User has no ICF authorization ALC_ADMN

Similar Messages

• FTP_CONNECT: User ------- has no access authorization for computer -------.

  Hi, could anyone please help me resolve the following issue:
  When i run the code below, it comes back saying "could not connect to "host". When tried to run in debug or test the FM "ftp_connect" it says "user ..... has no access authorization for computer .....
  REPORT  ZALB_FTP_TEST.
  types: begin of t_ftp_data,
           line(132) type c,
         end of t_ftp_data.
  data: lv_ftp_user(64)                value 'branch'.     "change this
  data: lv_ftp_pwd(64)                 value 'careful'. "change this
  data: lv_ftp_host(50)                value '10.50.1.199'.     "change this
  data: lv_rfc_dest like rscat-rfcdest value 'SAPFTP'.
  data: lv_hdl    type i.
  data: lv_key    type i               value 26101957.
  data: lv_dstlen type i.
  data: lt_ftp_data type table of t_ftp_data.
  field-symbols: <ls_ftp_data> like line of lt_ftp_data.
  *describe field lv_ftp_pwd length lv_dstlen.
  lv_dstlen = strlen( lv_ftp_pwd ).
  call 'AB_RFC_X_SCRAMBLE_STRING'
    id 'SOURCE'      field lv_ftp_pwd
    id 'KEY'         field lv_key
    id 'SCR'         field 'X'
    id 'DESTINATION' field lv_ftp_pwd
    id 'DSTLEN'      field lv_dstlen.
  call function 'FTP_CONNECT'
    exporting
      user            = lv_ftp_user
      password        = lv_ftp_pwd
      host            = lv_ftp_host
      rfc_destination = lv_rfc_dest
    importing
      handle          = lv_hdl
    exceptions
      not_connected   = 1
      others          = 2.
  if sy-subrc ne 0.
    write:/ 'could not connect to', lv_ftp_host.
  else.
    write:/ 'connected successfully. session handle is', lv_hdl.
    call function 'FTP_CONNECT'
      exporting
        handle        = lv_hdl
        command       = 'dir'
      tables
        data          = lt_ftp_data
      exceptions
        tcpip_error   = 1
        command_error = 2
        data_error    = 3
        others        = 4.
    if sy-subrc ne 0.
      write:/ 'could not execute ftp command'.
    else.
      loop at lt_ftp_data assigning <ls_ftp_data>.
        write: / <ls_ftp_data>.
      endloop.
      call function 'FTP_DISCONNECT'
        exporting
          handle = lv_hdl
        exceptions
          others = 1.
      if sy-subrc ne 0.
        write:/ 'could not disconnect from ftp server'.
      else.
        write:/ 'disconnected from ftp server'.
      endif.
    endif.
  endif.
  Thanks in advance for the help.

  It doesn't work for me if I just maintain * entry.
  But it works after I maintained specific IP address into the table,
  ref notes:2072995 - User has no access authorization for computer
  Cause
  The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
  support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
  Resolution
  1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
  2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.

• (104) RFC_ERROR_SYSTEM_FAILURE: User has no RFC authorization

  Hello Guru's
  I am getting the followong error when trying to open the BI reports.
  The initial exception that caused the request to fail was:
  User has no RFC authorization for function group SDIFRUNTIME.
  com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: User has no RFC authorization for function group SDIFRUNTIME.
  at com.sap.mw.jco.MiddlewareJRfc.generateJCoException(MiddlewareJRfc.java:455)
  at com.sap.mw.jco.MiddlewareJRfc$Client.execute(MiddlewareJRfc.java:1442)
  at com.sap.mw.jco.JCO$Client.execute(JCO.java:3979)
  at com.sap.mw.jco.JCO$Client.execute(JCO.java:3416)
  at com.sap.mw.jco.JCO$Repository.execute(JCO.java:20471)
  I have no clue what is the reason I am getting the error.
  Please help me out in this.
  Regards,
  Pramod

  Hi,
     This is due to BI system authorization issues. You need to give/get proper authorizations to the BI user id with which you are connecting to back end via JCO connection. You have to assign additional roles to this user id to resolve this issue.
        If you are working on client environment you have to contact back end (BI) security administrator to get more authorizations. If you provide the error message to them, they will know which role to assign.
       If you are working in sandbox environment assign SAP_ALL. This will resolve the issue.
      I hope it helps..

• User DOMAIN / user has no access authorization for computer IP_address

  Dear Forum,
  When running a function module FTP_CONNECT with RFC destination SAPFTPA (in SM59). I always get a message "User <DOMAIN>/<user> has no access authorization for computer <IP_address>". Trying it with IE, I have no problem.
  There is always an event viewer security failure log when I try it:
  ===========================================
  Logon Failure:
       Reason:          Unknown user name or bad password
       User Name:     <user>
       Domain:          <DOMAIN>
       Logon Type:     8
       Logon Process:     IIS    
       Authentication Package:     MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:     GDCS009D
       Caller User Name:     GDCS009D$
       Caller Domain:     ERP
       Caller Logon ID:     (0x0,0x3E7)
       Caller Process ID:     968
       Transited Services:     -
       Source Network Address:     -
       Source Port:     -
  For more information, see Help and Support Center at
  ===========================================
  Please help....
  Regards,
  Agoes

  Hi ,
  Each and every SAP client ( as it is client dependent)
  Go to SE16
  Table name : SAPFTP_SERVERS
  Go to Menu TABLE ---> Create new entries
  FTP SERVER NAME  *
  FTP SERVER PORT 21
  Save
  Regards
  Venkat

• User has no RFC authorization for function group.

  Hi expert,
  I am calling a new function module  from the WebDynpro Java that is causing an issue that User has no RFC authorization for function group. if the user doesn’t have proper authorization like SE37 Transactions Code and others.
  But there is some more existing function module in the same application that is working fine without having above issues with same access.
  I am passing the USERID as input in the function Module and execute simply.
  So can you please tell me the Way to handle it?
  I will really appreciate your answer.
  Thanks
  Ali

  Hi Rali,
  I think,there is problem with ur JCO connection..
  Please check the following steps -
  1. Go to transaction SM59.
  2. Choose Create.
  3. Enter the following:
  RFC destination: SAPSLDAPI
  Connection type: T (Start an external program via TCP/IP).
  4. Choose Enter.
  5. Choose Technical settings and specify the following data:
  a. Select Registered Server Program as the activation type.
  b. Enter the program ID of the SAP J2EE Engine that acts as the RFC server. Enter SAPSLD_xyz (xyz is the SID of SAP J2EE Engine Server.)
  c. Enter the gateway host and the gateway service of R/3 server
  d. If the system is a Unicode system, navigate to Special Options and select the option
  Non-Unicode or Unicode in the section Character Width in Target System according to the gateway
  server.
  6. Save your entries.
  Now
  1. Go transaction SLDAPICUST.
  2. Switch to editing mode and choose Insert Row. Specify the connection parameters of the J2ee server ,
  Host name,  port Number, user  and password -  and set this SLD server as Primary.
  Only the entry marked as Primary is active.
  Please check whether there is entryof r/3 server in  the j2ee server /etc/services folder.If no entry is there then add -
  R/3server   port/TCP
  in the service file.
  Please check the  r/3server service folder and host folder  - do they have entry of java server, if no add the entry in the same way as done above for j2ee server.
  Also check the Group ,that u have entered for r/3 server in SLD exist in R/3 server or not if not add it....
  I hope this will help you ...
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Thanks,
  Gunja
  Edited by: Armin Reichert on Apr 26, 2008 6:35 PM

• IDOC Scenario - User  has no RFC authorization for function group EDIN

  Hi all,
  I'm trying to configure an IDOC scenario from ECC to XI.
  RFC's, ports and destinations already configured. On WE19 I'm creating an IDOC for testing the scenario. The IDOC is sent successfully, and it stops on TRFC Monitor with error "User PIRFCUSER has no RFC authorization for function group EDIN." .
  Some of you knows what authorization is needed? Basis team said the roles are the same at DEV environment, and there this scenario works fine.
  Thanks for your help.
  regards.
  Roberti

  Hi,
  Check with PIRFCUSER user , that is having the right authorization or not ..
  And make sure that this user is present in the system & it should  not locked.
  to check that user is present or not-----goto su01 of the system & check
  Regards
  Seshagiri

• User  has no RFC authorization for fun ction group EDIN

  Problem
  Posted: Aug 11, 2005 1:57 AM        Reply      E-mail this post 
  Hi all
  I am trying to send idocs from R/3 to R/3.
  In WE05 I can see STATUS 3 for the test IDOCS Iam sending through WE19.
  But in SM58 I am seeing the following error.
  User <username> has no RFC authorization for fun ction group EDIN .
  Could somebody suggest me a way to solve this problem.
  Thankyou

  I think you need to have S_TRANS_RFC authorisation.
  OR
  In the profile, you need to add the function group.
  Sorry I do not remember the profile name.
  Message was edited by: Vinod C

• UWL:User  has no RFC authorization for function group SDIFRUNTIME .

  Hi,
  In portal, while registering the system in UWL , I am getting this error:
  (Connector) :com.sap.mw.jco.JCO$Exception:User <userid> has no RFC authorization for function group SDIFRUNTIME .
  I have given the permission to the user id as owner for the system, with which I am logged in, and registering the system.
  It is also confirmed, that in the backend, the same user has authorization for the said RFC.
  Please help as it is urgent.
  Thanks,
  Sonali
  Edited by: Sonali M S on May 30, 2008 6:32 AM

  Hi Sonali,
         If your component is a webdynpro component, back end system is accessed via a logical system / JCO Destination. User id ( Lets say JCOUSER) and password is given for accessing backend via this JCO connection. This user id is different from particular user's backend user id. Verify whether JCOUSER has required authorizations in backend.
       I hope it helps.
  Regards,
  Uday.

• User has no RFC authorization for function group SYST

  Hello Experts,
  I have created one user in portal and given role which is also created by me. Role will give access to iview which consists of list WAD report link. User can access report by clicking external link.
  When i have given that role to my user id it's running fine when I gave to another end user id then it is giving error no access to report " report name". For this i have created one role for this report in ABAP and assigned to user, then also it's giving error. I have assigne profile S_BW_RFC.
  Can you tell me what are the authorizations/roles/profiles to be assigned to correct the error?
  Thanks in advance,
  Venky

  Hi Venky,
  Sometimes creating roles is not easy if you don't know exactly whicho objects you have to include.
  One useful way to design roles is to use System Trace (Transaction ST01).
  1) Activate "authorization check" trace for user with full permissions to execute your process (Add user filter from ST01)
  2) Execute all actions that final user should execute
  3) Stop trace and evaluate all objects and values used
  Add all resulting objects to your roles.
  Other way is try/error: If you get a message about lack of authorization, execute transaction SU54 to see which object need to add to your role.
  When changing roles, don't forget to log on again in SAP, since authorizations don't apply in real time.
  Best regards,
  Jorge

• User SAPCPIC1 has no RFC authorization for function group SYST

  Hi,
  The id  SAPCPIC1is getting error "user  has no RFC authorization for function group SYST"
  Please guide.
  Regards,
  Visshwas

  Hi Visshwas,
  Look like user SAPCPIC1 does not have enough authorization,Assaign the same.
  Regards
  Ashok Dalai

• User ftpuser has no access authorization for computer(FTP_CONNECT)

  Hi Gurus
  i am getting error like this  "User ftpuser has no access authorization for computer" when i am trying to ftp_connect.i did use before this 'HTTP_SCRAMBLE' but still not getting output .i searched SDN its says answred but no solution.can anyone help me .

  It doesn't work for me if I just maintain * entry.
  But it works after I maintained specific IP address into the table,
  ref notes:2072995 - User has no access authorization for computer
  Cause
  The message comes after the implementation of note '1605054 - Restriction in access to FTP Servers & usage of test reports' or upgrading to a
  support package that contains this note. This note was created to prevent malicious users from accessing remote FTP servers.
  Resolution
  1. Please ensure that all manual steps from note 1605054 are implemented in your system along with the code corrections
  2. Then please enter the allowed FTP servers into the table SAPFTP_SERVERS or enter ‘*’ to allow all FTP servers.

• No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document

  In EP we are trying to access bsp
  and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
  How to give authorization please help
  venkateswararao

  First Check is the ICF service is active using the SICF transaction.
  Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
  and SAP_HR_HAP_MANAGER.
  Add the above roles to your user , it should work

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •     &#61601;        B_BUPA_GRP
  •     &#61601;        B_BUPA_ATT
  •     &#61601;        B_BUPA_FDG
  •     &#61601;        B_BUPA_RLT•       
  Authorization objects for relationships:
  •     &#61601;        B_BUPR_BZT
  •     &#61601;        B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •     &#61601;        The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •     &#61601;        If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •     &#61601;        You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •     &#61601;        So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• A user has the authorizations in his UMR, but error still appearing

  Hi all,
              I have an issue with several issue in a company i am working for. The issue is the following:
  When a user wants to do something SAP gives an authorization error for an authorization that the user has in his UMR. When i remove any other role, the user can execute the transaction.
  I have seen the RZ10 looking for auth/auth_number_in_userbuffer but it does not exist!!!! what can i do????????
  Thanks In advance!!!

  Hi,
  Firstly, auth/auth_number_in_userbuffer is obsolete. Check for parameter auth/new_buffering. The value should be set to 4. Also, ensure that the PFCG_TIME_DEPENDENCY job is scheduled and running every day.
  Refer to SAP note 209899 for more information on the new parameter.
  Regards,
  Raghu

• User has no authorization for function group SWRS

  Dear SRM Gurus,
  We are facing an issue u201CUser has no authorization for function group SWRSu201D.
  Hope the user has no authorization to access function group SWRS and this function group is saying that workflow substitution.
  Can you any one have any idea what scenario are we using Workflow substitution?
  Is there any Roles need to be assigned?
  I would be appreciating if you could let us know more detail on this.
  Thanks.
  Regards,
  Magesh Basavaraj.

  Hi,
     The authorization object is 'S_WF_SUBST' for substitute role..try to assign this object and check..
  Saravanan