Source System security Model
HI,
We built a datastore object which gets data from two R3 systems. Even master data is loaded from both source systems and compounded with source system. We want to build a security model where each company cannot access other companyu2019s data. For that we built an authorization object with source system ID and created three separate roles. ( one for company A, one for company B and the other for all).
While building queries, if source system ID is not there in the query, it brings the data of both companies. We would like to model in such a way that other company cannot/should not see the data.
Can any one suggest a better security model for this scenario.
Thanks in advance.
Tony
Hi Tony,
What I mean by data elements is things like company code, plant, sales org, etc. If you are pulling in data from 2 separate systems then these will be key bits of data which will be reported on. You can then do as Raghu has suggested and base your restrictions against them, assuming that that they are different (i.e. the naming convention for company code is not the same in your 2 source systems).
You can still have the concept of company1 role, company2 role and combined role, you just list the restriction elements in each role that will give you the segregation of data visibility.
Similar Messages
-
Creating DataSources for File Source Systems in csv format in sap bw 7.0
Hi,
Please explain how to Create DataSources for File Source Systems in csv format in sap bw 7.0. WITH SCREENSHOTS
Thanks
JINI
Edited by: Jini Jayan on Jun 11, 2008 11:36 AMStep 1. Select Source systems under Modelling in the left panel. In the right panel, right-click Source systems and select Createu2026.
Step 2. Select the FileSystem, manual meta data, data using file inte option, and then click to continue.
Step 3. Enter a name and a description for the source system, and then click to create the source system.
Now create an application component
Step 1. Select InfoSources under Modelling in the left panel. In the right panel, right-click InfoSources and select Create application componentu2026.
Step 2. Enter a name and a description for the application component, and then click to continue. (BW automatically adds a prefix of "Z" to the technical names of application components, unlike the naming system used for other BW objects.If u give the name as AC_DEMO it will be saved as ZAC_DEMO in the system.
Now create infosource
Step 1.Select InfoSources under Modelling in the left panel. Right-click the newly created Application Component , and then select Create InfoSourceu2026.
Step 2. Select the option Master data/texts/hierarchies, and then click to continue.
Step 3. Enter your infoobject name, and then click to continue.
Now you will be asked
Infosource(name) assigned to Appln component(name)?
Click continue
Now go back to workbench and see the Infoobject listed under the Application component name (under Infosource)
Right click the infoobject name and select Assign Datasource
Enter the Infoobject name as Infosource name and the source system name and continue
Now you ll get datasource assignment confirmations for Infosource_ATTR and Infosource_TEXT for master data and text.
Click yes and continue
Now you ll be taken to the Infosource(master data) change screen
Source system name will be given
Below that u need to give the datasource name u2026.._ATTR
Click Activate.
Now Click the tab transfer rules
Copy the communication str infoobject names to an excel sheet
For ex if your infoobj are IO_MATNUM and IO_MATNAME (material number and material name) copy and paste as
IO_MATNUM IO_MATNAME
MAT001 TEA
MAT002 COFFEE
MAT003 SUGAR
GIVE YOUR DATA IN THE EXCEL. AND CLICK File Save As CSV(comma delimited) and save to ur system. Give file name as something like infosourcename_ATTR.csv
Now back to the Infosourcechange screen
Source system name will be given
Below that u need to give the datasource name u2026.._TEXT
And activate
Now Click the tab transfer rules
Copy the communication str infoobject names to an excel sheet
GIVE YOUR DATA IN THE EXCEL. AND CLICK File Save As CSV(comma delimited) and save to ur system. Give file name as something like infosourcename_TEXT.csv
Now create Infoobject to load data
Go to Infosourceu2014Appln Componentu2014InfoObju2014SourceSystemu2014rightclick->create Infopackage
Step 2. Select the DataSource Material number (Master data), enter a description for the InfoPackage, and then click to continue.
Give infopackage description as Infopackage:InfoObj_ATTR
Now take care to select the first item in datasource and click continue
In the next screen click external data tab
Click client workstation
Datafileu2026.file name (browse to give the file u saved in ur system)
There will be an option to remove header data from file.remove 1 row.
File typeu2014csv file
Now click schedule tabu2014start dataload immediatelyu2014start.
In the same way
Go to Infosourceu2014Appln Componentu2014InfoObju2014SourceSystemu2014rightclick->create Infopackage
Step 2. Select the DataSource Material number (text)enter a description for the InfoPackage, and then click to continue.
Give infopackage description as Infopackage:InfoObj_TEXT
Now take care to select the second item in datasource and click continue
In the next screen click external data tab
Click client workstation
Datafileu2026.file name (browse to give the file u saved in ur system)
There will be an option to remove header data from file.remove 1 row.
File typeu2014csv file
Now click schedule tabu2014start dataload immediatelyu2014start.
Click the icon below admn workbench to go to monitor and check the load
Or you go back to Infosourceu2014Appln Componentu2014InfoObju2014right clickmaintain master data
Click execute
You can see the data load
Hope this helps!!! -
How to create source system for flat file loads
How do I create a source system to load flat file?
I have a screen that asks for the following:
Logical system name
Source system name
Type and release
What should I enter for these?
I am not Basis and Basis was supposed to set this up.hi sam.
STEPS TO CREATE FLAT FILE SOURCE SYSTEM
step:1 select source systems under modeling in AWB.
step:2 select Source Systems root node.
|---> context menu
|--->create......
step:3 select your required source system Icon.
(in your case it is PC Icon).
there it askes for a logical.......and source system name...
here u can specify any name of ur wish
for example:-
logical sys name --- PC_FF
source system name --- flat file source system*
*press Continue * button.
Observe the activation icon to confirm the successfull creation(_glowing lamp icon_ symbol) -
Hi Experts,
I created a Flat File Source System in BW Development system based on that i created DSO,CUBE,MULTICUBE,PROCESS CHAIN and REPORTS.
Issue :
I need to transport them to Test and Production system.There is no Flat File source system avaliable in Test & Production....I know that we don't Transport Source Systems across BW Environments...how to deal with this...do i need to ask our basis team to create source systems in Test and Production before importing any transports.Yes - you basis guy will help you to setup the source systems.
STEPS TO CREATE FLAT FILE SOURCE SYSTEM
step:1 select source systems under modeling in AWB.
step:2 select Source Systems root node.
|---> context menu
|--->create......
step:3 select your required source system Icon.
(in your case it is PC Icon).
there it askes for a logical.......and source system name...
here u can specify any name of ur wish
for example:-
logical sys name --- PC_FF
source system name --- flat file source system*
*press Continue * button.
Observe the activation icon to confirm the successfull creation(_glowing lamp icon_ symbol)
You also can have a look:
http://help.sap.com/saphelp_nw70/helpdata/en/ac/4a4e38493e4774e10000009b38f889/frameset.htm
Hope it helps.. -
Source system not Active error while installing BI content cube
Hi.,
When I try to install the BI content cube, In logs it is showing the error message as "Source client not Active". I activated the source system in modelling tab. Still the problem continues. In source system assignment of BI content the source client is also checked. Please give me a solution.Hi Selva,
If you want to select only infocube, select "Only necessary objects" in grouping. If you want everything related to Info cube, then system will collect data source also and for that it will check if you are authorized in source system. Please check if the source system is connected to BI or you can do one thing activate the data source in source system and replicate it in BI.
Regards,
Kams -
DW Workbench - Source System : Object Information
I recently applied some bi support packs through spam, and I realize now in my BW Workbench Source Systems
under Modeling, the active/inactive sign under Source System : Object Information column is no longer showing,
which, usually indicate whether the connection to the source system is ok or not.
Does anyone know what configuration is changed?
Thanks.
Edited by: BI Junior on Jul 16, 2009 8:04 PM
Edited by: BI Junior on Jul 17, 2009 2:36 AMThanks Mohan Kumar,
I check the source system, it is ok.
However, under that column, I used to have a active/inactive symbol which will tell me whether
the connection is ok or not, now the symbol is gone, so I have to check to see whether the
related source system ok or not.
Could you see the symbol in your system? My BI7 ides was SP70009, now I updated to SP70016... -
Documentation for Restore under Source Systems
Hello,
Can anyone point me to documentation that tells me what exactly the 'restore' under the source systems under modeling does? We refreshed our R/3 and BW systems simultaneously and now the 0material_text delta does not work. All other deltas are working fine.
Thanks,
Diane MerrillHave you tried to:
1. replicate the datasource
2. activating infosource with communication structure and transfer rules expanded ?
Regards Lars -
Hi,
I need to create one query on the cube.
User want some of the fields in the query which are present in diffrent source system , rest of the fields are present in the cube.
These are master data fields ( 7 fields in total) from other source system.
Cube gets data from one ODS.
some steps I need to do are :
1) create new source system
2) Create corresponding objects in BW.
3) Model the things in ODS and cube
Can somebody let me know what is the best way/steps to model such scenario.
Thanks, JeetuHi,
Replicate both the data sources to BW.
Create 2 infosources/transformations, map them to respective fields and infoobjects.
Now assign them to cube and load the data
hope this helps.
Rgs,
I.R.K -
Find distribution model in source system and maintain filter in it
I have an inbound idoc which is in status 51(error). The procedure shown by SAP is following:-
It has been determined that the particular employee 11001189 has been received for the first time.
Maintain the filter of the appropriate distribution model. To do this, call transaction BD64 in the source system.
Add new filter group to the data filter. Assign values to it.
I cannot find the distribution model. Please somebody help me in finding the relevant distribution model in the source system. One more thing, when I went to BD64 I found that some of the model views were in grey shade while others were in bold, please tell me why is it so.
Please give me some hint.I have an inbound idoc which is in status 51(error). The procedure shown by SAP is following:-
It has been determined that the particular employee 11001189 has been received for the first time.
Maintain the filter of the appropriate distribution model. To do this, call transaction BD64 in the source system.
Add new filter group to the data filter. Assign values to it.
I cannot find the distribution model. Please somebody help me in finding the relevant distribution model in the source system.
You never maintain Filters in receivin system those has to me in sender system. Also you
need to distribute the Model from sender to receiver once you model is finalized thru menu
option in sender system. Find the Models with HRMD_A as message type
One more thing, when I went to BD64 I found that some of the model views were in grey shade
while others were in bold, please tell me why is it so
simple, If its greyed out then this model is maintained in some other system and is
just distrinuted over to this system, you shuld not maintain the greyed out entries as Maintaince
system is different. The non grey entires are those for which its same system in which the model
is created -
Modeling the Data model when multiple source systems
Hi gurus,
i have a scenario where i am getting data from multiple source systems all R/3 but from different locatins.
my doubt is if i have to do reporting on the data available.
1. do i have to build seperate infocubes for each source systems or build seperate data designs for each source system .
2. How can i consolidate the different source sytems data into one and report sensibly as well as without loosing the source system identification.
thanks and regards
NeelHi all,
thanks for your focus, ya i am also thinking of have a flexible solution where in i can do it easily as well as we don't have much of complexcity, but wanted to try different options as well so that we can go for best one.
I thought of multiprovider at first when RafB suggested, and i agree with you as well Lilly, that data volume will be a problem, so keeping all this in view i want to build a solution where in it will be sensible as well as not confusing in reports ( i mean clear and readable reports)
[email protected]
please kindly forward any documents which might be helpful for me in this scenario
thanks and regards
neel
Message was edited by: Neel Kamal -
Java Security Model: Java Protection Domains
1. Policy Configuration
Until now, security policy was hard-coded in the security manager used by Java applications. This gives us the effective but rigid Java sandbox for applets.A major enhancement to the Java sandbox is the separation of policy from mechanism. Policy is now expressed in a separate, persistent format. The policy is represented in simple ascii, and can be modified and displayed by any tools that support the policy syntax specification. This allows:
o Configurable policies -- no longer is the security policy hard-coded into the application.
o Flexible policies -- Since the policy is configurable, system administrators can enforce global polices for the enterprise. If permitted by the enterprise's global policy, end-users can refine the policy for their desktop.
o Fine-grain policies -- The policy configuration file uses a simple, extensible syntax that allows you to specify access on specific files or to particular network hosts. Access to resources can be granted only to code signed by trusted principals.
o Application policies -- The sandbox is generalized so that applications of any stripe can use the policy mechanism. Previously, to establish a security policy for an application, an developer needed to implement a subclass of the SecurityManager, and hard-code the application's policies in that subclass. Now, the application can make use of the policy file and the extensible Permission object to build an application whose policy is separate from the implementation of the application.
o Extensible policies -- Application developers can choose to define new resource types that require fine-grain access control. They need only define a new Permission object and a method that the system invokes to make access decisions. The policy configuration file and policy tools automatically support application-defined permissions. For example, an application could define a CheckBook object and a CheckBookPermission.
2. X.509v3 Certificate APIs
Public-key cryptography is an effective tool for associating an identity with a piece of code. JavaSoft is introducing API support in the core APIs for X.509v3 certificates. This allows system administrators to use certificates from enterprise Certificate Authorities (CAs), as well as trusted third-party CAs, to cryptographically establish identities.
3. Protection Domains
The central architectural feature of the Java security model is its concept of a Protection Domain. The Java sandbox is an example of a Protection Domain that places tight controls around the execution of downloaded code. This concept is generalized so that each Java class executes within one and only one Protection Domain, with associated permissions.
When code is loaded, its Protection Domain comes into existence. The Protection Domain has two attributes - a signer and a location. The signer could be null if the code is not signed by anyone. The location is the URL where the Java classes reside. The system consults the global policy on behalf of the new Protection Domain. It derives the set of permissions for the Protection Domain based on its signer/location attributes. Those permissions are put into the Protection Domain's bag of permissions.
4. Access Decisions
Access decisions are straightforward. When code tries to access a protected resource, it creates an access request. If the request matches a permission contained in the bag of permissions, then access is granted. Otherwise, access is denied. This simple way of making access decisions extends easily to application-defined resources and access control. For example, the banking application allows access to the CheckBook only when the executing code holds the appropriate CheckBookPermission.
Sandbox model for Security
Java is supported in applications and applets, small programs that spurred Java's early growth and are executable in a browser environment. The applet code is downloaded at runtime and executes in the context of a JVM hosted by the browser. An applet's code can be downloaded from anywhere in the network, so Java's early designers thought such code should not be given unlimited access to the target system. That led to the sandbox model -- the security model introduced with JDK 1.0.
The sandbox model deems all code downloaded from the network untrustworthy, and confines the code to a limited area of the browser -- the sandbox. For instance, code downloaded from the network could not update the local file system. It's probably more accurate to call this a "fenced-in" model, since a sandbox does not connote strict confinement.
While this may seem a very secure approach, there are inherent problems. First, it dictates a rigid policy that is closely tied to the implementation. Second, it's seldom a good idea to put all one's eggs in one basket -- that is, it's unwise to rely entirely on one approach to provide overall system security.
Security needs to be layered for depth of defense and flexible enough to accommodate different policies -- the sandbox model is neither.
java.security.ProtectionDomain
This class represents a unit of protection within the Java application environment, and is typically associated with a concept of "principal," where a principal is an entity in the computer system to which permissions (and as a result, accountability) are granted.
A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. Currently, a domain is uniquely identified by a CodeSource, which encapsulates two characteristics of the code running inside the domain: the codebase (java.net.URL), and a set of certificates (of type java.security.cert.Certificate) for public keys that correspond to the private keys that signed all code in this domain. Thus, classes signed by the same keys and from the same URL are placed in the same domain.
A domain also encompasses the permissions granted to code in the domain, as determined by the security policy currently in effect.
Classes that have the same permissions but are from different code sources belong to different domains.
A class belongs to one and only one ProtectionDomain.
Note that currently in Java 2 SDK, v 1.2, protection domains are created "on demand" as a result of class loading. The getProtectionDomain method in java.lang.Class can be used to look up the protection domain that is associated with a given class. Note that one must have the appropriate permission (the RuntimePermission "getProtectionDomain") to successfully invoke this method.
Today all code shipped as part of the Java 2 SDK is considered system code and run inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.
It is possible to ensure that objects in any non-system domain cannot automatically discover objects in another non-system domain. This partition can be achieved by careful class resolution and loading, for example, using different classloaders for different domains. However, SecureClassLoader (or its subclasses) can, at its choice, load classes from different domains, thus allowing these classes to co-exist within the same name space (as partitioned by a classloader).
jarsigner and keytool
example : cd D:\EicherProject\EicherWEB\Web Content jarsigner -keystore eicher.store source.jar eichercert
The javakey tool from JDK 1.1 has been replaced by two tools in Java 2.
One tool manages keys and certificates in a database. The other is responsible for signing and verifying JAR files. Both tools require access to a keystore that contains certificate and key information to operate. The keystore replaces the identitydb.obj from JDK 1.1. New to Java 2 is the notion of policy, which controls what resources applets are granted access to outside of the sandbox (see Chapter 3).
The javakey replacement tools are both command-line driven, and neither requires the use of the awkward directive files required in JDK 1.1.x. Management of keystores, and the generation of keys and certificates, is carried out by keytool. jarsigner uses certificates to sign JAR files and to verify the signatures found on signed JAR files.
Here we list simple steps of doing the signing. We assume that JDK 1.3 is installed and the tools jarsigner and keytool that are part of JDK are in the execution PATH. Following are Unix commands, however with proper changes, these could be used in Windows as well.
1. First generate a key pair for our Certificate:
keytool -genkey -keyalg rsa -alias AppletCert
2. Generate a certification-signing request.
keytool -certreq -alias AppletCert > CertReq.pem
3. Send this CertReq.pem to VeriSign/Thawte webform. Let the signed reply from them be SignedCert.pem.
4. Import the chain into keystore:
keytool -import -alias AppletCert -file SignedCert.pem
5. Sign the CyberVote archive �TeleVote.jar�:
jarsigner TeleVote.jar AppletCert
This signed applet TeleVote.jar can now be made available to the web server. For testing purpose we can have our own test root CA. Following are the steps to generate a root CA by using openssl.
1. Generate a key pair for root CA:
openssl genrsa -des3 -out CyberVoteCA.key 1024
2. Generate an x509 certificate using the above keypair:
openssl req -new -x509 -days key CyberVoteCA.key -out CyberVoteCA.crt
3. Import the Certificate to keystore.
keytool -import -alias CyberVoteRoot -file CyberVoteCA.crt
Now, in the step 3 of jar signing above, instead of sending the request certificate to VeriSign/Thawte webform for signing, we 365 - can sign using our newly created root CA using this command:
openssl x509 -req -CA CyberVoteCA.crt -CAkey CyberVoteCA.key -days 365 -in CertReq.pem -out SignedCert.pem �Cacreateserial
However, our test root CA has to be imported to the keystore of voter�s web browser in some way. [This was not investigated. We used some manual importing procedure which is not recommended way]
The Important Classes
The MessageDigest class, which is used in current CyberVote mockup system (see section 2), is an engine class designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD5. A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. A digest has the following properties:
� It should be computationally infeasible to find two messages that hashed to the same value.
� The digest does not reveal anything about the input that was used to generate it.
Message digests are used to produce unique and reliable identifiers of data. They are sometimes called the "digital fingerprints" of data.
The (Digital)Signature class is an engine class designed to provide the functionality of a cryptographic digital signature algorithm such as DSA or RSA with MD5. A cryptographically secure signature algorithm takes arbitrary-sized input and a private key and generates a relatively short (often fixed-size) string of bytes, called the signature, with the following properties:
� Given the public key corresponding to the private key used to generate the signature, it should be possible to verify the authenticity and integrity of the input.
� The signature and the public key do not reveal anything about the private key.
A Signature object can be used to sign data. It can also be used to verify whether or not an alleged signature is in fact the authentic signature of the data associated with it.
----Cheers
---- Dinesh VishwakarmaHi,
these concepts are used and implemented in jGuard(www.jguard.net) which enable easy JAAS integration into j2ee webapps across application servers.
cheers,
Charles(jGuard team). -
Migrate to the Java 2 security model
Hi, I've tried to use signed applets but I always get the following message:
Java (TM) Plug-in: Version 1.3.1_02
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
Netscape security model is no longer supported.
Please migrate to the Java 2 security model instead.
I'm using IExplorer 5.5 with the Java Plug-In 1.3.1_02.
What does it mean 'migrate to the Java 2 security model'?
How can I migrate?
thanks in advance.So you mean your applet is working in Netscape 6.2 after editing prefs.js. In that case, one possible solution is take away the support of netscape.security.* in your applet . Because netscape.* packages 'might' use the Netscape Security model, which is no longer supported(check out). Hence the system asks you to migrate to the current java security model. Even if you remove the netscape.* support, your applet will work, if you have signed it properly. In that case, you don't have to touch prefs.js or java.policy or anything from your client machine.(provided you use standard certificates like verisign).
Since you have only class file of the applet and not the source, decompile the class file and make the alteration and compile it back. A decompiler Jad is available here http://midlet.org/jsp/category.jsp?parentLevel=137.
Let me know if this has helped you.
Rajesh -
Activation of Business Content Datasources in CRM Source system
Hi,
My Requirement is to activate all Datasources in CRM Develoment server.I have select the entire node in RSA5 and click "Activate Datasources".But for each Datasources system is askin for develoment request.Is there any procedure to activate all Datasources with single Development Request.
Regards
VishalThis section describes the general settings necessary for BW Integration in CRM.
If CRM is not involved in your scenario skip this section.
Transferring Application Component Hierarchy (CRM)
Procedure
This step has to be carried out in the CRM system.
IMG Menu Integration with Other mySAP Components  Data Transfer to the SAP Business Information Warehouse  Business Content DataSources  Transfer Application Component Hierarchy
Transaction code RSA9
Confirm the security check: Do you want the content application Transfer Component Hierarchy? with YES.
If a dialog box appears requesting the user to enter a development class, enter a development class in the customers namespace and choose Save or choose Local object.
If no error message is sent the application component hierarchy has been transferred successfully.
Cross Connectivity:
It describes all settings that are necessary to connect the components of the SAP.system landscape with each other. The settings for each combination of two components to be connected are described in a separate structure node. The separate section headings make it possible to identify the activities required to connect certain components with each other. The section headings for components that are not part of the installation can be skipped
Connecting SAP BI with SAP ERP, SAP CRM
Procedure
To carry out the activity, choose one of the following navigation options in the SAP BI system:
Transaction Code RSA1
SAP BI Menu Modeling  Data Warehousing Workbench: Modeling
1. Choose Modeling.
2. Choose Source Systems.
3. Select SAP in the window on the right.
4. Choose the Context menu (right mouse click).
5. Choose Create.
6. Make the following entries:
Field Entry
Target computer (server) Server of the SAP ERP, SAP CRM or SAP SRM system
System ID System ID of the SAP ERP, SAP CRM or SAP SRM system
System number System number of the SAP ERP, SAP CRM or SAP SRM system
Background user in source system RFCUSER
Password for source system welcome
Background user in BI RFCUSER (can not be changed in this activity)
Password for BI user welcome
9. On the dialog box Please log on as an administrator in the following screen choose Continue.
10. Log on to the Source System with your administrator user. Choose the correct client.
11. On the dialog box New Source System Connection choose Continue.
12. On the Replicate Metadata dialog box, choose Only Activate.
The building block CRM Lead Analysis describes the all the required activities to analyze the Marketing Lead Analysis data from SAP CRM in SAP Business Information Warehouse.
The analysis is carried out with the following queries of the InfoCube 0MKTG_C01 CRM - Lead Management (SAP BW Business Content).
The Lead Management InfoCube contains all the characteristics and data used for the administration of leads. This InfoCube enables you to execute the following standard queries available in SAP BW:
1. Channel Analysis: This query is used to determine the best channels by which business partners are contacted in the context of a marketing campaign. Following each marketing campaign, the lead manager can compare the success of a given channel to those of others.
2. Efficiency Reporting: This query is used to analyze the efficiency with which leads are qualified. By navigating to the sales organizations and the responsible employees for the leads, it is possible to assess how efficiently lead teams are working and to identify areas for improvement.
3. Historical Evaluation: Use to help analyze and compare leads over different intervals (comparison of different quarters or years for example) to see if general characteristics in the processing of leads can be identified for these periods.
4. Lost Leads: Provides an overview of the number of lost leads in a particular period and the reasons (implemented as a navigation characteristic) for the loss of the leads. This query is used to analyze the main reasons why leads might be lost, with a view to developing new strategies for overcoming these weaknesses.
5. Channel Mgmt.: Top-n Lost Leads (Current Year): In a Channel Manager Portal, this query provides an analysis of the leads lost by a Channel Manager over the past 12 months. Channel Managers can also view the leads lost by their Channel Partners. In a Partner Portal, this query shows the top-n unsuccessful leads distributed by a Channel Manager to a Channel Partner. Partner Manager can see the lost leads of the Partner Employees over the year. Partner Employee can view his lost leads over the year.........
Before starting activities in this building block, you need to perform or check the following steps:
1. From the BW Connectivity building block the following activities have to be completed:
a. Local Settings è SAP CRM: all activities have to be completed.
b. Local Settings è SAP BW: all activities have to be completed.
c. Cross Connectivity è Connecting SAP BW with SAP R/3, SAP CRM, SAP SRM: Connect your CRM System.
2. From the General Settings for BW Integration building block the following activities have to be completed:
a. In section General Settings in CRM all activities have to be completed.
b. In section General Settings in SAP BW all activities have to be completed.
Hope it will helps you........ -
Error: Source system already exists. Message no. RSAR201
We have installed a BI 7.0 system recently and I am setting up the server to connect to SAP ERP.
In TA SM59 a connection to the SAP ERP has been established. The Remote Logon is OK, (meaning clicking it nothing happens). The Connection Test is OK.
According to the Best Practices paper: B84: BI Connectivity (B84)
http://help.sap.com/bp_biv170/BBLibrary/documentation/B84_BB_ConfigGuide_EN_DE.doc
I have done the following:
In TA RSA1
1. Choose Modeling.
2. Choose Source Systems.
3. Select SAP in the window on the right.
4. Choose the Context menu (right mouse click).
5. Choose Create.
6. Make the following entries:
Available destination: (The above tested connection)
Background user in source system: RFCUSER (I created the user in ERP according to step 1.4 in B84)
Password for source system: *****
Background user in BI: RFCUSER (I created the user in BI according to step 1.4 in B84)
Password for BI user: *****
8. In the dialog box Please log on as an administrator in the following screen choose Continue.
9. Log on to the Source System with your administrator user. Choose the correct client.
10. On the dialog box New Source System Connection choose Continue.
THEN I GET THE ERROR:
Source system already exists.
Message no. RSAR201
What is wrong? I cannot locate any SAP notes to help on this problem.
Best regards,
Carsten PoldHello Carsten,
just some guessing at this point...
a)
Is the connection really new? For example, was there another system connected to that ERP, maybe with the same logical name? Or was any of the two systems copied from another system?
b)
Authorisations issues in this process may result in strange error messages. Make sure that the admin user in step 9 really has SAP_ALL. There are a lot of complex activities that this user must be able to do (ALE management, RFC access etc.). To exclude issues with the RFCUSER users: If possible, give them SAP_ALL, too. Of course only temporarily for testing.
c)
I normally don't use existing RFC destinations. Usually, I let the system create those, too. So maybe it makes a difference if you remove the RFC destinations on both sides and try again. In that case, you will of course have to provide the RFC details when creating the source system connection...
I hope this brings you forward a little...
Regards,
Christian! -
Hi Friends,
We are using BI, i have to create a source system(R3) in BW.
Both sides we have users with enough profiles.
In RSA1 --> Source System --> Create is using to create the sourse system.
I am using automatic function at the time of defining the source system.
It is asking some dialog user from source side, i am giving some dialog user
then i am getting the error user cannot create in source system.
Could you please help me out.. how to create R3 source system in BI.
Thanks in advance
SrinivasHi Srini,
Check u'r partner profiles.if u din't get....
plz follow this....
2.1 SAP R/3
2.1.1 Define Client Administration (SAP R/3)
Use
This activity allows you to change Customizing settings.
Prerequisites
You have logged on to the system in English in order to start with the installation of the Best Practices Scenario.
Procedure
Run the following activity:
SAP R/3 Role Menu Define Client Administration (SAP R/3)
Transaction Code SCC4
SAP R/3 Menu Tools  Administration  Administration  Client Administration  Client Maintenance
Then carry out the following steps:
1. Choose Display  Change.
2. Confirm the warning message Caution: The table is cross client.
3. Select your SAP R/3 client and choose Details.
4. In the Change View Clients: Details screen, activate the following settings:
Automatic recording of changes
Changes to Repository and cross-client Customizing allowed
eCATT and CATT allowed.
5. Save.
6. Go back to the SAP Easy Access menu.
2.1.2 Defining a Logical System for SAP R/3 (SAP R/3)
Use
The purpose of this activity is to create a logical system for your SAP R/3 System. To enable communication between systems within your system landscape, you must
1. Define the systems as logical systems.
2. Assign the logical system for the SAP R/3 System to a client.
This enables the systems to recognize the target system as an RFC destination. If the logical system has already been created, skip this activity.
Logical systems are defined cross-client.
Procedure
Carry out the following steps:
1. Access the transaction using:
SAP R/3 Role Menu Defining a Logical System for SAP R/3 (SAP R/3)
Transaction Code SPRO
SAP R/3
IMG Menu Basis Components (for R/3 Enterprisse: SAP Web Application Server)  Application Link Enabling (ALE)  Sending and Receiving Systems  Logical systems  Define Logical System
2. Choose New entries.
3. In the column Log System, enter a name for the logical system that you want to create.
4. In the column Name, enter a description of the logical system.
Log. System Name
where XXX is the system name
and NNN is the client.
5. Save your entries.
A transport request for Workbench appears.
6. Select an existing request or create a new request, if necessary.
A transport request for Customizing appears.
7. Select an existing request or create a new request, if necessary.
2.1.3 Assigning Logical System to Client
Use
The purpose of this activity is to make an assignment for the logical system. Skip this activity if a logical system is already assigned to your client.
Procedure
Carry out the following steps:
1. Access the transaction using:
SAP R/3 Role Menu Assign Logical System to Client
Transaction Code SCC4
SAP R/3 Menu Tools  Administration  Administration  Client Administration  Client Maintenance
2. Choose Display ® Change.
3. Confirm the warning message The table is cross client.
4. Select your R/3 client and choose Details.
5. Enter the name of the logical system of your SAP R/3 client.
6. Save and confirm the warning message Be careful when changing the logical system.
7. Choose Back twice.
2.1.4 Creating an RFC User (SAP R/3)
Use
To enable communication between the SAP R/3 back-end system and the SAP SCM System, you have to create an RFC user in the SAP R/3 System.
The RFC user in the application client enables multiple RFC connections. Skip this activity if an RFC User has already been created.
Procedure
Carry out the following steps:
1. Access the transaction using:
SAP R/3 Role Menu Creating an RFC User (SAP R/3)
Transaction Code SU01
SAP R/3 Menu Tools  Administration  User Maintenance  Users
2. In the User field, enter RFCUSER.
3. Choose Create.
4. On the Maintain User screen, enter the following data on the Tab entry screens:
Address
Last Name
Function
Logon data
User type System
Password LOGIN
Profile
Profiles SAP_ALL
SAP_NEW
S_BI-WX_RFC
Defaults
Logon Language EN
5. Save your entries.
2.3 SAP BW
2.3.1 Define Client Administration
Use
This activity defines changes and transports of the client-dependent and client-independent objects.
Procedure
1. To perform this activity, choose one of the following navigation options:
SAP BW Role Menu Local Settings ® Define Client Administration
Transaction Code SCC4
SAP BW Menu Tools  Administration  Administration  Client Administration  Client Maintenance
2. Switch to change mode.
3. Select your client.
4. Choose details.
5. In field Currency enter the ISO-code of the local currency, e.g. USD or EUR.
6. In field Client Role enter Customizing
7. Check the settings for changes and transport of client-specific objects and client-independent object changes
If you want to use the settings made by BC-Sets or manually in other systems (other than BW), Automatic recording of changes and Changes to Repository object and cross-client Customizing allowed is required.
Result
Client administration has been defined to support the installation using Best Practices.
2.3.2 Defining a Logical System for SAP BW (SAP BW)
Use
In this step, you define the logical systems in your distributed system.
Prerequisites
Logical systems are defined cross-client. Therefore cross-client customizing must be allowed in your client (this can be checked in transaction SCC4).
Procedure
To carry out the activity, choose one of the following navigation options:
SAP BW Role Menu Defining a Logical System for SAP BW (SAP BW)
Transaction Code SPRO
IMG Menu SAP Reference IMG  SAP Customizing Implementation Guide  SAP NetWeaver  Business Information Warehouse  Links to other Systems  General Connection Settings  Define Logical System
1. A dialog box informs you that the table is cross-client. Choose Continue.
2. On the Change View Logical Systems: Overview screen, choose New entries.
3. On the New Entries: Overview of Added Entries screen enter the following data:
Field name Description R/O/C User action and values Note
Log. System Technical Name of the Logical System Enter a name for the logical BW system that you want to create
Name Textual Description of the Logical System Enter a clear description for the logical BW system
4. Choose Save.
If a transport request for workbench and customizing is displayed choose existing requests or create new requests.
If you want to continue with the next activity, do not leave the transaction.
Result
You have created a Logical System Name for your SAP BW client.
2.3.3 Assigning Logical System to Client (SAP BW)
Procedure
To carry out the activity, choose one of the following navigation options:
SAP BW
Role Menu Assigning Logical System to Client (SAP BW)
Transaction Code SCC4
SAP BW Menu Tools  Administration  Administration  Client Administration  Client Maintenance
1. In the view Display View "Clients": Overview, choose Display.  Change
2. Confirm the message.
3. Select your BW client.
4. Choose Details.
5. In the view Change View "Clients": Details, insert your BW system in the Logical system field, for example, BS7CLNT100.
6. Save the entries and go back.
2.3.4 Opening Administrator Workbench
Procedure
To carry out the activity, choose one of the following navigation options
SAP BW Modeling  Administrator Workbench: Modeling
Transaction Code RSA1
1. In the Replicate Metadata dialog box, choose Only Activate.
2. If a message appears that you are only authorized to work in client ... (Brain 009) refer to SAP Note 316923 (do not import the support package, but use the description under section Workaround).
2.3.5 Creating an RFC-User (SAP BW)
Procedure
To carry out the activity, choose one of the following navigation options:
SAP BW Role Menu Creating RFC User
Transaction Code SU01
SAP BW Menu Tools  Administration  User Maintenance  Users
Then carry out the following steps:
1. On the User Maintenance: Initial Screen screen:
a. Enter the following data:
Field Entry
User RFCUSER
b. Choose Create.
2. On the Maintain User screen:
a. Choose the Address tab.
b. Enter the following data:
Field Entry
Last Name RFCUSER
Function Default-User for RFC connection
c. Choose the Logon data tab.
d. Enter the following data:
Field Entry
Password LOGIN
User type System
e. Choose the Profiles tab.
f. Enter the following data:
Field Entry
Profiles SAP_ALL , SAP_NEW and S_BI-WHM_RFC
g. Choose Save.
Do not change the password of this user as it is used in RFC connections.
2.3.6 Define RFC-USER as default (SAP BW)
Procedure
To carry out the activity, choose one of the following navigation options
SAP BW Role Menu Define RFC-USER as default (SAP BW)
Transaction Code RSA1
SAP BW Menu Modeling  Administrator Workbench: Modeling
1. On the Administrator Workbench: Modeling screen choose Settings  Global Settings.
2. In the Global Settings/Customizing dialog box choose Glob. Settings.
3. On the Display View RSADMINA Maintenance View: Details screen:
a. Choose Display  Change.
b. Enter RFCUSER in the BW User ALE field.
c. Choose Save.
Leave the transaction in order to activate the entries you have made.
3.3.2 Creating the Source System in the Administrator Workbench
Procedure
1. From the SAP Menu in the BW system, choose:
SAP BW Role Menu Creating the Source System in the Administrator Workbench
Transaction code RSA1
SAP BW Menu Modeling  Administrator Workbench: Modeling
2. Choose Modeling.
3. Choose Source Systems.
4. In the right-hand window mark Source Systems.
5. Choose the context menu (right mouse click).
6. Choose Create.
Field name User action and values
File System, Manual Meta Data, Data Using File... X
7. Choose Enter.
Field name User action and values
Logical source system FILE
Source system name File system
8. Choose Enter.
9. Choose Back.
Maybe you are looking for
-
Hi Folks, I'm creating a JAR file for my application. My app uses another JAR file and I want to package it inside my jar. I tried to use "Path-Class" attribute in MANIFEST.MF file but without success. Any help would be appreciate. TIA. Romualdo Rube
-
Not sure what else that I can provide here. This particular software function does not seem to work.
-
Sales order quantity gets confirmed Automatically
Dear All, I have make to order Scenario. i have done all setting required for MTO. however i create sales order my order quantity gets confirmed automatically. same time there is not stock available for material. plz suggest how to stop confirm qty.
-
I have downloaded Adobe CC and Lightroom apps. How do I get to the photoshop workspace
i have downloaded Adobe cc and lightroom apps. How do i get to the photoshop workspace
-
How to make Portal faster?
Hi all, The portal on which i am working has become very slow.It is NW04S Portal. It is taking a lot of time for processing. Can any one tell me <b>how to make my portal</b> <b>faster</b> by cleaning or any stuff. I vl award points if it is helpful t