User-authorized only values in matchcode

Hi people,
I get a strange behaviour of the BEx variable Input matchcode.
I implemented 2 Multiproviders, containing a common authorization on an characteristic. The authorization variable is "ready to Input".
In the first multiprovider, when I launch the query and hit the matchcode for this input, it displays all available values (but I can choose only the ones I get the role for). In the second, it only displays values user are authorized to select.
It's quite confusing for user, and I would like to find a way to harmonize this. Does anyone knows where is the trigger/checkbox to activate or deactivate this functionality?
Many thanks
sOnO

The harmonization goes through applying the same Authorization Objects to dependant InfoProvider

Similar Messages

  • How to check if the user has only the display authority of a message

    hi,
    How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
    Best regards,

    hi blake
    though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
    Basically Authorization Management 
    Use
    You can use the following authorization objects to control the authorizations for maintaining business partner data:
    •        Authorization objects for the Business Partner:
    •             B_BUPA_GRP
    •             B_BUPA_ATT
    •             B_BUPA_FDG
    •             B_BUPA_RLT•       
    Authorization objects for relationships:
    •             B_BUPR_BZT
    •             B_BUPR_FDG
    In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
    You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
    In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
    For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
    IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
    Prerequisites
    You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
    Moving over
    AS ABAP Authorization Concept 
    The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
    To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
    Authorization Checks 
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    •        Starting SAP transactions (authorization object S_TCODE)
    •        Starting reports (authorization object S_PROGRAM)
    •        Calling RFC function modules (authorization object S_RFC)
    •        Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    Starting SAP Transactions
    When a user starts a transaction, the system performs the following checks:
    •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
    •        The system then checks whether the user has authorization to start the transaction.
    The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
    •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
    •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
    If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
    •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
    The check is not performed in the following cases:
    You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
    This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
    •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
    •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
    All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
    Starting Report Classes
    You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
    We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
    You must consider the following:
    •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
    •     •         There are certain system reports that you cannot assign to any authorization class. These include:
    •     •         RSRZLLG0
    •     •         STARTMEN (as of SAP R/3 4.0)
    •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
    •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
    Calling RFC Function Modules
    When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
    Checking Assignment of Authorization Groups to Tables
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    please See also:
    •        SAP Notes 7642, 20534, 23342, 33154, and 67766
    guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
    but if u sit with ur BASIS guy then u can learn lot of things in PFCG
    i guess u r a basis guy,then its not a problem
    best regards
    ashish

  • Permitting user to choose value for a field only from F4

    Hi all,
       I have the following requirement in table maintenance generator.
       There is a custom field in the Z table for which table maintenance is generated to which a search help is attached.
       Now in the maintenance screen(SM30) i get a F4 value help for this field and also user can input values in this field. But the requirement is that the user should be able to select values only from F4 and should not be able to input any values.List box is not accepted.
    Thanks & Regards,
    Shafiq

    Hi Jon,
       Thank you once again. The issue is solved using the 'DYNP_VALUES_UPDATE' function module.
    I will put the code here for others to refer.
    ****ON THE SCREEN FLOW LOGIC*****
    PROCESS ON VALUE-REQUEST.
      FIELD /rb05/wwr_cr_t-mvgr4 MODULE value.  "Field on which F4 is required
    ****MODULE IMPLEMENTATION********
    *&  Include           /RB05/LYBW_WWRTTTI01
      DATA:
        l_fldval            LIKE help_info-fldvalue,
        l_repid             LIKE sy-repid,
        l_repid1            LIKE d020s-prog,
        l_dynnr             LIKE sy-dynnr,
        l_dynnr1            LIKE d020s-dnum,
        lt_return           LIKE ddshretval OCCURS 1,
        ls_return           LIKE ddshretval,
        ls_dynpread         LIKE dynpread,
        lt_dynpread         LIKE dynpread OCCURS 1,
        cnt                 TYPE i VALUE 0.
    MODULE value INPUT
      MODULE value INPUT.
        GET CURSOR LINE cnt.
        l_repid = sy-repid.
        l_dynnr = sy-dynnr.
        l_repid1 = sy-repid.
        l_dynnr1 = sy-dynnr.
        CALL FUNCTION 'F4IF_FIELD_VALUE_REQUEST'
          EXPORTING
            tabname           = space
            fieldname         = space
            searchhelp        = '/B05/OWWRW58'
            shlpparam         = '/B05/S_WWRW58'
            dynpprog          = l_repid
            dynpnr            = l_dynnr
            dynprofield       = '/RB05/WWR_CR_T-MVGR4'
            stepl             = 0
            value             = l_fldval
            display           = 'F'   "Force
          TABLES
            return_tab        = lt_return
          EXCEPTIONS
            field_not_found   = 1
            no_help_for_field = 2
            inconsistent_help = 3
            no_values_found   = 4
            OTHERS            = 5.
        IF NOT sy-subrc IS INITIAL.
          MESSAGE s398(00) WITH 'Call to Searchhelp failed'
            space space space.
          EXIT.
        ENDIF.
        CLEAR : ls_dynpread, lt_dynpread, ls_return.
        BREAK-POINT.
        READ TABLE lt_return INTO ls_return WITH KEY retfield = '/RB05/WWR_CR_T-MVGR4'.
        IF sy-subrc EQ 0.
          ls_dynpread-fieldname  = '/RB05/WWR_CR_T-MVGR4'.
          ls_dynpread-stepl      = cnt.
          ls_dynpread-fieldvalue = ls_return-fieldval.
          APPEND ls_dynpread TO lt_dynpread.
        ENDIF.
        READ TABLE lt_return INTO ls_return WITH KEY retfield = 'TXTSH'.   "Filling the related field
        IF sy-subrc EQ 0.
          ls_dynpread-fieldname  = '/RB05/WWR_CR_T-GB'.
          ls_dynpread-stepl      = cnt.
          ls_dynpread-fieldvalue = ls_return-fieldval.
          APPEND ls_dynpread TO lt_dynpread.
          CALL FUNCTION 'DYNP_VALUES_UPDATE'
            EXPORTING
              dyname               = l_repid1
              dynumb               = l_dynnr1
            TABLES
              dynpfields           = lt_dynpread
            EXCEPTIONS
              invalid_abapworkarea = 1
              invalid_dynprofield  = 2
              invalid_dynproname   = 3
              invalid_dynpronummer = 4
              invalid_request      = 5
              no_fielddescription  = 6
              undefind_error       = 7
              OTHERS               = 8.
        ENDIF.
      ENDMODULE.                    "value INPUT
    P.S: Points alloted.
    Message was edited by:
            Shafiq

  • Can I just limit user can only modify the x value of a point?

    In my effect, I add a point by using PF_ADD_POINT. But I just want user can only modify the x value, is this possible? How can I do it?

    hello shibin.chris! welcome to the forum!
    well, there's no switch you can flip to have such behavior, but you can:
    1. supervise the param, so whenever the user changes the value you can keep
    the X and restore the Y. (won't hold water in case of keyframing or
    expression)
    2. set an expression that would do the same.
    3. check the param at some events (such as the render call), and modify the
    keyframes and values if necessary. (won't handle expressions)
    that's all i can think of.

  • Analysis authorization - Authorizing Characterstic Values

    Hello all,
    We upgraded to BW (BI) 7.0 and thus have to use the new analysis authorization concept. While I have the documentation on how to create them and understand the, I'd like to know if there are any experienced users or experts who can assist.
    I have Marc Bernand's PowerPoint "An Expert Guide to New SAP BI features" and while they say that there is an "all or nothing rule" for viewing the query results, with the exception being for key figures and hierarchies, in the presentation (pg 21), it outlines that specific sales orgs can be assigned to the analysis auth (authorizing characteristic values) - this appears to contradict the 'all or nothing' rule if more than these sales orgs are in the query result.
    However, when I tested something similar in our dev environment for company code, if a specific company code is listed in the analysis auth (for the applicable characteristic), when I execute the report, I get a "you are not authorized", which is consistent with the new concept.
    My main question is that in order to restrict on specific company codes, plants, etc, are the choices to either use a hierarchy or a customer exit? Restricting it by assigning the values for the characteristic won't work. Thanks in advance for any help you can provide.
    Any help would be GREATLY appreciated.

    Hello Julie,
    It is not necessary to use Hierarchy or customer exit inorder to restrict the access based on company code.
    1. First of all make, Company code as authorization relevent in IO settings
    2. In RSECADMIN, create one authorization object. It is a good practice to include all SAP Technical objects also. Just click on Inster special characts.
    3. For the company code assign required value.
    4. Assign this authorization to user in USER tab
    5. In the report, If you want to defualt the value of company code, create one authorization relevent variable for company code. You can make this variable as ready for input/Not ready for input.
    6. Execute the report.
    The user will only get data related to authorized company code.
    Regards,
    Ravindra

  • Question on Authorized Selection Values in Bex

    Hi experts
    Heres a little background on my problem.... I am currently doing my authorization using variables and authorization only kicks in @ I_STEP = 0. Which is after the user excutes the query....
    Here comes the problem... at the selection screen, the user is only allowed to see authorized organization units (0ORGUNIT) in the selection variables... but instead it is showing either all values in infoproviders or all values in the masterdata.
    So knowing authorization only kick in @ I_STEP = 0, how do I only show authorized organization units in the selection variables?
    Points will be given with solution (please let me know if this cannot be done)
    Thanks!

    Thanks Tomer! Appreciate it!
    I manage to find out the implementation for this FM here.....
    Re: Example code for function pls

  • Error trying to run SSIS Package via SQL Server Agent: DTExec: Could not set \Package.Variables[User::VarObjectDataSet].Properties[Value] value to System.Object

    Situation:
    SSIS Package designed in SQL Server 2012 - SQL Server Data Tools
    Windows 7 - 64 bit.
    The package (32 bit) extracts data from a SQL Server db to an Excel Output file, via an OLE DB connection.
    It uses 3 package variables:
    *) SQLCommand (String) to specify the SQL Statement to be executed by the package
    Property path: \Package.Variables[User::ExcelOutputFile].Properties[Value]
    Value: f:\Output Data.xls
    *) EXCELOutputFIle (String) to specify path and filename of the Excel output file
    Property path: \Package.Variables[User::SQLCommand].Properties[Value]
    Value: select * from CartOrder
    *) VarObjectDataSet (Object) to hold the data returned by SQL Server)
    Property path: \Package.Variables[User::VarObjectDataSet].Properties[Value]
    Value: System.Object
    It consists out of 2 components:
    *) Execute SQL Task: executes the SQL Statement passed on via a package variable. The resultng rows are stored in the package variable VarObjectDataSet
    *) Script Task: creates the physical output file and iterates VarObjectDataSet to populate the Excel file.
    Outcome and issue:The package runs perfectly fine both in SQL Server Data Tools itself and in DTEXECUI.
    However, whenever I run it via SQL Server Agent (with 32 bit runtime option set), it returns the errror message below.
    This package contains 3 package variables but the error stating that a package variable can not be set, pops up for the VarObjectDataSet only.  This makes me wonder if it is uberhaupt possible to set the value of a package variable
    of type Object.
    Can anybody help me on this please ?
    Message
    Executed as user: NT Service\SQLSERVERAGENT. Microsoft (R) SQL Server Execute Package Utility  Version 11.0.2100.60 for 32-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  6:40:20 PM  DTExec: Could
    not set \Package.Variables[User::VarObjectDataSet].Properties[Value] value to System.Object.  Started:  6:40:20 PM  Finished: 6:40:21 PM  Elapsed:  0.281 seconds.  The package execution failed.  The step failed.
    Thank you very much in advance
    Jurgen

    Hi Visakh,
    thank you for your reply.
    So, judging by your reply, not all package variables used inside a package need to be set a value for when run in DTEXEC ?
    I already tried that but my package ended up in error (something to do with "... invocation ...." and that error is anything but clearly documented. Judging by the error message itself, it looks like it could be just about anything. that is why I asked my
    first question about the object type package variable.
    Now, I will remove it from the 'set values' list and try another go cracking the unclear error-message " ... invocation ...". Does an error message about " ... invocation ..." ring any bells, now that we are talking about it here ?
    Thx in advance
    Jurgen
    Yes exactly
    You need to set values only forthem which needs to be controlled from outside the package
    Any variable which gets its value through expression set inside package or through a query inside execute sql task/script task can be ignored from DTExec
    Ok I've seen the invocation error mostly inside script task. This may be because some error inside script written in script task. If it appeared after you removed the variable then it may because some reference of variable existing within script task.
    Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

  • Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only

    After installation fo ECC6,When I am trying to connect to visual admin,I am getting given below error.
    I am also not able to login to NWA
    Application cannot be started.
      Details:      
      com.sap.engine.services.deploy.container.ExceptionInfo: Naming error.
    System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    #1.5#C000C0A8016400010000000001A6B16F0004A600094A9828#1308418992937#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-13,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Cannot authenticate the user.#
    #1.5#C000C0A8016400020000000001A6B16F0004A6000C292AF0#1308419041078#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-24,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    #1.5#C000C0A8016400030000000001A6B16F0004A6001D1853B8#1308419325187#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-35,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    #1.5#C000C0A8016400000000000001CA1A680004A6008F78FF48#1308421244125#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-2,5,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    #1.5#C000C0A8016400010000000001CA1A680004A600919BB068#1308421279953#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-13,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Cannot authenticate the user.#
    #1.5#C000C0A8016400020000000001CA1A680004A6009220F598#1308421288687#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-24,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    #1.5#C000C0A8016400030000000001CA1A680004A60097A70598#1308421381359#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-35,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Cannot authenticate the user.#
    #1.5#C000C0A8016400040000000001CA1A680004A6009867E880#1308421394000#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-46,6,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Cannot authenticate the user.#
    #1.5#C000C0A8016400000000000001402EEB0004A600E643EE28#1308422700265#/System/Server/VisualAdministrationTool##com.sap.engine.services.adminadapter.gui.tasks.LoginTask#######Thread[Thread-2,5,main]##0#0#Error#1#/System/Server/VisualAdministrationTool#Plain###Error while trying to login to ecc6: Caller J2EE_ADMIN not authorized, only role administrators is allowed to access JMX#
    Any help would be highly appreciated.
    Thanks
    Sukrut

    Hello,
    If you have a installation of dual stack(ABAP + JAVA) system.. check in SU01 transaction if SAP_J2EE_ADMIN role is assigned to the J2EE_ADMIN user. If not, please assign it.
    For only JAVA stack systems, default administrator user is Administrator.
    thanks
    ashish

  • User defined field values doesnot show up in summary tab

    Hi,
    I have created my own stylesheet to display some of my user defined field values (associated with organization address book entry type) in the summary tab of the addressbook entry. But Groupwise 8.0 client FAILS to display any of the user defined field values in the summary tab FOR ONLY ORGANIZATION ADDRESSBOOK ENTRY types. NOTE: These organization addressbook entries are created using the C++ Groupwise object API. But the Advanced tab of these organization addressbook entry shows those user defined fields with values in it.
    Also Groupwise 8.0 Client is able to display the user defined field values in the summary tab for the PERSON ADDRESSBOOK ENTRY types, that are created using the Groupwise Object API. Also when I create a Organization addressbook entry using the Groupwise Client (NEW ORGANIZATION) and fill in the user defined field values using the Advanced tab or that addressbook entry, the summary tab displays those user defined field values.
    So there could be some problem in setting the user defined field value for the Organization address book entry using the Object API or it could be Groupwise 8.0 Client issue in displaying the user defined field values ONLY FOR ORGANIZATION ADDRESS BOOK ENTRY, WHICH ARE CREATED USING THE OBJECT API. I also tried to see the underlying XML data in the summary tab and that XML data is missing the USERDEFINEDFIELDS and CATEGORIES tag for the organization address book entry.
    I would like to know, if there is any need for special handling only for Organization addressbook entry in Groupwise 8.0 API. Any thoughts or help is really appreciated.

    Hi,
    Does anyone have an idea?? Think I have the same issue. Except, when I log in the client (ver. 802) then all the info is displayed. But when the user logs in on the same client and the same pc, he sees the xml info except the office address.
    Any help is greatly appreciated!
    Grtz,
    Joost Brenters

  • RMS stopped. Users told "only documents created in a signed application can be opened in a signed application"

    Hi
    I hope you can help and that this is the right forum.
    We have a RMS 1.0 sp1 server which has stopped working.
    Users get "only documents  created in a signed application can be opened in a signed application" when trying to protect a document in word or Outlook, and are unable to open previously protected documents.
    C:\Users\username\Local Settings\Application Data\Microsoft\DRM - only has the one file in it which is DRM-Machine. the .eul .CLC and .Gic files are missing from this folder.
    The server running the rms has an event id 82. " the callers machine certificate has a certificate chain that is not valid"
    I ran an irmcheck on the local machine which showed " No user Certificate"
    I can connect to the rms server urls , both licensing and certificate with no errors and IE shows the zone to be local intranet.
    Can anyone see what my problem might be and suggest why the workstations are not getting their certs and allowed protection? What else should I be checking?
    Best Regards
    Steen

    Hi
    Here is the answer which resolved my situation, I hope it helps yours.
    Guybrush-Threepwood I've marked your post as helpful as we had installed SP2 but it was not installed correctly and installing correctly was part of the solution.
    PROBLEM:
    Client began seeing the error:
    “Only documents created in a signed application can be opened in a signed application”
    On the server we were getting events:
    “The callers machine certificate has a certificate chain that is not valid”
    CAUSE:  
    Servers running RMS before SP2 can no longer get a valid Server Licensor Certificate.
    RESOLUTION:
    1. Install RMS v1 SP2 from:
    http://www.microsoft.com/en-us/download/details.aspx?id=14329
    2. Locate and then click the following key in the registry.
    For the enrollment URL on x86 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0\
    For the enrollment URL on x64 versions of Windows Server 2003:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\DRMS\1.0\
    3. On the Edit menu, point to New, and then click String value.
    4. Type EnrollmentURL, and then press Enter.
     5. On the Edit menu, click Modify.
     6. Type
    https://activation.drm.microsoft.com/enrollment/enrollservice.asmx, and then click OK.
     7. On the Edit menu, point to New, and then click String value.
    8. Type CloudGicURL, and then press Enter.
     9. On the Edit menu, click Modify.
     10. Type
    https://certification.drm.microsoft.com/certification/certification.asmx, and then click OK.
    11. Go into the RMS Web interface and renew the SLC
    HTH

  • Forcing a user to only select from Parameter LOV list

    Hi,
    I suspect that the answer is no but I'd appreciate clarification on the matter. I am wondering if there is any way to prevent a user entering a value into a parameter field - I want them to only select from the parameter's drop down LOV list. This will apply to Discoverer Viewer but would like to know if it could be done for Plus ( or not ) as well,
    Kevin.

    Hi Kevin
    Try changing the item class property called Require user to always search for values.
    According to my notes: This is unchecked by default. If you check this, Discoverer will launch the Search dialog box whenever a user clicks on the list of values. Should you have a large list of values, you may want to consider turning on this optionto making the LOV box pop up automatically.
    I am not convinced this will make the pop-up come up but it's worth a try.
    I'd be interested in hearing how you get on.
    Best wishes
    Michael

  • Restricting user to exclude values in selection screen

    Hi Everybody,
    I am facing a problem with f.m SELECT_OPTIONS_RESTRICT.
    I want to restrict user, so that he will only be able to exclude values (single, multiple or range) from a selection-option.
    The code snippet is as follows:
    item messages -> restrict selection
      opt_list-name = 'EXCLUDE'.
      opt_list-options-ne = 'X'.
      opt_list-options-nb = 'X'.
      APPEND opt_list TO restrict-opt_list_tab.
      ***-kind = 'B'.
      ***-name = 'A2'.
      ***-sg_main = 'I'.
      ***-sg_addy = ' '.
    ***-op_main = 'EXCLUDE'.
      ***-op_addy = 'EXCLUDE'.
      APPEND *** TO restrict-***_tab.
      CALL FUNCTION 'SELECT_OPTIONS_RESTRICT'
        EXPORTING
        PROGRAM                      =
          restriction                  = restrict
        DB                           = ' '
        EXCEPTIONS
         TOO_LATE                     = 1
         REPEATED                     = 2
         SELOPT_WITHOUT_OPTIONS       = 3
         SELOPT_WITHOUT_SIGNS         = 4
         INVALID_SIGN                 = 5
         EMPTY_OPTION_LIST            = 6
         INVALID_KIND                 = 7
         REPEATED_KIND_A              = 8
         OTHERS                       = 9
    But this is only including the single multiple and range value. Can anyone throw some light on it?
    Thanks
    Samit

    I took a look at the documentation of this FM to confirm what I was thinking:
    "You can also disable the function allowing users to enter values to be excluded from the selection (SIGN = 'E')."
    So I think this is trying to tell us that we can turn off the ability for the user to enter "exclude" but we cannot turn off the option for the user to enter "include" options.
    When you set ***-sg_main = 'I', it means that only "include" options are allowed.
    I think you will need to do your own validation.
    In the event AT SELECTION SCREEN you can do a LOOP on your selection option name and validate the users selections:
    LOOP AT SO_MINE.
      IF SO_MINE-SIGN NE 'E'.
        SET CURSOR FIELD 'SO_MINE-LOW'.
        MESSAGE E123.
      ENDIF.
    ENDLOOP.
    It has been awhile since I used this FM so please let us know how it goes.

  • How to deliver MM02 to user with only Bin Location editable.

    My user wishes to have access to change only the Bin Location field in MM02. How can we achieve this? or in other words how can we deliver MM02 to user with only the Bin Location field editable.
    My basis guy sees a possibility if we can some how provide the authorization objects of all the fields of MM02.Shall that be a practical approach. if yes, what is the way of finding the authorization objects?
    Regards,
    Alok.

    Hi,
    You can create a transaction variant in SHD0 for MM02.
    [Transaction variants|http://help.sap.com/saphelp_nw70/helpdata/en/7d/f639f8015111d396480000e82de14a/content.htm] simplify transaction flow by:
    -Inserting default values in fields
    -Hiding and changing the ready for input status of fields
    -Hiding and changing the attributes of table control columns
    -Hiding individual menu functions
    -Hiding entire screens
    Transaction variants are actually made up of a series of screen variants. The field values and field attributes for each screen in a transaction variant are stored in screen variants. Each variant is assigned to a transaction. Variants may, however, contain values for screens in multiple transactions, if transaction flow makes this necessary. The transaction the variant is assigned to serves as its initial transaction, whenever you start the variant.
    Both client-specific and cross-client transaction variants exist. Screen variants are always cross-client; they may, however, be assigned to a client-specific transaction.
    A specific namespace has been designated for cross-client transaction variants and screen variants and they are both automatically attached to the Change and Transport System. Client-specific transaction variants can be transported manually.
    Transaction and screen variants may be created for all dialog and reporting transactions. However, there are certain restrictions that apply to their use, depending on how their corresponding transactions have been realized internally.
    Transaction variants may not be created for transactions already containing pre-defined parameters (parameter transactions and variant transactions).
    The following sections contain additional information on how to create and maintain transaction variants:
    Maintenance
    Additional Functions
    Transport
    Regards,
    Srilatha.

  • How to make sure user type valid value? If valid -- Proceed

    Me develop a java console program.
    BufferedReader request = new BufferedReader(new InputStreamReader(System.in));
    String strpollutantNumber;
    int pollutantNumber;
    System.out.print("Enter pollutant number >> ");
    strpollutantNumber = request.readLine();
    pollutantNumber = Integer.parseInt(strpollutantNumber);
    I want to control my pollutant number and make it always valid. Let's say, pollutant number is between 1 to 4 only. If user press 5, system ask to re-enter valid value as follow
    Your pollutant number is invalid. Please re-enter.
    Enter pollutant number >>
    Did i need using loop at
    System.out.print("Enter pollutant number >> ");
    strpollutantNumber = request.readLine();
    pollutantNumber = Integer.parseInt(strpollutantNumber);
    or something..
    need help.

    so far, i want to control user input using
    while ( ......)
    user must enter value >=0.31 and <=0.39. if user enter value=0.29, it means this value is out from >=0.31 and <=0.39. see below program
    while(gramEmitted>=0.31 && gramEmitted<=0.39) {
    System.out.print("Your grams emitted value is not valid ... Please re-enter \n");
    System.out.print("Enter number of grams emitted per mile >> ");
    strgramEmitted = request.readLine();
    gramEmitted = Double.parseDouble(strgramEmitted);
    i want user will prompt >> Your grams emitted value is not valid .. Please re-enter \n
    Enter number of grams emitted per mile >>
    what i've now is when user enter value=0.29, the program not prompt the user to re-enter the value again.
    how to adjust
    while(*gramEmitted>=0.31 && gramEmitted<=0.39*) {
    System.out.print("Your grams emitted value is not valid ... Please re-enter \n");
    System.out.print("Enter number of grams emitted per mile >> ");
    strgramEmitted = request.readLine();
    gramEmitted = Double.parseDouble(strgramEmitted);
    Edited by: Delinda on Oct 21, 2008 11:26 PM

  • User Profile Option Values

    The concurrent report User Profile Option Values, is only site value levels. Are user level values more powerful, i.e. do they overide such values. How can I determine profile option values set at user level? Is there a similar report?

    hsawwan wrote:
    The concurrent report User Profile Option Values, is only site value levels. Are user level values more powerful, i.e. do they overide such values. A profile option can be set at one or more levels, depending on its hierarchy type. Most profile options use the Security hierarchy type, meaning that they can potentially be set at the four levels Site (lowest level), Application, Responsibility, and User (highest level). A higher-level option value overrides a lower-level value.
    How can I determine profile option values set at user level? Is there a similar report?Note: 367926.1 - How To Find All Users With A Particular Profile Option Set?
    https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=367926.1
    Note: 201945.1 - How to list E-Business Suite Profile Option values for all levels using SQLPlus
    https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=201945.1
    Do you know if the Utilities: Diagnostics is our powerful/risky profile option to grant a user in PROD, I cant find much information on it??

Maybe you are looking for

  • All my pictures have a red flag instead of the actual picture?

    I have tried to go on several sites and all the pictures or login bars are missing there is a small red flag in its place. It is fine in internet explorer just not firefox. How can I get the pictures back?

  • Printing photos I am confused, please help

    I am a little confused as to how to best send you the prints in the correct format. If I go through and under the edit function of each individual photo I want to send to be printed manually crop it and constrain it to 4X£ (as recommended by Apple) d

  • Photos app to Lightroom

    I tried out Apple's new Photos app and it grabbed iPhoto and Aperture libraries. I don't  like Photos and I want to get those photos into Lightroom. Any ideas how to do that? I already moved an Aperture library on another computer months ago, using a

  • ProDesk 600 create recovery disks - use usb instead

    We have just received some HP Prodesk 600 desktop pcs - K1t26AW#ABA - running Win 7 Pro 64 bit - and would like to make system recovery media.  The HP program installed has only the option to make recovery disks and requires dual layer DVD's to be us

  • Can A Rectangular Drop Zone Be Distorted?

    Occasionally when I drop a photo on the menu to create a drop zone I would like to distort it slightly to give a feeling of perspective . . . . . as though the picture were at a slight angle (not to be confused with rotating the image). Is it possibl