Security Role for RZ70
Hi Guys,
Which security role provides access to RZ70. Also when I added all the SLD roles I am told I do not have authority to change SLD administration, instead of not being authorized for the transaction.
Regards,
Chris
Hi,
It seems your SLD hasnt been registered onto the SAP gateway.
Have you setup your Data Supplier Bridge properly Access information in T-code SLDAPICUST
check this post
Re: No Message Server defined
tcode rz70 ( program RSLDADM ) is part of SAPKB62019. In this report you could check if any special Security roles have added
Refer,
Re: RZ70
Re: Accesing multiple R/3 systems from WD application
Thanks
swarup
Edited by: Swarup Sawant on Feb 23, 2008 4:43 AM
Similar Messages
-
SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.
Have an issue.
I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
But when user runs reports, he gets nothing:Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.
-
I am creating a supervisor role for QE51N. I want the supervisor to be able to enter results, validate, and complete the process. Say if they enter results, I don't want them to be able to complete the process for themselves, only for other users. Any thoughts, suggestions or ideas on how to accomplish this?
No. not via normal security. You would have to utilize user exits at different points to verify that the person doing step B is not the same as the person doing step A.
Craig -
Security-role for java web services developed using j-developer 10.1.2.1
I have developed a java web service using j-developer 10.1.2.1, I have deployed this web service to oracle 10g (10.1.2.1) application server successfully. Now I want to add security-role to my web service deployment descriptor so that only a group of users that belong to a group can access my web service.
How can I do this? Can any one please let me know.
Thanks,
SC.Hi.
I suspect you have a proxy server between your localhost and the
drive-app1.drivesoftwaresolutions.com
Probably in Jdev that proxy is setup nicely in Tools->Preferences->Web Browser and Proxy
But maybe your OC4J container running BPEL on localhost does not have that proxy setup.
You need to add startup parameters to the JVM. In 10.1.3 you can do this via the "AS Control" administration pages (there is a link on the SOA suite welcome page). Go to JVM, click on the container and switch to the "Administration" tab.
The properties are proxySet, proxyHost, proxyPort and nonProxyHosts
When deploying from JDev, the compilation in JDev works fine (uses the proxy). But when the JAR is transferred to the server, it is compiled again. This fails because the proxy is not used on the server side and it cannot read the wsdl. -
Change SQL 2012 Security roles after installation
I installed SQL 2012 SP1 Standard edition and during the setup it asked me for the users for various service . I choose to keep them as default
After the installation i could see the services were not started, so i changed everything to Local System
Also in future i may need to change them to run under some domain service account.
What steps do i have to take to make sure approprate rights are granted to the accounts that run the SQL services. I could see Local System just had Public security role.
Can someone guide me on verifying what the security roles for accounts should be.running them as domain account is a good thing and it does not need to part of admin group.
make sure your domain account has access backup paths/locations.
Also, make sure your account has "perform volume maintanence tasks" - to make use of INF.
Is your system 64 bit or 32 bit. if 64 bit, you are okay else you will need to enable lock pages in the memory for the service.
Below are the links to some articles that talk about this:
http://www.mssqltips.com/sqlservertip/2503/how-to-create-secure-sql-server-service-accounts/
http://blogs.msdn.com/b/askjay/archive/2011/02/28/required-rights-for-sql-server-service-account.aspx
http://technet.microsoft.com/en-us/library/ms191543(v=sql.110).aspx
http://blogs.msdn.com/b/sqlserverfaq/archive/2010/05/28/inf-permissions-required-for-sql-server-service-account-to-use-ssl-certificate.aspx
Hope it Helps!! -
Run a workflow with a low security role profile
Hello,
I created a workflow that is sending an email to the administrator when a certain action has to be done. To make sure this workflow has actually been running, I ended it with a step that update a two option field as 'Email sent'.
I would like to lock this field for users because I only want them to read it but not change its data. So I enabled security role.
The problem is that since I made that, the workflow cannot be run because users don't have the security role to change this field.
I found out while browsing thrgough the internet that I had to check 'Execute as the owner of the workflow', but this didn't help.
So does anyone has a response to my problem or another way to manage it? A solution that does not involve any code because I'm not working in IT at all, we're a small company and so I'm a salesman.
Thanks for your help.
SylvainHi,
Create these 2 fields as non-searchable fields so users cannot search them. If the user does not need to change these fields, make the fields read-only on the form. There is no need to use security role profile and play with
security roles for this.
Hope this helps.
Minal Dahiya
blog : http://minaldahiya.blogspot.com.au/
If this post answers your question, please click "Mark As Answer" on the post and "Vote as Helpful" -
I'm going for a project that needs to identify security roles for ECC5.0,can anybody send me some document about it?
thanks in advance.So it generating an error when you log into the planning application, if so did you edit the datasource for each of the applications and update the essbase password
Cheers
John
http://john-goodwin.blogspot.com/ -
Hi all -
Could someone shed a light on the SLD security roles for me ?
SLD is running fine (on a EP JAVA WAS) but I seem to miss the roles that come with it (LcrUser, LcrAdministrator, etc...)
Can I import/deploy/create them ? When do I use the 'Assign User Groups to Roles' from the VA - SLD Data Supplier ?
thx guys,
PaulHi everyone,
the assignment of SLD roles can be done from the <i>Policy Configurations</i> in the <i>Security Provider Service</i> in the Visual Administrator. Once you are there you'll have to choose the <b>sap.com/com.sap.lcr*sld</b> component and then click the <i>Security Roles</i> tab. From there you should have access to the SLD roles. Since the SLD roles are J2EE roles (they won't show up in the User Management console) and you can assign them to users/user groups from VA.
You can use the "Assign roles to groups" button in the SDL Data Supplier service in case the UME is used with an ABAP backend user sotre. In this case the ABAP user roles will appear as user groups in the J2EE Engine. If the J2EE user groups are created after the SLD server has been deployed, you can perform the mappings by using the SLD configuration service in the Visual Administrator.
For documentation of the above, take a look at the Post Installation guide from service.sap.com/sld -> Media Library.
Hope this helps.
Regards,
Yonko -
Advice needed: what does your company log for SAP security role changes?
My client has a situation where for many years, they never logged changes to SAP security roles. By that I mean, they never logged even basic details, like who requested a change, tested it, approved it, and what changed!! Sadly their ticketing system is terrible, completely free-form text and not even searchable.
Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
I plan to recommend, at least, they need to use a unique# (a ticket#, or whatever) for every change and update the same in PFCG role desc tab, plus in CTS description of transports... but what about other details, since they have a bad ticketing system? I spoke with internal audit and change Mgmnt "manager" about it, and they are clueless and will not make recommendations. It's really weird but they will get into big trouble eventually without any logs for security changes!Does anyone here use Word docs, Excel sheets, or some other way to capture security role change details? What details do you capture? What about Projects, that involve dozens of changes and testing over several months?
I have questions:
a) Do you want to make things straight
b) Do you want to implement a versioning mechanism
c) You cannot implement anything technical, but you`re asking about best "paper" practise?
The mentioned scenarios can be well maintained if you use SAP GRC Solutions 10 (Business Role Management)
Task Based, Approvals, Risk Analysis, SOD and role generation and maintenance in a structured way (Business Role Management). Workflow based, staged process with approvals.
PFCG transaction usage will be curtailed to minimum if implemented fully.
Do we really want to do things "outside" PFCG?
@all:
a) do you guys use custom approval workflows for roles?
b) how tight your processes are? how much paperwork, workflow, tickets, requests and incidents you have to go through to change a role?
c) who is a friend of GRC here, raise your hand
Cheers Otto
p.s.: very interesting discussion, I would like to learn something here about how it works out there in the wild -
Configure security-role and method permission for EJB 3.0 using Jdev 11g
The EJB 3.0 session bean created by Jdev 11g EJB wizard does not have ejb-jar.xml. Where and how can security-role and method permission for the EJB be configured?
For example,
<assembly-descriptor>
<security-role>
<role-name>managers</role-name>
</security-role>
<method-permission>
<role-name>managers</role-name>
<method>
<ejb-name>Employees</ejb-name>
<method-name>setSalary</method-name>
<method-params>
<method-param>java.lang.Long</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>user516954,
By default annotations are used. However, you can create a new descriptor and that will take presidence over any declared annotation.
--Ric -
Hi,
I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
security-role>
<description>Authenticated</description>
<role-name>Authenticated</role-name>
</security-role>
This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
In weblogic, I have the following setting in weblogic.xml
<wls:security-role-assignment>
<wls:role-name>Authenticated</wls:role-name>
<wls:externally-defined />
</wls:security-role-assignment>
And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
I am wondering if this setting can be specified in for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
ThanksHi,
You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
Hope this will solve your problem.
Regards
MuRam -
SAP Security Report for single and composite roles
Hi
I have a requirement to create a cutomize report in SAP Security.
I have to display Composite roles,corresponding single roles,the tcodes assigned to those single roles and the description of t- codes. The selection screen has composite roles,single role and T-code which are optional.User can enter selection in any of the selection critreria.How should I go on this?If user gives only composite roles on the selection for e.g 'TEST'. for this role I get suppose 3 child roles 'TEST1' 'TEST2' 'TEST3' from table AGR_AGRS.Now to get the tcodes i go to table 'AR_1251' and I get the tcodes.
But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.for e.g, 'TEST' 'SAP1' 'SAP2' etc..Now if go to get the tcodes for this single role in AGR_1251,I will ceatainly get the tcodes for eg MM01,FB01,etc.But then how would I know whether MM01 belongs to composite role 'TEST' SAP1' or SAP2' for the single role 'TEST2'.
Please advise.
Thanks
Edited by: Julius Bussche on Aug 13, 2009 4:52 PM
Subject title improvedI though of seperate selection options for singles and composites, but you also said:
> But if user give only single role on the selection for eg 'TEST2' ,for this single role 'TEST2' there would be multiple composite roles.
My suggestion would be to build better single roles, but that is just me...
Cheers,
Julius -
NWA 7.3 : Looking for "security roles" (Policy Configuration) ...
Hi guys,
We deployed a simple application in our new SAP NW 7.3 JAVA instance; by calling the application, we receive "error 403 : Error: You are not authorized to view the requested resource."; this was fixed wihtin NW 7.x by adding a user/group within security roles of the selected component ( Visual Admin => Security Provider => Policy Configurations => select component and than security roles );
where to do this within NWA 7.3 ?
any ideas;
Thanks
OliverHi Oliver,
Procedure
Start SAP NetWeaver Administrator with the quick link /nwa/auth.
Choose Components.
Select a policy configuration.
On the Authentication Stack tab, choose the Edit pushbutton.
Determine if you want to use an existing template or if you want to change the policy configuration of the current component.
To use an existing template, select a template from the Used Template field.
For authscheme references, select a template from Used Authscheme.
The component uses the settings and authentication stack from the template. To edit these settings, edit the settings of the policy configuration template. To create a new template, see Creating Authentication Stack Templates for Policy Configurations.
To change the policy configuration of the current component, do the following:
Add and remove login modules as required.
The system applies the login modules in the order they appear in the list.
Set a processing flag for each login module.
For more information about login module flags, see Policy Configurations and Authentication Stacks.
Add and remove any options to the login modules.
Set the authentication stack parameters according to the type of policy configuration.
Please,go through below help file
http://help.sap.com/saphelp_nw73/helpdata/en/4a/734e26fa92731fe10000000a42189c/frameset.htm
Cheers
Revanth Pasupuleti -
Authorization check for caller assignment to J2EE security role
Dears experts, in the default.trc logs in, my Enterprise Portal NW2004s, appear this error:
#1.#0018714E4A14005E000027E1000057B8000441BB7EF2FC03#1198173451524#com.sap.engine.services.security.roles.SecurityRoleReference#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleReference#Guest#2126####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ : ] referencing J2EE security role [ : ].#5#ACCESS.ERROR#service.jms.default.authorization#administrators#SAP-J2EE-Engine#administrators#
#1.#0018714E4A14005E000027E5000057B8000441BB7F8BDC21#1198173461543#com.sap.engine.services.security.roles.SecurityRoleImpl#sap.com/irj#com.sap.engine.services.security.roles.SecurityRoleImpl#Guest#2127####46ce8210aefd11dcc68f0018714e4a14#Thread[Thread-59,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error#1#/System/Security/Audit/J2EE#Java###: Authorization check for caller assignment to J2EE security role [ :
Any idea about it?
Thanks friendsHi Holger,
Thanks for the tip, it could be the case, I just checked and we are on Patch 0 for JEECOR as you can see here below:
sap.com/SAP-JEECOR 7.00 SP13 (1000.7.00.13.0.20070907082334) 20071028144036
sap.com/SAP-JEE 7.00 SP13 (1000.7.00.13.2.20071026143730) 20071203150628
Will inform some people internally to patch to atleast 3 to check if it still occures.
Anyway, Thanks again..
Benjamin Houttuin -
Error :Authorization check for caller assignment to J2EE security role whil
Hi Experts,
i m working as a portal resource .
after the deployment of standered Sap e-rec package .
i m getting some error. i have assigned the recruiter role to one test user.
Now i m getting two issue:
1)All the services are appearing in Detailed Navigation Pannel but not in Portal content area..
2) I m able to see few iview for the test user but those are also in detailed navigation view.
And few ivews are giving following error :
i)Internal error
ii)error 2011-12-19 07:59:57:315 ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
/System/Security/Audit/J2EE com.sap.engine.services.security.roles.audit n/a EP-DEV-KRT Server 0 0_97989
Full Message Text
ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [sap.com/com.sap.lcr*sld : LcrInstanceWriterNR] referencing J2EE security role [SAP-J2EE-Engine : administrators].
please suggest what can be done or what is pending from my side.Prajakta2602 wrote:
Hi Experts,
>
> the previous issue got solved..
> it was due to servies pack miss match and applying notes
> the Basis guy checked the SLD logs and accordingly found that the base components J2EECORE and JTECHS required paching as per
> notes 1445294 and 1175239 were applied.
> now the issue is:
>
>
> After implemetation and i assigning the standerd sap roles
> 1)Recruiter Administrator
> 2)Recruiter
> to the test user .
> but for few iview it is showing error as in
> 1) you are not a authorized user
> 2) internal error
>
> please help experts.
>
> i m working on portal side have i to assign any role to that test user..
>
>
> Thnaks & Regards,
> Prajakta
You can run a quick check using the below steps:
1. Check in backend whether there is any authorisation errors... you may use transactions SU53 or ST22 for any ABAP errors
2. Also check in NWA -> log viewer -> last 24 hours log for the particular user to see any java related issues.
Regards,
Mahesh
Maybe you are looking for
-
I just upgraded to Mavericks. How can I get the Notes that were in my mailbox?
Previously, before I upgraded, my mailbox had a function to create notes. They were marked with a yellow tab, like a sticky note and appeared in my inbox. Now that I have upgraded, they are nowhere to be found. Is there a way to get them?
-
Any tutorials on how to make or edit tetxure images for 3d modeling?
wondering if anybody knew where some tutorials are on this. when I crop an image say for an example a plank image even though the result ion is over 1k it still looks unclear. see how the one furniture image (2048 x 2048 ) looks clear compared to a c
-
I seem to have lost the search bar on my safari homepage. How do I get it back?
Somehow I have lost the search bar from my safari homepage, which is the apple homepage. How do I get it back?
-
A particular form hangs while saving in Oracle Apps 11.5.10.2
Hi Friends, I am using Oracle Apps 11.5.10.2 on Linux. In a custom Responsibilty ,In a particular form after entering the valuses when i give confirm button the application forms hangs for a long time without saving the values. Please let me know the
-
Itunes Type Software For The Fascinate
Is there an itunes type software to install on a computer for the Fascinate? I'm looking for something that will do the same thing as itunes, backing up apps, music etc.