SM30/SM31 and SE16 access in Production systems - Confusion

Similar Messages

• Query developement and se16 access on productive system

  Hi,
  we are setting up an authorization concept on ERP2004s and our users asking for query development rights and se16 on our productive system. I think queries and se16 should be on the test system due to security reasons. Please post some feedback how do you think about it!? I think queries should be developed on the test system and transported.
  Thank you in advance!
  Best regards
  Frank

  Hi Frank,
  I dont think that you can give access to writing a quaery in production system.
  writing a query also need access to:
  Transaction Code:  SE16
  Authorization object:  S_TABU_DIS
  Activity:  02 AND 03
  Risk: The risk here is that users who have this access, have the ability to maintain table data directly in the production system.  This includes transactional, masterfile, security and configuration data.
  Hope it is useful.
  Please award points if it is useful.
  Thanks & Regards,
  Santosh

• Groups having which folders and universe access in a System

  Hi All,
  I have requirement as need to fetch data each group having access to which folders and which universe (if any).Can anyone assists me to write q query for the same.
  For Example :
  One group having access to which reporting folders and which universes.As our system has nearly 150 groups and more than 500 groups and many universe. Manually giving access of each group and checking the access from infoview is TDS Task.
  Thanks in advance,
  Sambasiva

  Although, I suppose it'd be better off to just get a 570 at that point. The price would be about the same and would perform up to par with the 6870, while having CUDA/Folding support. Still curious if it's possible.

• Changing Solution manager landscape and having a Virtual production system

  We have a 2 line landscape like this
  Line1: DEV1 - QAS1 - PROD1
  Line2: DEV2 - QAS2 - VirtualPROD.  
  During our golive pahse the QAS1 in Line1 will be replaced by the QAS2 in Line2 and Lin 2 will be on hold for a while.
  My questions,
  1) does any one have any experience in topic?, on how to change the system landscape without closing any tasklist/maintenance cycle or project.
  2) We have some problems with logging on to QAS system from the change request when having a virtual production system, it works fine from the tasklist.
  Unfortunalty we can't see anything in the log.
  3)When having multiple QAS systems in one Line , how can the import the change to the second QAS system be handled when using urgent correction since only one QAS is in the task list the one which feeds the production system. (Urgent correction always uses the shortest path to production)
  Comments, references and all else is valuable.
  br
  patrik

  Question #2
  Apperently does the system check for a connection to the production system and since it's virtual there is no rfc , so would it be possible to create an rfc to a virtual system?

• FICO and SPRO access in development system

  hi security admins,
  i am a security consultant. now i am in development system. i want to give FICO access and SPRO access( only fico nodes should be authorised to access, others nodes should not authorised ) in development system. please suggest and tell me the procedure for restricting specific access.
  regards
  ramesh

  >
  Dimitri van Heumen wrote:
  > using search will give you useful topics such as [this one|Trace File|UTFS]
  Dimitri,
  That one links me to a thread about trace files..... or am I missing something here?

• IDX2 and Idoc metadata in production system

  As explained my Michal & SAP note - 767091, I ran program IDX_GET_CONFIG in production, pointed rfc dest to source where the config is located. It loaded the data but the metadata in the tables are pointing to the XI development (DEV) target system port and not production (PRD)landscape....meaning
  XI0 sending data to SAPDEV port
  XC0 sending data to SAPTST port
  XP0 sending Idoc data to SAPPRD port
  Now all my entries in xp0 is pointing to SAPDEV port
  How do I fix this. I don't want to create a SAPPRD port in XI0 and load metadata from SAPPRD into Xi0...its would not be SOX complaint.
  IDoc Adapter: Configuration Data Transfer
         17 Entries for table  IDXSLOAD
          0 Entries for table  IDXIDOCINB
          1 Entries for table  IDXNOALE
          0 Entries for table  IDXQUEUE
          9 Entries for table  IDXPORSM59
        492 Entries for table  IDXIDOCSYN
  Please Help!
       4470 Entries for table  IDXEDSAPPL
        636 Entries for table  IDXEDISDEF

  hi,
  just like I said you need to do it manually
  I gave you note 767091 just to consider
  (the note is for system copy not for DEV-PRD)
  also Naveen told you the same
  you only need to be <b>careful</b> and <b>read</b> what we write
  now just delete IDX1 entries in PRD and create new
  manually - just like we said
  Regards,
  michal

• Backup and Recovery procedures for production system

  I am trying to decide and test a best backup/recovery approach for our DBXML database in the production environment. Right now I am trying to go through the documentation.
  http://www.oracle.com/technology/documentation/berkeley-db/db/gsg_txn/CXX/filemanagement.html
  What is the best option among offline, hot and incremental backups?
  I am thinking of implementing incremental backups.
  What are the constraints in implementing incremental backups? Is there a detailed step by step example to do this?
  Can I test the backup and recovery procedures by copying the db files and log files from Linux (production) environment to my local machine (Windows XP)? I see only one log.00000000xx file in production and staging environments. It is of same size 52428800 in all our environments (both production and staging) at this point of time.
  What is __db.001 file? What is the significance of this file in backup and recovery procedures?
  A detailed input with example is greatly appreciated.
  Thanks in advancs

  Raghu,
  A couple of points, up front:
  1. the __db* files are the environment (cache, locks, various shared memory regions), and are not part of backup, other than the fact that you need to checkpoint or otherwise flush your cache to your database(s) for a full backup.
  2. log files are not architecture-neutral. That is you can't use a log file created on linux and just use it safely on another hardware platform. It's OK to copy them around, but they can only be used on the same architecture that created them. Database files (containers) are entirely portable among hardware and operating system platforms.
  I don't know of a step-by-step cookbook for backups. This is because of the variations among application needs. However, the procedures described on this page are pretty straightforward:
  http://www.oracle.com/technology/documentation/berkeley-db/db/gsg_txn/CXX/backuprestore.html
  I'm not sure what you mean by "constraints" on incremental backups. The only constraint is that you need to have a full backup first, or you won't be able to recover properly. Based on what I said above, the other constraint is that you'll only be able to recover on a machine of the same architecture as the one that created the log files.
  As for testing, you can certainly copy your database and log files to your Windows machine, treating Windows as an offline backup. If you want to test recovery, you need to copy the files back to Linux. You'll start seeing additional log files when your log data starts to exceed the configured log file size.
  Let me know if you need more clarification,
  Regards,
  George

• Lock on Portion and MRU in Production System

  Can anyone explain why is there a lock on MRU and Portion in the production system but not in development? Can it be removed?

  Hi Kunal,
  The lock will appear in production system only as the standard logic checks for production client before showing up the lock.
  ============================
  CHECK g_clnt_prod = 'P'.
  ============================
  Lock Icon on Portion:
  Following two FMs are used to determine whether the locked icon is to be displayed or not
  ISU_DB_EVER_FIND_CONT_FOR_PORT,
  ISU_DB_TE422_FIND_MRU_FOR_PORT
  Simply put forward, if portion is being used  for an ISU contract(EVER) or is associated with any MRU(TE422) lock icon will be displayed.
  Lock Icon on MRU
  It check in table EANLH(Install.Time Slice) with the following condition bis >= sy-datum AND ableinh = te422-termschl.If record is found, then the lock icon is displayed.
  Simply put forward, if MRU is being used up in any ISU installation as on system date, the MRU lock will be displayed.
  About, removing the icons, it checks for business function  ISU_UTIL_1 to be active for the system. If not, the lock is not displayed in production environment .
  I hope, this clarifies you doubt.
  Thanks,
  Ritesh

• Sapstar user is accessing in production

  Hi Gurus,
  i am facing one issue with sap* user.
  when i restart sap system while restarting sap system sap* user is accessing(login) in the background.
  i have checked system log that time it is accessed by background work process with standard sap program. but it is not happening in quality system.
  It is updating last logon date in SUIM and SAP Auditors asking questions as why sap* accessed in production system?
  now i have activated security audit log for sap* user to get more information.
  could you please tell me why sap* is accessing at the time of sap system restart?
  how to cancel this sap* login?
  Thanks in advance,
  Venkat

  Hi Venkat,
  Login to production system . go to Tcode SM37 --> put * in Job name field and User name as sap*  --> all the job status to be considered (checked) --> then search. (put future dates for getting released copy)
  Ideally , there has to be SAP batch job in released status under SAP* user and you need to change it to ther SAPBATCH user to avoid its usage.
  Regards,
  Edited by: Rupali B on Feb 27, 2012 8:27 PM

• Logical System Change for Production System

  Hi experts
  We have new CRM and BI project.  Logical System name of our ERP production system is not in naming standart. So we want to change logical system name and run BDLS in production system.
  Is there any risk about this prosedure?
  Best Regards...

  Hi,
  It is not advisable to change the logical system in production client once its assigned.
  Regards,
  Nisit

• XI inbound queues status "RETRY" in a new XI Production system

  Hi
  All the queues (XBT00* AND XBT02*) in XI Production system are not moving. Status is "Retry" all the time. The system is idle. Do you know what is happening here?
  I also see the following error in the queue:
  Command to tRFC/qRFC: Execute LUW again
  Also, lot of errors (below) in the system log (SM21):
  XIRWBUSER - Communication Error CPIC return code 027
  XIAPPLUSER - Perform rollback
  Any ideas?
  Regards
  Chandu

  Hi,
  When any message is sent from any other system to XI, the Inbound queue in XI is processed in the following way,
  1) AI_RUNTIME_JCOSERVER connects to the Java stack to execute the registered program AI_RUNTIME_<SID>.
  2) When this connection is fine, then the queue is processed without any issues.
  Now incase of Production system, which most likely to be a cluster system will fail because you'll find that AI_RUNTIME_JCOSERVER connection test fails, when you turn off one node. The reason being in visual administrator the JCo RFC Provider for the server nodes have not been maintained.
  Solution:
  Login to visual administrator, select the service JCo RFC Provider for both the nodes and set the value accordingly.
  Ex:
  SAP Cluster Virtual Name: XICLSTPROD
  Hostname1: XIPROD1
  Hostname2: XIPROD2
  SID: XIP
  CLIENT: 100
  Instance No: 02
  Values for Node1:
  Program Id: AI_RUNTIME_XIP
  Gateway host: XIPROD1
  Gateway service: sapgw02
  Server count: 20
  Application Server host: XICLSTPROD
  System number: 02
  Client: 100
  Language: EN
  User: PI_JCO_RFC
  Password: ***********
  Values for Node2:
  Program Id: AI_RUNTIME_XIP
  Gateway host: XIPROD2
  Gateway service: sapgw02
  Server count: 20
  Application Server host: XICLSTPROD
  System number: 02
  Client: 100
  Language: EN
  User: PI_JCO_RFC
  Password: ***********
  Change in the similar way for the other Programs registered.
  This should resovle the RETRY issue in Inbound queue.
  Hope this piece of information really helps.
  Regards,
  Kamesh

• Help needed on movement of transports between two production systems

  Hi All,    
  Our client is implementing SAP in US and Europe and it has separate production systems for both. It already went live in US and now started SAP implementation for Europe. They wanted to leverage the development & configuration done for US in Europe implementation and have taken the copy of US development box and started building on that. For Europe, they identified few changes to the existing custom objects from US,  few objects from US which are not required and also brand new objects. Going forward, they also decided to import all the defect fixes and changes from US into Europe system on a regular basis(monthly).
        If anybody has experience in an environment like above, please let us know the pros and cons with the approach highlighted above.

  Differentiate thru trasports requests and move the correspoding cofiles and Data files in required system and import as suggested earlier.
  Thanks

• Delting Objects from production system

  Hello All,
  I need to delete some of the Infoobjects,ODS and Infocubes from my Production system.
  for e.g:
  We have Inserted infoobject ZXX as data target,so it is available under infoprovider.
  For this,we have update rules ZYYY.
  In the Infoprovider tab: I right click on the Infoobject ZXX and selected the "Remove Infoobject as data target option".So update rules and the infoobjects were removed from the Infoprovider tab.
  Also I deleted the infosource ZYYY.
  While deleting the Infoobject ZXX from the Infoobject tab,it says "the update rules ZYYY still exists and hence cannot delete the data"
  Please let me know,how can i delelt the Infoobject and the update rules.
  Any help will be appreciated.

  Hi,
  Make sure that you are having prober authorizations to delete the objects. If you have, try to log on again. Also Check for Data flow upward objects from this object.
  Edited by: P. Saravana Kumar on Apr 1, 2009 6:01 PM

• Minimum Trusted RFC's for productive system

  Hi!
  We have very strict requirements dealing with set up of Trusted RFC for productive system for ChaRM approach in SOLMAN.
  Can some one tell me which Trusted RFC's and users for the productive system do I need?
  a) Trusted RFC is not mandatory for the productive system
  b) Trusted RFC only in productive system, client: 000, users: 1 communication user and 1Dialog user
  c) Trusted RFC in productive system for  each client with users...
  Thank you very much!
  H. Thomasson

  Create the function modules in SE37 and set the remote-enabled flag in the attributes section. Then import them into XI.
  Create a custom Z table through SE11 on each system to store any data, and the code in each function module would reference it. (Either that or just hard-code everything)
  In short yes it can be done through SE37, no you don't need SE38.
  I think you're talking about function groups which is a container for the function module. You can do everything through SE37 if you use the Goto->Function Groups-> Create Group option and give it the same name as your Function Module.

• How to Deploy OOB Webparts created in Sharepoint 2010 designer to production system

  Hi,
  Can anyone help me the process of deploying the OOB Webparts developed in Sharepoint 2010 designer to Production Server.
  Actually i developed some OOB Webparts and Workflow using Sharepoint 2010 designer.
  So, i want to move these OOB Webparts and Workflow to my Production System.
  Please assist me what is the process?
  Rama

  Hi,
  Thanks for posting your query, 
  There are a lot of mechanisms for doing this, but doing a simple export from your dev environment and then an import into your prod environment is probably a good place to start. You can move the whole site or just a list/library. You can do it via PowerShell
  or Central Admin:
  Export:
  http://technet.microsoft.com/en-us/library/ee428301.aspx
  Import:
  http://technet.microsoft.com/en-us/library/ee428322.aspx
  I hope this is helpful to you. Please mark it as
  Answered. If this works
  Regards,
  Dharmendra Singh (MCPD-EA | MCTS )
  Blog : http://sharepoint-community.net/profile/DharmendraSingh