Sec. Optimization self-service - Customer specific auth Checks

Similar Messages

• Security Optimization Self-Service. ST13

  Hi There,
  Using transaction ST13 to define customer specific checks, I am able to input KeyFigure & Comments .
  1. Is is possible to have these Info in the SolMan report ? how could I do that ?
  2. Are the rules in this area evaluated / grouped by Key Figures? or in contrast all rules are evaluated together undependably of what they have as key figure ? in that case what is the reason/function of the key figure?
  Thanks in advance,
  FedeX

  Hi,
  I still test and no quit sure if I am doing the right process...what I have done:
  use st13 to create my own alerts > 9000.
  use st14 for creating the report on target system... I check on the target system and by viewing data of the generated report there is a list of users because security specification > 9000.
  export report to SolMan ... successfully
  on SolMan ... what are the steps that I have to do?..I am not quit sure ... I go to session workbench ...here there are already some info of the previous check that I did days before ......  I click on the option collect data (ST13, ST14)..I delete the old number and introduce the new GUI Number and click on collect button... the rest of the fields are filled in ... and no additional message appear..
  one of the existing entries on the left side  is Customer specific Auth check ...it is in red..
  being on the collect data (ST13, ST14) entry I just click on save + next open check an the focus/cursor jump automatically to the last entry check session consistency  I do not identify any change in the entry Customer specific Auth check which still red and not showing the expected list ( what I see in target system)
  well hope this give some idea about the issue and possible solution
  Thanks
  FedeX

• Security Optimization Self-Service. Checking profiles

  Dear All,
  I am using Security Optimization Self-Service and would like to know if there is a way to implement a "customer specific authorization check" to evaluated if somebody is granted with profiles SAP_NEW or SAP_ALL_DISPLAY.
  I will appreciate ideas and suggestions.
  Regards,
  FedeX.

  No idea, but if there is nothing in the trace or SU53, then typically the check is either performed against a different user (possibly in a different system) or it is dependent on a config setting first, and not authorizations.
  Normally I look around in the menus of the transaction to see whether there is a config option there, failing which use System -> Status -> Navigate and expand the object hierarchy. Keep your eye out for a view.
  Otherwise, take a look in the PBO (Process Before Output) module to see what is setting this in the dynpro.
  A shot in the dark, but might help in the right direction.
  Cheers,
  Julius

• Error for customer specific Authorization check (User Exit)

  Dear Experts,
  I am facing a problem in PM.
  I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
  I have released the order and got the inspection lot number.
  While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
  "Error for customer specific Authorization check (User Exit)"
  Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
  If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
  I have checked the following user exits:
  QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
  QQMA0026: PM/SM: Auth. check when accessing notification transaction.
  The above 2 User Exits are not active.
  I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
  Please some one help me on this issue.
  Thanks and Regards,
  Praveen.

  Dear Pete,
  I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
  Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
  At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
  Regards,
  Praveen

• Java BAdI implementation for Customer specific Spell check

  In IS-M/AMC, I am working on implementation of a Java BAdI, namely ICustSpellCheck, which enables Customer Specific Spell check instead of the standard MS-Word spell check. Could someone provide pointers on the java code that goes into different methods of this class?

  Hi Dharmendra,
    Check if this is your case..
  Note
  This Business Add-In is not suitable for checking individual field content in an installed base, or installed base component: To do this, see Business Add-In: Additional Checks When Modifying Installed Base Headers and Business Add-In: Additional Checks When Modifying Components.
  Regards.
  Manuel

• Performance Optimization Self Service- SAP help requirement

  Hi,
  I want to know whether for SAP's help is required for performing the self service of Performance Optimization.
  If we collect ST12 trace and use it to perform the self service then is the report which is generated from the self service sufficient to take further action or will I need some SAP expertise to implement / take corrective actions?
  In short, whether I can do the Performance Optimization by myself or I need help from SAP?
  Regards,
  Vishal

  hi,
  1) Is this service available to all the customer? (by all the customers I mean "Max Attention", "Enterprise Support" etc)
  i answer this above is it, from mz above reply, have you checked
  enterprise support customers can get five EGI sessions as free per year. please check
  http://service.sap.com/esacademy
  - click browse egis
  for your second question also I answered above
  Does the report itself gives suggestions or we need to provide the report to SAP
  here my reply above
  because Guided procedure itself the proven methodlogy from SAP, the report provides the lots of suggestions against the SAP best practices.
  you can use it yourself most of the time. if still you need expert guidance from SAP, book for EGI sessions. they called as expert guided implementations, remote support. duration might vary based on the session.
  again, service report is the source, you have to review yourself, if you are in EGI, sap use that report for guiding. Please review
  Thanks
  Jansi

• Security Optimization - Self Service

  Hi There ,
  I am trying to reproduce a "howto" document regarding SECURITY OPTIMIZATION WITH SOLMAN.
  I was able to run ST14 in the analyzed system and sent it to SolMan. But I do not find the way to find the "Security Optimation - Self/Service" option in SolMan in order to see or load the ST14 results.
  (The version of ST-ICO is 150_700)
  I will appreciate any idea
  FedeX

  Thanks Paul,
  I was trying this part :
  On Solution Manager you can see this data in the Service Session.
  DSWP > Service Plan >Self Delivered Services > System Security Optimization > SDCCN Data
  Then you can view in Session Workbench, create your questionniare, etc.
  But I do not get shown the option "System Security Optimization"
  The option list that I get under Service Plan is
  SAP Delivered Services | Self Delivered Services | Service Channel | Certificates | SDCCN Data | Graphics
  when I select Self Delivered Services  I get like the column of a report with the following colums
  Service  I Status I  Planned on  I Project  I Milestone
  btw I also try SDCCN Data option but there is like a kind of criteria for report there (Selection criteria)
  Some idea how to get the option System Security Optimization displayed ?
  Thanks in advance
  FedeX

• Security Optimization Self Service and EWA

  Hi,
  I am curious if you can keep on using the same SOS session?
  The ST14 data is of course different from every collection, but what about the preliminary data collected from the EWA download? Is this getting updated in the session (which I doubt) or do you need to close the current session and then create a new one?
  What about if you reinitialize a session fx. once a month. Will the data from the weekly EWA download then be updated?

  Hi,
  Thank you for responding.
  This was also what I expected, so thanks for confirming this.
  Do you by any chance now why there are three checks (0303-0305) which is not rated, and do not contain any data at all? The data is collected in the ST14 upload.
  I tried asking this in the security check department a couple of weeks ago, but it was apparently not the right place, since I have not got an answer :-).
  Note 837490 says that this could be because ST-SER is newer than ST-A/PI, but I have got the newest version available.
  Thanks

• Self Service Security Tool

  Hello All,
  Can anybody let me know the step by step procedure on how to use the self service security checks tool used in solution manager for Audits..

  Hi,
  Apart from the note, have you checked that the user starting the ST14 data collection has
  all the authorizations acocording the note above?
  Are you able to display the information collected in transaction ST14
  under the Utilities ->Analysis browser menu option?
  Please check also the following note that can be helpful:
  967938 - Security Optimization Self-Service: SDCC download
  Please also review and follow the steps described in the documentation
  "HOWTO: Using the Security Optimization Self Service" ?
  The documentation as well as SAP Tutor file are available in the
  path below in service marketplace.
  http://service.sap.com/sos
  -> Media Library
  Please firstly review the documentation and ensure that the steps
  are followed correctly.
  Hope this helps.
  Cheers
  SH

• ?Embedding custom region as an extension to seeded self-service page.

  Hello Tapash/All,
  I am extending one of the self service pages to add extra fields on the page to capture information.
  This is what I am planning to do based on the comments (from Tapash) that I got from my previous post.
  1. Create a custom table with additional columns with the primary key column that I need to capture.
  2. Create an EO, VO (based on the custom table) and AM.
  3. Create a Region RN.xml (advanced table) for the additional fields (for INSERT, UPDATE and DISPLAY on Query)
  4. Create a Controller CO on the Region (code to commit the trx in AMImpl)
  5. Attach this RN.xml to the seeded page via personalization.
  My question is:
  Where and how will the entered data on the new region get inserted/updated into the custom table ? ( Since, I can't create an **Apply/Submit** button separately for the new region....because there is an ***Apply/Submit*** button already exists on that page to process the seeded data.)
  Should I extend the Page controller to invoke the apply method from the AMImpl ?Please let me know and Thanks for all the help.

  **********Message not found. Application: FND, Message Name: FND_VIEWOBJECT_NOT_FOUND. Tokens: VONAME = xxSuppRegVO; APPLICATION_MODULE = oracle.apps.pos.suppreg.server.SupplierRegAM;
  Check if your custom AM is mentioned in the region xml file and not the seeded AM, because oracle.apps.pos.suppreg.server.SupplierRegAM , looks to be seeded AM.xxSuppRegVO is a custom VO, rite and you have not extended any seeded VO? If you have extended seeded VO, have you done substitution and uploaded jpx file on server?--Mukul                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Custom Self-Service Request

  Hi All,
  I have created a custom Self-Service Request i.e. "CASH ADVANCE" using EIT.Done all the setup in
  HR & AME(Approvals upto 2 positions up.What i have done the setup:
  1) Created an EIT for CASH ADVANCE
  2) Created a function for CASH ADVANCE
  3) Added the Function to the Self-Service Menu
  4) Run "Register Extra Information Types" for "CASH ADVANCE"
  5) Ceated a Condition in AME using existing Attibute
  6) Created a Rule also in AME
  7) Enabled profile options for Personalization
  8) Profile options for BG, Security Profile & Usertype are set
  Yet to be done:
  1) Need to enable DFF segments in Self-service page using Personalization for CASH ADVANCE segments
  After enabling profile options for Personalization, when i selected the Request..
  It is showing Error as shown below:
  Error:
  The selected action is not available. The cause may be related to security.
  Contact your system administrator to verify your permission level for this action.
  Pl guide me where i have to check? I appreciate inputs from anyone.
  Thanks.
  Regards,
  Siva

  hi Siva,
  Please add the Function you have created for 'CASH ADVANCE' to following menus also:
  1. Personal Actions Menu
  2. Manager Actions Menu
  3. Global Self Service Functions Custom
  The prompt in 1 and 2 should be same as you have given in the Menu through which you are accessing this function.
  Regards,
  Manuj

• Error: Create customer specific areas with services

  Hi Experts,
  I am facing problem while creating customer specific areas with services. We have a development for Appraisals and trying to make it work via ESS.
  I have defined resource for area page, defined area, assigned area to an area group page.
  Still the Area is not displaying on Area page.
  Please let me know as to where I have gone wrong.
  Thanks!

  You need to create your workset, and check the URL in PCD of the Iview

• Is multi-factor auth required for self-service password reset and portal registration?

  Hi, hoping someone can give some clarity on this.  I'm dealing with strictly online accounts, no AD sync to local servers.  I have enabled and configured self-service password reset in AzureAD.  In that config I have required users to register
  their alt contact info when logging into the portal.  While testing this, I don't get prompted to register unless I've enabled multi-factor auth for the test user account.  I need users to register in case they need to use SSPR, but I don't want
  to force them into MFA.  I've gone over the following article and it says nothing about requiring MFA for SSPR or forced portal registration to work.
  https://msdn.microsoft.com/en-us/library/azure/dn683881.aspx
  I know there is a separate link for the registration portal that will guide users through the process, but that's a separate link.  Maybe they'll set it up, maybe they won't.  I'd like for the first sign-on to be a smooth process that gets them
  set up for SSPR if needed.  Can someone clarify and point me in the right direction? Thanks.

  Hey acook15,
  I work on the password reset engineering team.  Right now, you are correct, you cannot enforce registration for password reset during first sign in.  This is a feature that we are working on right now, which will be available very soon for sign
  ins to Azure, your connected apps, and the access panel, and will come a bit later for Office 365 sign ins, as well.
  In the interim, you can configure SSPR to require users to register when they access the access panel at myapps.microsoft.com by following the instructions here: http://aka.ms/customizesspr (search for "Require users to register when signing in to the
  access panel?").  
  You can also read more about other ways to get SSPR data in the system for your users here: http://aka.ms/ssprbestpractices.  Let me know if this helps, and if you need to get in contact with me, feel free to email me at [email protected] 
  Regards,
  Adam.
  Adam Steenwyk | Senior Program Manager | [email protected]

• Archiving of Delivery documents -Customer specific check

  Dear All,
              While we are trying to create a routine for customer specific check in archiving delivery docs, we encounter the following error.
  <h3>In the program SDCLVOFM, for Class RELK related to deliveries, we are trying to copy the standard routine 001 (SD_LIKP_SAP_1) for carrying out the necessary changes.</h3>
  However the system does not allow us to copy due to the fact that the routine does not have any CODE whithin the routine. This is really strange, being a standard SAP object.
  Also we cross verified this witht he report SDINVOFM for the same class and the standard routine 001. By doing so we found that he ABAP code is missing for this routine.
  Request your inputs for activating this Routine and inputing the required code / copy the routine.

  Closed by myself

• Custom FPM Application: application variant and self services config in PCD

  Hello,
  I've created a webdynpro based on FPM framework and created a FPM Application using the Self-Services administrator too.
  My question is, how do I get the application variant so that I can create an iview out of this custom fpm application?
  For example, the perspective of my FPM application has the custom wd FPM View and I'd like to add more fpm views to it.
  If I want to create a page for this FPM app, I need to be able to "see" these added FPM views as application variants while creating the iviews and page.
  For all the delivered SAP components/dcs there already present the FPM Applications in the PCD.
  How about custom developed FPM apps?
  Any help is greatly appreciated.
  Thanks,
  Rajit
  Edited by: Rajit Srinivas on Apr 8, 2008 8:47 AM

  Anybody, please any ideas?