System Landscape security

Similar Messages

• You do not have permission to view the System Landscape Directory.

  Hello there,
  When I accessed my SLD from portal, it took me to the page but kept saying:
  - You do not have permission to view the System Landscape Directory. Minimum required: UME role with permission com.sap.lcr.LcrUser and J2EE role LcrUser. See the SLD Post-Installation Guide for details
  - SLD not configured; configure the SLD in Administration first.
  I searched on these forums for the above error. Got some results, but nothing really substantial that has helped/fixed my problem.
  I also read a bit on SLD from the pdf file named: System Landscape
  Directory of SAP NetWeaver 2004s
  I also worked on the security roles and actions to individual
  users or user groups like for ex: the above pdf file advised I map the security roles from Visual Administrator, to the created roles in the portal. I've done that too. Like create a user group: 'SAP_SLD_ADMINISTRATOR'  and create a user role corresponding to it, which would be: 'LcrAdministrator'
  Then, I went to visual administrator, and clicked on 'Assign User Groups to Roles'
  Even after this, I tried to access the SLD from portal: It is still giving me the same error I mentioned above in bold italics.
  Can somebody please help me how to fix this issue?
  Thanks
  Dino.

  Graham:
  Thank you very much for making the effort to reply to my query.
  But, it still hasnt solved my problem yet.. for some reason even though I followed your instructions and did what you advised. 
  I have attached a screenshot of my Visual Administrator screen that you advised me to modify/change.
  Here it is: http://img166.imageshack.us/img166/2259/screenshot002co1.jpg
  After I made the changes, I restarted the J2EE server and went to my portal SLD page: [http://org-x:50000/sld]
  Tried authenticating usernames: LcrAdministrator and Administrator.
  Both attempts resulted in the same error show below:
  - You do not have permission to view the System Landscape Directory. Minimum required: UME role with permission com.sap.lcr.LcrUser and J2EE role LcrUser. See the SLD Post-Installation Guide for details
  - SLD not configured; configure the SLD in Administration first.
  I am wondering, if you would have another workaround regarding this issue, can you please let me know?
  Thanks
  Dino.

• System Landscape directory not available error,

  I am still a beginner, and I am having some slight trouble understanding, what tools would be needed, and how to install. I am using the forums.
  We have the MII Discovery Server up and running.
  NWDS Server installation is done.
  We have the MII track ready to be used for Development(SLD URL is available) , Userid and password available
  I am working on installing the NWDS 7.3 Developer Workspace.
  Would I also need to do NWDS Server install on my laptop?
  Would these steps be sufficient?
  1. Download and install JDK 1.6
  2. Copy the file nwds-extsoa-7.3-SP00-PAT0000-win32.zip from:
  <your download location>\51039309\DATA_UNITS\JAVA_IDE\distros\com.sap.netweaver.developerstudio.distribution.complete.extsoa\8.30.0.101020102100
  to a convenient folder.
  3. Extract the content and you will have a folder with name eclipse.
  4. Launch the Netweaver Developer Studio from folder eclipse, you may want to create a shortcut on the Desktop.
  5. If you haven't maintained JAVA_HOME property or if it's pointing to some other java version, eclipse will complain about it. In the dialog window locate the JDK 1.6 installation. Path to JDK 1.6  should be something like
  C:\Program Files\Java\jdk1.6.0_25\bin
  6. Restart the NWDS after this and select a suitable workspace.
  7. Set the run time engine in NWDS, by going through the menu path:
  Window->Preferences->SAP AS JAVA
  Question:
  1. I am unable to Set the run time engine in NWDS, please could  you give me details steps with what I would need to enter for Instance Hostname and Instance Number...etc
  2. As part of Development installation do I have to Modifying the Logon Page? Do I have to go thru the Server installation in order to start developing on eclipse environment?
  I do not have the war file. How do i  Copy the war file tcsecumelogonui.war from
  <Installation drive>:\usr\sap\<SID>\J00\j2ee\cluster\apps\sap.com\com.sap.security.core.logon\servlet_jsp\logon_ui_resources\tcsecumelogonui.war
  3. System Landscape directory not available error,
      In the Component Browser when I right click and select New u2013 Development Configuration u2013 Import From System Landscape Directory (SLD) u2013 Next (Enter UserID and Password)
  Thank you

  Hello,
  For the SLD error, please,  configure SLD following as per this docuemtnation:
  http://help.sap.com/saphelp_nw04/helpdata/EN/bb/c2b6421a75da11e10000000a155106/frameset.htm
  Regarding the settings to enter NWDS to connect to AS Java, you have to enter the java instance data so that NWDS can connect to it in order to make deployments, etc....
  Please, see also the following documentation that explains stp by step how to work with NWDS.
  http://help.sap.com/saphelp_nw04/helpdata/en/fe/a3996fa314f94f8a0c3475b08636d0/frameset.htm
  I hope this helps you.
  Regards,
  Blanca

• System Landscape in EP6.0 SP9 (Urgent ..)

  Hi,
  We have installed EP6.0 SP9 on Win 2003 and Oracle.
  After instalaltion I Created the System Landscape for R/3 Server. I maintained the Connector Properties,User Management Properties. Then i tested by creating the Transaction Iview after maintaining the USer Mapping Details. The Preview is working if i select the WINGUI.
  Then i Tried to Test the Connections by Rightclick on the System Landscape Name. in that I tried to test the Connector Testing Option.
  But the Test is getting failed by stating that the User Mapping and Connector Settings are wrong please check.
  But when i see the preview of the Transaction it is working.
  Secondly, I wanted to confirm about the SSO.
  For SSO, and WEBGUI, I hope we require the ITS Instance in the Enterprise Portal. Is this Right?
  In R/3 our Kernel Release is 6.40 and SAP_BASIS Release is 6.20 R/4 version 4.7
  Here do i need WP_PI 6.0.620 Plugins or PI_BASIS_640?
  As per the Note 655941 it says WP-PI is no longer delivered as of ABAP BASIS version 6.40. ( Here we are bit confused )
  Please Help us..
  Thanks & Regards
  Sumanth

  Hi Sumanth,
  About SSO - There are different ways to enable single sign-on, user-mapping in portals is one of them and SAP Logon tickets is another. For each of these methods, refer portal security guide (service.sap.com/security). ITS or WEBGUI has got nothing to do with SSO in a direct manner.
  About WEBGUI - You require ITS if you are going to use WEBGUI and since your R/3 kernel is 6.40 you have the option of using integrated ITS which has the option of webgui. Follow the link below for documentation for the same.
  http://help.sap.com/saphelp_nw04/helpdata/en/54/4d9993c6592941a407313a6763575c/frameset.htm
  ITS instance will never be on the portals, you will either have to use the integrated ITS or the separate standalone installation of ITS 6.20. Either way, while creating iViews for connecting to ITS system, make sure you use the GUI for HTML option.
  About the SAP note - A portal plug-in is required if you want to enable SSO using Logon tickets, and your R/3 version is 4.6C or less. In your case portal plug-in is not required. Refer portal security guide for more details.
  About your error - you have not mentioned the exact error message, but I guess, it is something about your user mapping.
  Regards,
  Aniket

• SAP System Landscape Directory (SLD) Privileges

  Hello everyone,
  I'm not really sure if this is the correct place to start this discussion, but any help and support is really appreciated.
  The question is as follows: is it possible to define object privileges in SLD such as Products, Software Component Versions, Technical Systems and Business System for example, to define which user can modify a Technical System? I assume there's is a way by role and groups on the UME to define privileges to display or modify objects in whole SLD, but I don't know if on a lower level this is possible.
  thanks in advance for help and support.
  Regards,
  Julio Cesar

  Hello Julio,
  I am not sure if you can define certain UME actions for objects within the SLD. These objects are usually maintained by a SLD administrator. There is however a way to create a new UME role and assign new SLD action to it.
  In your Web browser, enter the URL of the Identity Management using the following format:http://<host>:<port>/useradmin .
  Create user groups and UME roles of your choice and assign each UME role to the appropriate user group(s) as well as to the UME action(s). You can use the predefined UME roles as a template so create your own UME roles (as descibed in the table above).
  If you want to create a UME role for SLD content synchronization or for SLD administration, you need to assign the Destination_Service_Write_Permission  UME action, which belongs to thetc~sec~destinations~service service, to your own UME role.
  For more information about which UME actions there are available I suggest to use the following site:
  Configuring SLD Security Roles - Security Guide for the SAP System Landscape Directory - SAP Library

• What does Adapter engine pick from system landscape directory? Kindly help!

  Hi experts,
        What does Adapter engine pickup from system landscape directory? In other words, what data adapter engine need from SLD?
  Kindly give examples.
  Thanks
  Gopal

  Hi,
  To add, Integration server picks the URL of the various Adapter Engines form SLD and caches it in AE Cache(You can view the Cached URL in SXI_Cache).
  In SLD u can go to Content Maintanence and check the Adapter FrameWork Instance and get the URL for the AE's for Secure and non-secure communication.
  Regards,
  Sudharshan

• Windows & File System Repository - security issues

  Hello,
  I got a strange behavior in EP 6 SP 2 using KM and Windows file systems. Here is the scenario:
  - I created a Network Path and a File System Repository pointing to a Windows 2003 File System, following the portal help instructions. Both EP6 server and Windows 2003 server are in the same domain.
  - according the KM Monitor, the repository is up and running
  - the portal users can access their respectives folders in the file system after having their uids / passwords mapped in the user mapping option
  - the portal is assuming the permissions (read & write & list folder & etc) from windows
  So far it seemed to be everything ok - but after some tests we got the problem:
  - user "A" has his uid/pwd mapped in portal, and read & write access to the file system "dept_folder". He can access the folder through a KM iview, with r/w privileges.
  - user "B" has his uid/pwd mapped in portal, and ONLY read access to the file system "dept_folder". He can access the folder through an KM iview, with read privileges.
  - and here comes the problem: if user "A" is logged, and user "B" replaces his uid by user "A" uid in the user mapping (only the uid, the password doesn't matter) he can access the file system "dept_folder" with the same privileges than user "A".
  I looked in SDN, SAP Notes and SAP Portal Help trying to find an article related to this, no success so far. We have CM Patches 2 & 3 applied, and Patch 4 doesn't have any comment about this specific security problem.
  Has someone already face this problem ? Or could be something wrong in my configuration ?
  Rgds, and tks in advance
  Fernando Cervantes

  Hi David
  The same occurred here, I think I know the reason. Let me just give you an overview of my configuration:
  Network Path id          ccc-ccc1fs-drive_i
  Description *            DRIVE I - CCC1FS Server
  Network Path *       
  ccc1fs\Drive_I
  Password           *********
  Re-Enter Password      *********
  User *            ccc\service
  The user was provided by the Windows administrator and has full control for this folder.
  File System Repository
  Description                  File System drive_i CCC1FS Server
  Prefix *                 /ccc-ccc1fs-drive_i
  Root Directory *            //ccc1fs/drive_i
  Windows Landscape System       Windows
  ACL Manager                Not set
  Security Manager          W2KSecurityManager
  The important here is the Security Manager configuration - it must be W2KSecurityManager, otherwise you will have the user permissions overrided by admin user permission. And you will need to configure a Windows system landscape too.
  I hope this can help you...concerning the bosses, I got the same situation, I said the whole stuff would work fine
  Rgds,
  Fernando

• [Request] Move Windows Control Panel applet from "System and Security" to "Programs"

  The "Flash Player (32-bit)" Windows Control Panel applet should be  moved from "System and Security" to "Programs" where the Java applet is.
  Vote: https://bugbase.adobe.com/index.cfm?event=bug&id=2953107
  Thanks

  njb,
  Why not just run the ThinkVantage System Update and let it install as usual. You can also "un-check" those drivers that you don't want to install.
  *Non Lenovo employee*
  I have a Y2P (i5) ... Feel free to ping me if you want me to test some applications with your Y2P if you have the same model. I don't mind keep doing recovery on it if needed .... =)

• System and security control panel

  Could someone with a W520 take a screenshot of the lenovo apps in their "system and security" section of control panel please. I am doing a ground up install from bare windows 7 to get rid of the preloaded SQL server 2005 and adding back the programe I want.
  Just want to seee what came preloaded.
  Thanks

  njb,
  Why not just run the ThinkVantage System Update and let it install as usual. You can also "un-check" those drivers that you don't want to install.
  *Non Lenovo employee*
  I have a Y2P (i5) ... Feel free to ping me if you want me to test some applications with your Y2P if you have the same model. I don't mind keep doing recovery on it if needed .... =)

• SOLMAN 4.0 SR2 connect to SAP R/3 Three System landscape (DEV QA and PRD)

  Hi,
  We have successfully installed SOLMAN 4.0 SR2 (ABAP + JAVA) on
  WIN2003 SP2 EE MSSQL 2005 EE SP1.
  I just want to activate the service so that SOLMAN could see my existing SAP R/3 4.6 C Three system landscape (DEV QAS PRD).
  I heard settings should be done on SPRO IMG configs. Could anyone tell me the exact procedure to navigate on it. I see a lot of buttons to config and execute, Just want to make sure everything will be in order.
  My SLD is directly installed locally on my SOLMAN server.
  Thanks,
  Simoun

  Hello Simoun,
  Telling from your last sentence I assume that you would like to connect SolMan (transaction SMSY) to your locally installed SLD or in other words: replicate SLD system data into SOLMAN system landscape SMSY.
  Please check this document:
  http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000538663&_SCENARIO=01100035870000000202&_OBJECT=011000358700000530282007E
  Here you find information covering prerequisites, required SAP Solution Manager IMG configuration to connect SLD and SMSY and frequently ask questions (FAQ-like).
  I hope this helps you to get started.
  Regards,
  Doreen

• Doubts in System Landscape Directory

  Hello All,
  I got some basic doubts in SLD.
  Why do we need to store the information about the installed products and to be installed products in software catalog?
  And, what is this techncal system?
  After reading few help sites, what I understand is the following:
  For example SAP is a product and  CRM etc are the software components. We create the technical system for this product like for client 100 we create a technical system and for client 200 we create another technical system. And we give some logical names, called business sytems, to these technical systems.
  My second question is, why do we need to create all these information(the information in SLD)? Why cant we directly create messages types, message interfaces etc and configure them in Integration directory without using the information in SLD like business system?
  In Integration Directory, we say that the sender is one Business System and receiver is another business system. These business system are created based on some technical systems. These technical systems are based on some software components and product. This product and the software component might be a installed or non installed product. Then how do we can get the connection between the sender and the business system? Can you please explain me the idea behind considering the sender and reciever as business systems.
  Can anybody please clear the above doubts?
  Priya

  Hi Priya,
  <u><b>SLD:</b></u>
  The System Landscape Directory of SAP NetWeaver (SLD) serves as a central information repository for your system landscape. A system landscape consists of a number of hardware and software components that depend on each other with regard to installation, software updates, and demands on interfaces.
  - so talking about the working of an SLD, here if any information is required for the integration server regarding the systems(logical or physical) and the software (installed products) it refers to the SLD.
  - to tell you about the other features it has....it captures the dimensions of the system landscape like solution dimension, transport dimension and technical dimension.
  - putting it in short XI IS A CLIENT OF SLD
  Also go thru this link and understand more about SLD <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/31/f0ff69551e4f259fdad799a229363e/frameset.htm">System Landscape Directory</a>
  <u>
  <b>SOFTWARE CATALOG:</b></u>
  The SLD contains a Software Catalog of all installable SAP products and software components. The Software Catalog includes information about support packages and dependencies between the products and software components. This information is the basis for the description of the system landscape.
  Also go thru this link and understand more about Software Catalog <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/a2/2999ef97ea2b4790165f9ca5c05c41/content.htm">Software Catalog</a>
  <u><b>TECHNICAL SYSTEM, BUSINESS SYSTEMS, SOFTWARE PRODUCTS:</b></u>
  Technical system correlates the software to the physical host on which it is installed
  Or in other words Technical systems are application systems that are installed in your system landscape.
  - they are actually the basis for defining the business systems.
  - we assign a technical system to a business system to help the SLD make the appropriate association.
  - the software products used by the business system are got from the technical system definition.
  - to note 1 technical system can have more than one business system assigned to it....and as told the SLD make the appropriate association between them.
  Also go thru this link and understand more about each of it:
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/24/8fa93e08503614e10000000a114084/content.htm">Technical Systems</a>
  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/42/c817d9d2296bb2e10000000a1553f6/content.htm">Business Systems</a>
  <a href="/people/sap.india5/blog/2005/11/03/xi-software-logistics-1-sld-preparation Preparation</a>
  Regards,
  Abhy

• Unable to read software component versions from System Landscape Directory

  Hi XI,
  Once I could import software component version but now I can't. Maybe I did something wrong in SLD.
  Could you please give me some hints?
  Thanks,
  Bruce

  hi,
  i have also problem with "import software componenet version "
  i got a message like
     "unable to import software component version from
  system landscape directory ......."
  than i gone for SLDCHECK...i got an error it is ............
  calling function LCR_LIST_BUSSINESS_SYSTEM
     Retreiveing data from the sld server function call returned   exception  code 4
    connection to sld does not work
    check sld function and configuration
  what that i have to do ...to make it work ....please give me any solution for that please give me detailed info
  with regards
  Edited by: praneeth mamgunta on Jun 27, 2008 4:04 PM
  Edited by: praneeth mamgunta on Jun 27, 2008 4:07 PM

• Unable to read software component version from System Landscape Directory "

  I've worked in past creating/importing SWCV, but this is new system PI7.0 and stuck.
  A) Is my understanding on resolution correct?
  Should I go and apply notes 940309 and create client copy of existing client 001
                                      OR
  change role of client 001; SXMB_ADMIN -> 'Integration Engine Configuration' to 'Integration Server'
  I have no problem in using client 001 as Integration server, all I want is import of SWCV to work. Thanks. Appreciate the help.
  B) Here is what I have done and the error:
  1) Followed weblog below and created product, software component, technical system, business sytem in SLD.
  /people/srinivas.vanamala2/blog/2007/02/05/step-by-step-guide-xml-file-2-xml-file-scenario-part-i
  2) When I import the SWC from integration repository getting error
  (Unable to read software component version from System Landscape Directory "server:5<system number>00").
  C) Pointers used from the forum to debug the issue, but still no luck
  Below are the points checked from the forum and all steps are correct, but still have issues with the import
  1) check the RFCs SAPSLDAPI, LCRSAPRFC, connection test pass as the program ID registered with Jco
  2) T-code SLDCHECK no errors (followed http://help.sap.com/saphelp_nw04/helpdata/de/78/20244134a56532e10000000a1550b0/content.htm)
  3) T-code SLDAPICUST got user PIAPPLUSER, pwd is correct (reset the pwd)
  4) logged using PIAPPLUSER http://server:port/sld and it works
  5) One of the weblog SLD Check Failed (LCR_LIST_BUSINESS_SYSTEMS function doesn't work) referred to apply notes 940309
  Notes: 940309
  You are installing 'SAP NetWeaver 2004s SR1 ABAP+Java' Usage Type 'NetWeaver Process Integration (PI)'.
  You don't want to use the default client 001, but another client as Integration Server.

  applied portion (PIPostInstallProcess) of OSS notes 940309 and it resolved.
  Note:
  I still retained client 001 and didn't do client copy as mentioned in the notes. The wizard based CTC tool helped. Here are the details if someone has similar issue and want to know further details:
  A NetWeaver Process Integration (PI) Installation (ABAP+Java) has two parts: Installation and configuration. The former is done by the Installer, the latter by the 'Central Template Configuration' (CTC) Tool.
  http://help.sap.com/saphelp_nw04s/helpdata/en/14/39084136b5f423e10000000a155106/frameset.htm
  1.      Call the wizard-based configuration tool as described in Configuration Wizard.
         2.      Select the scenario PI and the task PIPostInstallProcess.
         3.      Choose Execute.
  A list of the steps to be executed by the wizard is displayed.
         4.      Choose Install.

• Unable to read software component versions from System Landscape

  Dear all,
  I have an ECC system with ABAP and Java installed.
  I already configured so that SLDCheck, RFC destination configuration run successfully.
  PIAPPLUSER is not locked and can logon.
  However, when I import software component version in Integration Builder, the system return error message "Unable to read software component versions from System Landscape Directory "Server:50000".
  Please tell me how to correct this error.
  Giang

  Hi,
  Check this
  http://****************/Tips/XI/SWComponentError/Resolve.htm
  "Unable to read software component versions from System Landscape Directory
  Unable to read software component versions from System Landscape Directory
  unable to import from SLD
  Regards
  Seshagiri

• ChaRM: 4-System-Landscape possible?

  Hello,
  regarding our system landscape we have no clue how ChaRM will handle following situation
  DEV-System: Development-System were the developments should be done.
  QAS-System: Test-System were the tests should be done.
  FNC-System: nothing to do here, just for functional tests
  PRD-System: Production System
  Transport routes are DEV -> transport group which deliveres QAS and FNC, and from QAS -> PRD.
  What needs to be done to set this up correctly for ChaRM (e.g.: SMSY-logical components)?
  Thanks in advance.

  Hi
  You have two options:
  1) assign FNC to task list: you can start the import to this system in the task list manually
  2) or task list without FNC: you can schedule a job 'import all' at FNC or import manually via STMS
  Confiiguration:
  1) One log. component with D-Q-FNC-P (Q and FNC are of role target systems)
  2) One log. component with D-Q-P
  regards
  Andy