on the producton system at present than no need to deleate the data only deleate the data related to the salaries like IT- 0008, 0014, 0015, 0045 etc payroll infotypes data because all this is a sensitive and confidential information.
  This is so because in near future you need to provide some test cases or test data to user. Or user have to create the new one.
  Thanks
  Sheetal

• Additional functions in ECC 6.0 compared to 4.6C

  Guys,
  What are the additional features that we have in ECC6.0 when compared to SAP Is-Oil solution of 4.6c.

  Hi All,
  How will I know whether I'm in User view or in Technical view?
  I have SAP_ALL access and still I'm not able to find the 'Change work item' option in SBWP.
  How can an Administrator logically delete a work item? I didn't find any options for logically deleting in transaction SWIA either..! Is there any other way to do this?
  Thank you,
  Renu

• JDBC - XI - IDOC scenario, SM58 error

  I am trying to set up a scenario with JDBC -> XI-> IDOC.  I seem to get the data, but when I look at it in SXMB_MONI, I get the checkered flag, for the overall status, but a red flag for the outbound status.  This led me to SM58 where I see this error "No authorization to send IDocs with message type Z...".  It shows the caller ID as being XIAFUSER (which is different from the ID I have created on the receiving SAP system) and is in function module IDOC_INBOUND_ASYNCHRONOUS.   On XI, I have the RFC (SM59) and Port (IDX1) setup for the receiving SAP system.  The receiving system has an ID setup (used in the RFC on XI), has a partner profile, port, logical system, and a RFC to XI setup.
  Any ideas on where to track this down?  I tried giving XIAFUSER sap_all, and it still fails and this ID does not exist on the receiving system.

  HI,
  Just to inform you that, if any SM58 error, mainly because of IDX1 entry and RFC destination .
  So that;s the reason , i just suggested to check this SAP note.
  Now you have given SAP_ALL access to test right ? Even you can check with this SAP note-837595
  Also check that SM59 (RFC destination) in XI system uses any User ID ? DO not select CURRENT USER option here.. and check it
  Regards,
  Moorthy

• CRM 7.0 security model & accessebility of data at table level

  Hi CRM Experts,
  Firstly i am new to this topic 'CRM 7.0 security model' and i want following information from you, my simple requirement of my  on going project.
  1. what are different types of roles in CRM 7.0 system and how to define those roles & which table all the role information is stored in CRM 7.0 ABAP & Java stack installled system.
  2. How are the ABAP & JAVA roles are different from each other in CRM 7.0 system.
  3. How to define portal roles in CRM 7.0 & which table or storage location these portal roles data are stored & is there any way we can extract them from CRM system, if any webservice or any mean this can be achieved?
  Basically i am interested in users/roles/authorization data in CRM 7.0 for both ABAP & JAVA stack system. please help me achieving this requirement.
  Thanks,
  Digamber.

  Digamber,
  For an overview of the changes in CRM 7.0, visit the following link:
  http://www.sap.com/germany/solutions/business-suite/crm/SAP_CRM7_Highlights.pdf
  In respect to Security model, CRM 7.0 is a bit different, where a lot of functionality is executed via BSPs that are run on a browser. However, the authorizations should be still need to assign in the the backend.
  For CRM specific security guides, I recommend you visit the SAP link - http://service.sap.com/security
  In the left pane hierarchy, go to 'Security Guides'. Scroll down to find the CRM section and download the required guides.
  Also, further there are new concepts like WEBCLIENT UI (an extra authorization layer, which is UI COMPONENT LEVEL and logical links. (Controlled by object UIU_COMP)). Standard authorization setup in the new WEBUI client is now controlled by both backend authorizations and the UIU_COMP. That means even if the user has SAP_ALL access, he will not able to perform any actions.
  Hope this provides some light!!
  Rgds,
  Raghu

• Not able to replicate Vendor from R/3

  Hi
  We have recently upgraded the EBP from 4.0 to 5.0. I am using REPVEN to do this which was working fine in SRM 4.0. But when I run this transaction I get error
  "Error carrying out job. Execute program directly  Message no. BBP_BPRM047"
  The programme used by this transaction is EBP_VENDOR_GET_DATA_JOB.
  I have also tried to do this thru BBPGETVD. Here i get the error that Object ID does not exists. I am using the same object ID which was used in the above transaction.
  I want to know whether Object Id gets changed after the upgradation. Also i want to see this object ID. Where to check this object ID of vendor. I dont have authorisation ppomv_bbp.
  Thanks in advance..........

  Hi
  <u>Ideally you should be having SAP_ALL access, before you replicate the Vendors from R/3 to SRM using BBPGETVD Transaction.</u>
  <b>Ask you BASIS team to provide atleast all the require authorizations to your SAP UserID in this case.</b>
  <u>Here are the detailed steps in the links below -></u>
  http://help.sap.com/saphelp_srm50/helpdata/en/56/54f137a5e6740ae10000009b38f8cf/frameset.htm
  Re: How to enable the Initial load of Vendor and Material replication
  Re: Vendor replication Error. SAP R/3 to EBP system
  Re: External number assignment - vendor replication
  Re: Vendor replication: Delta modification : Report BBP_VENDOR_SYNC  : SLG1
  Re: Vendor replication
  Re: Vendor replication
  Regards
  - Atul

• No authorization to purchase from product category

  Hi
    I am trying to add an item to the shopping cart. When I press "Add to Shopping cart" the following warning message came.
  No authorization to purchase from product category 'Raw Materials'.
  How should I assign this authorization to my user name(I have all the admin privilages).
  Thanks for your help
  Vidya

  Hi
  In the transaction PFCG, for the role of Startegic purchaser,under the Personalization tab,set the attribute BBP_WFL_SECURITY to '4'.Also,check the authorisation data for the Strategic purchaser role.
  Check by giving SAP_ALL access to the user for time being.
  Regards
  - Atul

• No authorization to purchase from product category X

  Hello,
  when I click on shop and select the product (relicated from BE), while adding this item to SC got the error 'No authorization to purchase from product category xxx', but for the same material and product category I can create a free form SC or PO (through process purchase order) or a contract. I have assigned the rite Product categories to user and PGRP. pls let me know if you have seem this message before?
  Thanks,

  Hi,
  Please assign the product category in the extended tab in transaction PPOMA_BBP for the user.
  In the transaction PFCG, for the role of Startegic purchaser,under the Personalization tab,set the attribute BBP_WFL_SECURITY to '4'.Also,check the authorisation data for the Strategic purchaser role.
  You can check by giving SAP_ALL access temporarily.
  BR,
  Disha.
  Do reward points for useful answers.

• Authorization object to view Maintain Performance Documents on MSS

  Hi Experts,
  Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
  It gives following error :
  java.lang.NullPointerException
       at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
       at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
       at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
       at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
       at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
       at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
       at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
       at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
       at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Would appreciate kind guidance to resolve issue.
  Thanks in advance.
  Aashish

  I am closing this thread as opened at wrong place.
  Thanks,
  Aashish