Service Type User ids

Dear SAP Security Gurus,
We use service user type for test user ids in our test (Q) system. Since service ids can have multiple logins, can you help us know that how many users can login with a service id at the same time?
Thanks,
Karthik.

Folks ... My response is structured as :first Licenicing and then Service user :
Karthik was mentioning ablout the Q system ..Are  users on the Q system charded as well ..yes a non commital answer is " it depends on the agreement "!! As I understand in my very very limited experience that the user count and licensing is done on the PRod system. here again I can be wrong..as very often I am!
Now on service users !!
Dear Karthik ...as it was pointed out...why do you need service user in Q ?? how can you log the changes ?? the results will be cumbersome to evaluate
User A will use test case 1 /User 2 test case 3 /  now for example you have an auth issue  which  ID will the security admin trace  ? as User A & User B both use the same ID !!  -- hope it sclear ..please use Dialogs and help your security admin !!

Similar Messages

  • Issue in Shared Services with corp user IDs

    Hi,
    I am facing an issue with corp user IDs in Shared Services. The issue is that I am able to add corp user IDs to a group but I am not able to remove some of them from the group for some reason especially those corp user IDs that were added few weeks or months ago.
    What I noticed is if I add a corp user ID today and try to remove it today itself it is letting me do it but those corp IDs that I added to the group weeks before it is not letting me remove them. I tried to push the corp user ID from right hand side to the left hand side and then saved the changes. It shows the message that the group has been modified but when I go back again and check in the group I find the user there on the right side where it shows all user members. Not sure why this is happening.
    Any ideas on this? Please do share your inputs.
    Thank you.
    ~ Adella

    Hello Mehmet,
    Thank you so much for your response.
    Well, I think I tried at both the places yet I am facing the same issue. If I add any corp user now and immediately take it off in minutes it lets me do it. But if I try to take out a user who was added to the group weeks ago it is just not letting me do it. It does give the messages that the gourp has been modified but when I come back again and look at the group its there.
    Its weird and I am not sure whats going wrong. Is it some kind of a bug?
    ~ Adella

  • User does not have access to the Cloud Service Type

    Where do it edit the access the the user? How do i fix this problem?
    "messages" :
    "hint" : "User 'DBAAS' does not have access to the Cloud Service Type 'dbaas' resource interaction with method 'POST' on accept type 'application/oracle.com.cloud.common.DbPlatformInstance' and content type 'text/plain'" ,
    "stack_trace" : "oracle.sysman.emInternalSDK.ssa.cloudapi.CloudSecurityException: User 'DBAAS' does not have access to the Cloud Service Type 'dbaas' resource interaction with method 'POST' on accept type 'application/oracle.com.cloud.common.DbPlatformInstance' and content type 'text/plain'\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.routeToServiceType(EMCloudServlet.java:180)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.perform(EMCloudServlet.java:235)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.performPost(EMCloudServlet.java:385)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.rest.AbstractRestServlet.doPost(AbstractRestServlet.java:137)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:727)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:820)\n\tat weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)\n\tat weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)" ,
    "text" : "Could not route to the Cloud Service Type 'dbaas'. The exception stack trace should provide some information about the reason of the failure" ,
    "date" : "2012-12-04T12:27:11+0000"
    }

    I'm trying to create a new DbPlatformInstance using the EM12c Cloud API but i keep getting an error "User 'DBAAS' does not have access to the Cloud Service Type 'dbaas' resource interaction with method 'POST' on accept type 'application/oracle.com.cloud.common.DbPlatformInstance'
    Below are the request and response.
    REQUEST:
    POST /em/cloud/dbzone/D7EEE339C1249F83FC4587C722EB20B5
    Authorization: Basic xxxxxxxxxx
    Content-Type: application/oracle.com.cloud.common.DbPlatformInstance+json
    Accept: application/oracle.com.cloud.common.DbPlatformInstance +json
         "name" : "Database 11.2.0.3.0 Instance for SSA_USER_1",
         "description" : "Instance 2 of Oracle Database 11.2.0.1.0" ,
         "based_on" : "/em/cloud/dbplatformtemplate/B59EDC65951039E8E040E50A8F5B0435",
         "params" : { "username": "xxx", "password" : "yyy" }
    RESPONSE:
    Response Headers:
    Status Code: 403 Forbidden
    Connection: Keep-Alive
    Content-Language: en,en-us
    Content-Type: application/oracle.com.cloud.common.Messages+json; charset=ISO-8859-1
    Date: Tue, 04 Dec 2012 14:38:08 GMT
    Keep-Alive: timeout=5, max=100
    Server: Oracle-Application-Server-11g
    Set-Cookie: ORA_SMP_EM_AUTH_-4568676491231894381=52W7Q2KQ5w5FTn8MQYrZ3Hqp5QnqBLkNwVKvHSS728pMzyQpxJpd!352643837; path=/em; secure; H ttpOnly
    Transfer-Encoding: chunked
    X-ORCL-EMOA: true
    X-Oracle-DMS-ECID: 004o0VGXIE08XrqpKK4Eye0001P_00009q
    X-Powered-By: Servlet/2.5 JSP/2.1
    x-specification-version
    Response Body:
    "messages" :
    "hint" : "User 'DBAAS' does not have access to the Cloud Service Type 'dbaas' resource interaction with method 'POST' on accept type 'application/oracle.com.cloud.common.DbPlatformInstance' and content type 'text/plain'" ,
    "stack_trace" : "oracle.sysman.emInternalSDK.ssa.cloudapi.CloudSecurityException: User 'DBAAS' does not have access to the Cloud Service Type 'dbaas' resource interaction with method 'POST' on accept type 'application/oracle.com.cloud.common.DbPlatformInstance' and content type 'text/plain'\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.routeToServiceType(EMCloudServlet.java:180)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.perform(EMCloudServlet.java:235)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.EMCloudServlet.performPost(EMCloudServlet.java:385)\n\tat oracle.sysman.emInternalSDK.ssa.cloudapi.rest.AbstractRestServlet.doPost(AbstractRestServlet.java:137)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:727)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:820)\n\tat weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)\n\tat weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)" ,
    "text" : "Could not route to the Cloud Service Type 'dbaas'. The exception stack trace should provide some information about the reason of the failure" ,
    "date" : "2012-12-04T14:38:09+0000"
    }

  • FV50 Editing Option all user IDs Documnet type Mass changes .

    Dear All
          My requirement is i have 100 user IDs . we need to change in Park document t-Code FV50 and dispaly Document type in screen . But every user id open and change Editing Option and select __Document type ready to inpurt__ is long practice . Please give advice me for Mass changes or any varient for same .
    Regards
    Purushottam

    Yes, you can do mass change to accounting editing options of several users at a time with the help of your BASIS consultant.
    Go to SU10
    Enter all of your user names
    Select all
    choose change button
    Parameters Tab
    Add Parameter FO3
    Enter parameter value as ' 2'
    SAVE
    Choose YES
    Note: your parameter value SPACE+2 (' 2')
    Done

  • User IDs in adapters - XI Proxy, RFC

    Hi mates,
    I've created receiver adapters of type XI and RFC for an SAP R/3 business system. In these adapter parameters, what is the <b>ideal</b> user ID that needs to be specified? Should it be a service user id or dialog user id? What should be the optimal authorizations for it.
    At the moment, I've specified my own user id and the adapters are working successfully. But, I foresee an issue with this method as I would be required to change the password at regular intervals.
    What are the best practices regd the user ids in adapters? Please share your experiences.
    I appreciate your inputs.
    thx in adv
    praveen

    Hi Praveen,
    I would suggest the use of a user of type "Communications" and have SAP_ALL assigned....
    a user of type "Service" still has dialgo access whihc i donot think you would want...
    pls see the types of users and their help...
    User Type
    Dialog 'A'
    A normal dialog user is used by one person only for all types of logon.
    During a dialog logon, the system checks for expired and initial passwords and provides an option to change the password.
    Multiple dialog logons are checked and logged if necessary.
    System 'B'
    You use a user of type System for communication without dialog within one system (for RFC or CPIC service users) or for background processing within one system.
    Dialog logon is not possible.
    A user of this type is excluded from the general settings for password validity. Only the user administrator can change the password using transaction SU01 (Goto -> Change Password).
    Communication 'C'
    You use a user of type Communication for communication without dialog between systems (for RFC or CPIC service users for various applications, for example, ALE, Workflow, TMS, CUA).
    Dialog logon is not possible.
    Service 'S'
    A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations.
    For example, service users are used for anonymous system access via an ITS service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user.
    During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password.
    Multiple logon is allowed.
    Reference 'L'
    Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorization. Reference users are implemented to equip Internet users with identical authorizations.
    On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the application controls the allocation of reference users. You can allocate the name of the reference user using variables. The variables should begin with "$". You assign variables to reference users in transaction SU_REFUSERVARIABLE.
    This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.
    Thanks,
    Renjith.

  • Automatic Creation of User IDs

    Does anyone know of a standard SAP report/program that will generate User IDs for personnel records? I have a requirement to define a procedure that will review personel numbers to determine whether or not that personel number has an ID assigned to it. If it does not, then the report/program will generate an ID according to a particular naming convention. And of course, this report/program would assign the correct roles according to the position defined.
    I know that there are reports/programs that will update a user's access as he/she moves from position to position. I am hoping for one that will assist in the ID creation process.
    Maybe this is wishfull thinking on my part....
    I await your reponses!

    Sounds like you want to implement your own ESS (Employee Self-Service) application ...
    Before doing so, it might be advisable to check on what is already available.
    The Business Partner concept is a more general concept (only only restricted to "employees" and "applicants" but also applicable on "customers", "resellers", etc.) which also allows to assign logon data to "business entities".
    So, it would be helpful to know what you actually intend to achieve.
    Cheers, Wolfgang

  • Short dump using CS_BOM_EXPL_MAT_V2 with different user ids

    Hi
    We are getting a short dump in our program when using FM'CS_BOM_EXPL_MAT_V2' and this is happening only for super user roles but not with regular user ids in production. We are not able to identify the solution yet, and it needs to be resolved as quickly as possible. Anyhelp, really appreciated.
    Thanks
    Anil
    Here is our code:
      CALL FUNCTION 'CS_BOM_EXPL_MAT_V2'
        EXPORTING
          aumgb                 = 'X'
          capid                 = 'PP01'
          datuv                 = p_valfrm
          ehndl                 = '1'
          emeng                 = 1
          mbwls                 = ' '
          mehrs                 = 'X'
          mmory                 = '1'
          mtnrv                 = p_matnr
          stlal                 = p_stlal
          stlan                 = p_stlan
          werks                 = p_werks
        TABLES
          stb                   = i_stb
          matcat                = i_matcat
        EXCEPTIONS
          alt_not_found         = 1
          call_invalid          = 2
          material_not_found    = 3
          missing_authorization = 4
          no_bom_found          = 5
          no_plant_data         = 6
          no_suitable_bom_found = 7
          conversion_error      = 8
          OTHERS                = 9.
      IF sy-subrc <> 0.
        MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
                WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
      ENDIF.

    Hi senthil,
    1. I suppose u want to explode the BOM.
    2. CS_BOM_EXPLOSION
       use the above FM
       in the below mentioned fashion.
    3.
      CALL FUNCTION 'CS_BOM_EXPLOSION'
       EXPORTING
       capid                       = 'PP01'
       emeng                       = bmeng
       datuv                       = sy-datum
       mtnrv                       = matnr
       stlan                       = '1'
         werks                       =  werks
         mehrs = 'X'
    IMPORTING
      TOPEQUI                     =
      TOPMAT                      =
      TOPTPL                      =
      DSTST                       =
        TABLES
          stbd                        = stbd
          stbe                        = stbe
          stbk                        = stbk
          stbm                        = stbm
          stbp                        = stbp
          stbt                        = stbt
    EXCEPTIONS
       alt_not_found               = 1
       call_invalid                = 2
       missing_authorization       = 3
       no_bom_found                = 4
       no_plant_data               = 5
       no_suitable_bom_found       = 6
       object_not_found            = 7
       conversion_error            = 8
       OTHERS                      = 9
    regards,
    amit m.

  • Essbase - Shared Services - Maxl - User creation

    Hi,
    I have an issue looking similar to [Automating User/Group creation & Assigning filters in Shared Services|http://forums.oracle.com/forums/thread.jspa?threadID=1009127]
    When trying to add internal groups to an external MSAD user, I get following messages:
    h3. when adding a group to an external user:
    h6. alter user 'x29027' add 'GR_GROUP';
    Maxl returns:
    h6. Statement executed with warnings.
    h6. User x29027 does not exist
    => the system does not recognize the user
    h3. when trying to create this user first as an internal user
    (based the settings from on another external user)
    h6. create or replace user 'x29027' identified by 'password' as 'i09740';
    Maxl returns:
    h6. Statement executed with warnings.
    h6. A user/group with the same name (x29027) exist at Shared Services
    => the system does recognize the user in MSAD!
    ===> both statements seem to be contradictory!!!
    h3. Other remarks/thoughts:
    - we have two MSAD links (to two different domains), does this matter?
    - no difference when addressing users as x29027@MSAD_FIB (a syntax similar to the HSS security report output)
    - any possibilities in creating a user internally first (using the 'as' option; to copy settings from another user) and then moving to external? (like alter user 'Test_EDR4' set type external;)
    Thanks in advance
    Erik
    Environment: Essbase 9.3.1.3. with Shared Services

    Hi Erik,
    When you create an user in Essbase, the user will be created both in Essbase as well as Shared Service,
    where as when you create an user in Shared service, the user will not be created in essbase untill you perform refresh.
    In your case you can create the external user in Essasbe by using "Create user 'x29027' type external;'.
    By this you will be creating the user in Essbase and the particular user is recognised in Essbase.
    Now you can add him to any group.
    - Krish

  • Service-Type problem on WLC5508 + Freeradius

    Hi all,
    I'm trying to set up the Management Auth process on my WLC5508 using a Freeradius/Ldap Server.
    Auth process through Web management console is working fine except the fact all users are affected in the "Monitor" role.
    I have set up the Service-Type attribut to Administrative in my LDAP Server, but the radius server log me the following error :
    Thu Oct 20 10:04:41 2011 : Error:   [ldap] Failed to create the pair: Unknown value Administrative for attribute Service-Type
    Thu Oct 20 10:04:41 2011 : Auth: Login OK: [test/test] (from client IBL-WLC port 0)
    In the ldap.attrs file on my radius server I have the following associations :
    replyItem       Service-Type                    radiusServiceType
    replyItem       Tunnel-Type                     radiusTunnelType
    replyItem       Tunnel-Medium-Type         radiusTunnelMediumType
    replyItem       Tunnel-Private-Group-Id     radiusTunnelPrivateGroupId
    Note that Freeradius/Ldap configuration work fine for authenticating wireless clients.
    If someone could help me, It would be great
    Thanks

    Extremely old ticket, but I had the same issue so here is the solution I found:
    Service-Type needs to be "Administrative-User" (See RFC 2865 and check what your FreeRadius dictionary is using).
    wolverine       Auth-Type := LDAP, Huntgroup-Name == "wifi"
                         Cisco-AVPair += "NCS:virtual-domain0=ROOT-DOMAIN",
                         Cisco-AVPair += "NCS:role0=Root",
                         Service-Type = Administrative-User,
                         Fall-Through = Yes
    Service-Type = Administrative-User gives admin to WLC.
    The 2 Cisco-AVPair grant admin privs to Prime.

  • Is it possible to set the IMB Service Type Identifier on a per record basis

    From not doing any research, it looks like Presort applies the IMB Service Type Identifier to all records in the output file. Does anyone know if it's possibly to specify different Service Type Identifiers within the same Presort job?
    In my specific example I want to enable OneCode Confirm on specific records within the presort job, but not all records within the presort job.

    Hi Jay,
    You are not restricted to a single Service Type ID for every record in a job.  By using the PW.SRVC_Type input field, it is possible to assign different Service Type IDs to your records.
    Here's a more indepth how-to from our knowledge base:
    https://service.sap.com/sap/support/notes/1462718
    Thank you,
    Brandon Law

  • AAA/AUTHOR/LCP: Unsupported Service-Type: 3. No supported types found

    Hi all,
    a customer is using NAS to dial-out downloading profiles from a ACS server. The authentication succeeded, but the authorization fails and display the error: AAA/AUTHOR/LCP: Unsupported Service-Type: 3. No supported types found
    Configuration in ACS is a simple user with a callback number that ACS uses to dial-out, the config of dialer is the following:
    aaa authorization exec default local if-authenticated
    aaa authorization network DIAL_IN group radius
    aaa authorization configuration default group radius
    aaa accounting network DIAL_IN start-stop group radius
    interface Dialer1
    ip unnumbered FastEthernet0/0
    encapsulation ppp
    load-interval 30
    dialer in-band
    dialer aaa
    dialer-group 1
    no peer default ip address
    no cdp enable
    ppp authentication ms-chap-v2 callin DIAL_IN
    ppp authorization DIAL_IN
    ppp accounting DIAL_IN
    ppp eap refuse
    ppp chap refuse
    ppp ms-chap refuse
    ppp ms-chap-v2 refuse
    ppp pap sent-username NAS-OUT password 0 cisco
    ppp multilink
    Any ideas about what could be wrong?
    Best Regards
    Roberto

    on the ACS server do you have the service type[006] set to login instead of framed

  • How to create approval for service type document

    Hello,
    I am trying to create a Approval Query wherein if a Patricular User creates a SERVICE Type AP Invoice then it should go for approval.
    I used the query :
    SELECT distinct 'TRUE' FROM OPCH T0 INNER JOIN PCH1 T1 ON T0.[DocEntry] = T1.[DocEntry] WHERE T0.[DocType] ='S'
    But the problem is that when the above user is making ITEM Type AP Invoice then also its going for approval.
    Please advise.
    Kind Regards,
    Ravi

    Hi,
    Please find below the query :
    SELECT distinct' true' FROM OPCH T0  INNER JOIN OUSR T1 ON T0.UserSign = T1.USERID WHERE $[$3.0.0] = 'S' and  $[user] = '9'
    This user 9 was taken from OUSR table.
    Regards,
    Ravi

  • How to obtain list of user ids base on licensedata assigned?

    Hello all,
    I would like to generate user list base on the licensedata assigned to the user ids (we want to know how many users for each of the license data we assigned to the users), how do i do that? Can please provide me a clear steps to perform the action mentioned? Your help/replies are very much appreciated!
    Thank you.
    regards,
    wei how

    Hi,
    If you have maintained the contractual user type in SU01 for all users then you can go to usmm> user measurement there you will be able to see the user with the license type assigned.
    If contractual user is not maintained in SU01 it will show as TEST user in default in usmm user measurement.
    Thanks & Regards,
    Balaji.S

  • I was told by the Apple store to create multiple user ids to control the content on my iphone. I did that and now I cannot find my original library with all of my playlists

    I was told by the Apple store to create separate user ids on my windows computer to create a new library to control the content on my iphone. I held down shift and clicked i tunes and created the library. I was told you can switch back and forth. I cannot find the old library and all of my playlists. Apple really needs a better way for families to manage their libraries and devices. This is such a pain in the butt!

    No, as I stated in the post this is the first issue we've had with the phone. No, this was not a replacement phone, this is the same phone I bought from the apple store in December and had not been serviced by anyone, it did not have any issues until last week.

  • Fetch all portal "user ids" belonging to perticular portal "group"

    Hi
    Is it possible to fetch all portal "user ids" belonging to perticular portal "group" ?
    Please Guide me to achive it !!
    Thanks & regards
    PK

    Perhaps this question would be better suited to the Portal Forum as it doesn't seem directly related to Web Dynpro ABAP. The WD Specific portal APIs only deal with navigation and eventing.  You would have to ask someone from Portal to see if they have a Web Service that exposes such information.

Maybe you are looking for

  • WRT160N as Access point

    Hey all, The library 2 buildings away (my house, neighbors house, library) has free public wifi. They have a 3com N wireless router. I can only get a signal if I build a cantenna. Now, I am looking to take that signal and enhance it so all wireless c

  • Root Password Recovery Question

    Hello all, I have a question regarding root password recovery in Solaris 10. The Server is a Sun Fire T1000; it has no CD-Rom drive, as well as no USB ports. One of our data architects who is the main user of this server has locked himself out of roo

  • Country not listed in iTunes

    I am living in Monaco and unable to sign up to iTunes as Monaco is not listed as a country. France does not work as I get an error when entering the credit card information as it is a Monaco card. Any suggestions? Cheers, Klaus

  • Mac os 9 CD (french) for powerbook

    Hi. I would like to know if i can order a os 9 CD in french for my powerbook g4 12 inches. There was no os 9 CD include with the computer, and I really need it to run my old bill software. Can we order it at Apple Store? I can't find it. Thanks. Jiel

  • Carte sim pas valable? quoi faire

    Carte sim pas valable? quoi faire