SOAP Sender Authentication - What user authorizations are required in XI?

Similar Messages

• What User authorization objects needed for connecting to SAP from xMII?

  We eneter a SAP user and password for connecting to SAP from xMII to retrieve the metadata of the incoming IDocs.
  When I specify a user with SAP_ALL user profiles, the IDocs are received properly in xMII. If I specify a user with privileges to run only certain transactions, IDocs are not received in xMII.
  What user authorization objects are needed for this user to connect to SAP from xMII?
  Thanks,
  Sara

  Sam,
  I turned on the SAP System trace for this user and figured out the following auth. objects are required for receiving IDocs in xMII:
  C_TCLA_BKA
  S_RFC
  S_CTS_ADMI
  B_ALE_MAST
  S_IDOCDEFT
  The following auth. object is required for making JCO call to SAP from xMII:
  C_AFRU_AWK
  Thanks,
  Sara

• What SAP modules are required for insuance sector

  what SAP modules are required for insuance sector

  Hi,
  Following authorizations are required to be able to use all the functions of Support Package Manager:
  S_CTS_ADMI
  S_TRANSPRT
  Additional objects required and which can be used to restrict further the functionality are:
  S_C_FUNCT
  S_CTS_ADMI
  S_DATASET
  S_GUI
  S_RFC
  As available in the SAP help,standard SAP S_A.SYSTEM contains all necessary access for importing support packages.
  Regards,
  Nagendran

• Add AL11 directory: what authorizations are required?

  We are on V5R3, SAP 4.70 x110.
  We are attempting to add a directory to AL11 using the instructions found in
  [SM69 access;
  We have been successful in adding the link (to a DIFFERENT partition via QFileSvr.400):
       /QFileSvr.400/System1/Directory1/INV810
  However, when clicking the link, we receive error message:
       "Wrong order of calls <- CALL opendir: Permission denied.(,,..)"
  In our SAP version , there is no help text for this error message; however, I am assuming that it is an authorization issue at the OS-level.
  What users and/or groups need to be added to the other (non-SAP) partition and what access do they need to each directory in the IFS?
  Any assistance is greatly appreciated.
  Robert

  Hi Bob,
  the user is sidnn )
  You should change this user, so that you can logon and hit commands and try wrklnk to that location ...
  my guess is: it doesn't exist on the target, is disblaed or has a different password there  ...
  Regards
  Volker Gueldenpfennig, consolut international ag
  http://www.consolut.de - http://www.4soi.de - http://www.easymarketplace.de

• Which authorizations are required for assigning a query to a role?

  Hi everybody,
  we try to set up some roles for "reporting power users". These guys should be alble to define new queries using BEx (works fine) and also should be able to assign these new defined queries to a role, so other users can use these roles.
  The idea is simple, but we're searching for the right authorization object (or - as i suppose - set of authorization objects) that enables the user to assign a query to a role (using that "enter to a role" button in the open / save dialog).
  At the moment, the user can user that button, and the role, he should the query assigned to is shown. After selecting the role and clicking button "create" it take some seconds and a message "error when saving. entry has not been created" is shown.
  Obviously, there is a problem with writing the role (or adding the new information to that role).
  So, could anyone help me and provide me with a list of authorization objects that are required.
  Thanks in advance,
    Alfred

  S_RFC
  S_TCODE
  S_USER_GRP
  S_BDS_D
  S_OD_SEND
  S_RS_AUTH
  S_RS_BCS
  S_RS_COMP
  S_RS_COMP1
  S_RS_FOLD
  S_RS_ICUBE
  S_RS_MPRO
  The above mentioned authorization objects are enough to add in the role and required for the accessing a query.
  particularly, S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are the most important auth objects which are directly getting involved in authorization of a query in a role.
  SO, you have to assign the respective info area, info cube and info providers names in these auth objects.
  The same scenario , i am using in my project to give access to the queries in all the areas for my end users.
  The values and access/authorizations restrictions is up to your project requirement.
  Hope this would help you.

• What additional resources are required to do the TestStand training courses I and II?

  I have the TestStand course manuals for courses I and II and am currently trying to refresh what I learned a couple of months ago when I took the courses.  I'm at the point where almost every VI required comes up broken because additional libraries are required in LabVIEW.  Why aren't the additional required libraries listed in the course documentation?  What are the additional libraries and how do I get them?

  Hi there!
  If I had to guess I would say that you're missing the TS support API libraries for LabVIEW... Since those are the only 'special' libraries used by any of the examples in the TestStand 3.x or 4.x training manuals.
  I'm going to assume that you have some recent version of LabVIEW (8.x?) and some recent version of TestStand (3.x) installed? Unless you took the NI training course more than a few years ago, in which case you might need earlier version of TS, LabVIEW version really shouldn't matter. Evaluation copies ought to be sufficient so I wouldn't blame those... 
  (If you don't have LabVIEW at all. Make sure you have the correct LabVIEW Run Time Engine version, as that's a pretty common source of TS errors... But without LabVIEW half of the exercises in the training manual are moot anyway...)
  In your LabVIEW install path, (C:\ program files etc...\LabVIEW 8.x\)  look for the folder path "vi.lib\addons\TestStand\", it ought to be full of a few *.llb files that TS would furnish to LabVIEW when the product is installed.  Sometimes when you install things in an unexpected order, or if you have multiple LVs installed, these items don't get put where you expect.
  If the folder is empty, copy what you need from... the TestStand install path (C:\ program files etc...\TestStand x.x\) folder "AdapterSupport\LabVIEW" and restart LV. This might get you up and running.
  If the folder is not empty. Try running a MassCompile from your LabVIEW Tools ->Advanced menu, there might be a version incompatibility issue...
  Feel free to send me an email if you're still stuck. But there aren't any external dependencies/hardware drivers needed for the TS training sequences...
  Cheers!
  --Elaine R.
  www.bloomy.com
  Cheers,
  Elaine R.
  www.bloomy.com

• User Authentication and User Authorization

  We have a scenario where the B2B customers are being provided EP user ids so that they can access certain data and create certain transactions. there are two issues out here:
  (1) For multiple EP users, there will be one single SAP Backend user mapped (which is allowed by EP). However these multiple EP users would have different authorization based on which sales area/product they access/buy and this needs to be controlled via one SAP Backend user?
  (2) Under the above user mapping model, is it possible to have authentication at EP level and  authorization at SAP Backend?
  (3) Once the customer accesses the EP system, then the SAP Backend system is exposed to him? Are there possibilities of having any further layer of security between EP and SAP Backend?
  Looking for response to this or any documentation which addresses the above. My mail id is [email protected]

  This is a broad topic, let me try to point out some key issues: (I asume, B2B means actual SRM these days.)
  (1) The user that is mapped is the generic EBP/SRM user.
  Therefore, the SRM does only know this specific user. There is no way to pass additional data to the SRM. Once the authentication is done, the role assignement is done by SRM (i.e. derived from the generic SRM user, not the EP User) Whenever you want to pass extra context values from the EP to SRM, you can only do this with tricks.
  My experience is, that SAP wants to have a 1:1 relationship between portal users and EBP, even if the bundled mapping is "allowed". (Rather grey'ish area).
  The trick copuld be to set a cookie in the portal and use a BADI together with a Javascript, to  make addiional mappings. But this would count as modification, at the end.
  (2) The authentication is mappped from EP to SRM via SSO2-Ticket, which is accepted by the SRM as authentication. The authorization (role assignement etc) is done solely by the SRM.
  (3) The Backend is exposed to the usual content - the EP via https is considered secure, so is the connection via https to the SRM - you can harden the rfc connection between the srm and the backend as well.

• BODS / SAP : what set-ups are required for communicating with each other ?

  Hi.
  There is a new SAP system
  And there is a new BODS installation.
  Both on independent server machines but on the same lan network.
  On the test system of BODS. We tried to see how the communication happens with SAP.
  While we try some test jobs by trying to pull a simple table on SAP R/3
  In Dataflow, we used simple SAPR/3 ABAP flow. And put it into target database thro query transformation.
  In the datastore,
  We used the Generate and Execute option,
  with a path on the local directory of BODS server for creating the ABAP program and the dat file.
  However,
  We are always getting error on batch job schedule.
  Although the user is having rights on the R/3 table
  And can login into SAP R/3 system and check the table.
  Still we get an error saying Databstore unabel to connect to R/3 system. Check for user login etc.
  For anyone whose login we use. We get the error.
  However, if i directly generate the code on the ABAP flow (without running the job),
  make the program available on R/3 system.
  and then run the job as execute preloaded
  this works fine without any error.
  and we are able to see the data in the target table.
  Now both the systems are new.
  And am not aware of the initial set-ups which are required for communication between SAP / BODS.
  Are WE missing something on the SAP side setups - for generate and execute option to be used?
  Is there anything specific to be done for ease of the communication between SAP server and BODS server in this regard.
  Can anyone share some inputs on this.
  Actually for any user with full admin rights too, on the sap side, if we use the user login for R/3 connectivity for this particular "generate and execute" option,  it errors out after nearly 10 minutes. Then the error says, login info not correct.
  So basically, the communication channel by itself between SAP R/3 and BODS seems to be locked somewhere.
  If anyone with SAP admin expertise - can help or advise on this.
  Many thanks
  Indu
  Edited by: Indumathy Narayanan on Sep 13, 2011 9:20 PM

  Getting data out of R/3 requires two distinct setup tasks, and they don't have much to do with each other.
  The first basic task is to get the little ABAP extraction programs loaded and run in R/3.  You can pre-load them and then call them, or generate, upload, and execute them all on-the-fly, at BODS runtime.  During development, use "Generate and Execute" for your ABAP.
  Once that's done, you have four different choices to get the data back: "Direct download", "Shared directory", FTP, and "Customer Transfer". Normally, you'll use either FTP or "Shared directory".  Refer to the documentation (the BODS SAP Supplement) for a description of all this.
  In all cases (or at least, quite certainly, using the FTP and Shared Directory methods), the ABAP extraction programs are directed to plop their output as flat files in the "Working directory on SAP server."  For testing, you can look in that folder to see if any flat files are appearing when you submit an ABAP data flow.  If not, then either 1) your ABAP program isn't getting in there (a Basis admin should be able to tell you), or 2) it's not running (ditto), or 3) it's running but unable to generate the output file (ditto), because a) SAP isn't permitted to write to that folder, or b) the folder doesn't exist (it needs to be defined from the perspective of the SAP server).
  If you do see files appear in the "Working directory on SAP server" when you run a BODS job w/ an ABAP dataflow, then the problem is that BODS can't fetch them.  If you're using the "Shared directory" method, which is suitable for and often used in all-Windows environments, then the account under which the Job Server in question is running must have access to the "Working directory on SAP server," but this time from the perspective of the Job Server.  So if, for instance, SAP was directed to put the flat files on a local folder, say, "E:\USR\SAP\BODS", then you might want to share this folder out as, for instance,
  sapdev1\bods (for an SAP host called "sapdev1"), and then enter "
  sapdev1\bods" in the "Application path to shared directory" field, in your SAP datastore configuration.  If your Job Server service is logging-in as "Local System," though, it won't be able to get there -- it needs to log-in as an AD domain account w/ rights to that share.  Get it?  Try logging in to your BODS job server computer with the AD "service account" setup for use by the Job Server service, and try to open a file on the "Application path to shared directory". If you can't, then BODS won't be able to get data from ECC, either.  FTP works similarly -- if you're using that and having trouble, please re-post.
  Best wishes,
  Jeff Prenevost
  Data Services Practice Manager
  itelligence

• Saprouter service on windows -  which user rights are required?

  Hi,
  We have the saprouter service running in a windows 2003 server, this service is started by a user account named 'saprouter' which has its password set to never expires.
  Due to security concerns, our IT Security Deparment have ask us to apply all the following restrictions to the 'saprouter' user:
     1) 'Logon locally' user right is disabled
     2) Userid is not a member of the Administrators group
     3) Deny access to the user rights: 'Access this computer from network' and      'Logon through Terminal Services'
  As per our security policy, non-expiring passwords are allowed only for users that can meet all the conditions listed above.
  The questions are ¿Which user rights should be granted to the user account that starts the saprouter service? ¿Could we apply the conditions listed above without impact the saprouter service?
  Thank you for your kind attention.
  Sokram

  following permissions are required to set SAPRouter working :
  1. password never expires
  2. user never change the password
  3. should be member of administrator
  4. profile --> home folder :c:\user\sap\saprouter (path of instllables)
  5. end disconnected session : never , active session limit : never , idle session limit : never
  check if you can apply above points for your users
  Regards,

• Question: What Lenovo drivers are required to make Win 7 work on a T400s?

  I'm looking to upgrade my T400s to Win 7 RTM, and I want to check which Lenovo drivers / apps are required. Based on this forum plus the Lenovo Win 7 Beta site (http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=WIN7-BETA), I think I need:
  System Interface Driver 
  Hotkey Features
  Power Manager
  Either UltraNav Driver or UltraNav Driver 2  -- how do I tell which one of these I need?
  UltraNav Utility
  Lenovo Fingerprint Software UPEK
  ThinkVantage Active Protection System
  ThinkVantage Access Connections  -- Optional
  WLAN Intel Echo Peak ??
  Questions:
  Did I miss anything or do I not need any of the above?
  Any problems running Win 7 64 bit?
  Is the above order correct? I thought I saw a thread showing the install order a while back, but I cannot find it now.
  Any problem using the Lenovo System Toolbox for Vista?
  Thanks!
  RocketDude
  RocketDude
  T400s 2801-CTO

  here's what I installed on RC
  http://forums.lenovo.com/lnv/board/message?board.id=Beta_OS&message.id=1664

• Sender HTTP Adapter User Authorizations

  Someone knows what are the authorizations that must have the user used in a Sender HTTP Adapter?

  Hi,
  User must have role SAP_XI_APPL_SERV_USER on Integration Server.
  This will give you more Idea
  http://help.sap.com/saphelp_nw2004s/helpdata/en/ca/fafaf6dbc8b240b1cf4a88c40379b2/frameset.htm
  Regards
  Agasthuri Doss

• SOAP Sender Authentication deactivation

  Hi All,
  I have scenerio from SOAP to Proxy.
  While sending data to PI through URL thrid party wants us to deactivate authentication.
  We require this only in development enr for testing.
  Can you please advice how we can do this.
  Regards,
  Vikrant

  Hello All,
  I have a simple scenerio IDOC to File.
  We had a requirement of making a XML file of IDOC received in PI , ery simple and straight forward.
  Now Target side as a requirement to place a file in CSV format.
  I mean the IDOC received in PI should be placed in target directory as CSV file.
  I am working on PI7.11 , can anyone help me with some info.
  Thanks a lot in advance.
  Regards,
  Vikrant

• Web Service SOAP Sender Authentication issue

  Hi Experts,
  Synch Scenario: Webservice call from SOAP client-> XI -> RFC Bapi call to R/3 and back to SOAP client with data.
  Soap Adapter on J2ee receives and process call ok, the error we are getting is on connection from AFW to IS; the error in the security log is:
  Attempting to create outgoing ssl connection without trusted certificates ,
  Warning , /System/Security/SecureConnectionFactory ,
  com.sap.security.core.server.https.SecureConnectionFactory , 
  Any tips where to look? We have enabled Principal Propagation via assertion tickets following SAP document to carry user id to R3 for authority check when Bapi runs.
  IS self signed cert has been imported to J2ee Ticketkeystore and J2ee cert has been imported to IS Strust/StrustSOO2 store adn added to ACK list. WE are using Http between J2ee and IS...hwoever from the erroe message it looks like it is evaluatiing https library com.sap.security.core.server.https.SecureConnectionFactory ?
  Thanks in advance for any help.
  Margaret

  did u instsall CA in ur visual admin for https/ssl t owork

• What CDMA bands are required for network usage?

  I'm looking specifically for band numbers (0/1/etc.), not frequency units (850 MHz).

      Hi Impinball,
  We can help locate bands! What device are you needing the band numbers for? Send details
  Thanks,
  PamelaF_vzw
  Tweet us @vzwsupport

• Find out what user accounts are tied to

  Spicework Team,Wanted to know some thoughts on when an employee leaves the company. We have a employee termination sheet that we go through when someone leaves the company. My question is we recently had somebody from our IT department leave who has been here 14 years, so of course there are many more things added to that termination sheet that need to be addressed. I have been making an entirely different sheet up if they are a member of the IT department. I have gotten just about everything we can think of, but the one question I have is there an easy way to see if an admin account is being used for authentication etc? My issue is we have to change the domain admin account now, and I have been going through some of our servers (SharePoint being one of them) and sorting the services by log on and found a bunch of services that are...

  Dropbox for Business customers are big sharers. But while using Dropbox to share your files is easy, collecting files from other people can be more difficult. So today, we’re excited to introduce a new way for Dropbox for Business users to get the files they need: file requests.File requests are a fast and easy way to collect files — large or small — from partners, clients, vendors, and anyone else you work with. Here are just a few people we had in mind when we built file requests for our Dropbox for Business customers:Teachers and professorsneeding a way to easily collect papers from dozens of studentsAssistants and coordinatorsspending a lot of time gathering receipts and invoicesEvent plannersrequesting assets and contracts up until the day of an eventReal estate agentsgathering hundreds of applications for new propertiesIf any of...