Using SAP* userid (SAP default password)
Hello, if i would using the default SAP* userid to logon to SAP GUI , would our IT Group know about this..?
thnks...
> would our IT Group know about this..?
Not only that, but the logon program uses a progress indicator to measure how nervous you are when logging on as SAP. This is also the case if SAP was deleted shortly before hand. Additionally, it is intelligent and can maintain it's own patterns of suspect behaviour (e.g. going straight for SE16 and certain Infotypes... or account information...)
In these cases, the system then sends an alert to the moderators of the SDN basis forum with the IP address and names of other user ID's which have been logging on from the same terminal (for example, yours is close to Quezon City... somewhere on the south end of Ayala Avenue..).
We then use the name and the IP address to scan the internet for any other illegal activities from the same source. This is not because we really want to stop them from misusing SAP* for a short while, but rather because we want them to go to jail for a long time.
=> It will be much easier and safer for you to ask for the correct authorizations to do your job properly.
Kind regards,
Julius
Similar Messages
-
Default password "PASS" for username SAP* not accepted for new client
I have created a new client, client 200 in my SAP system. I assigned it to a logical system properly and exist as one of the clients on the system together with the default clients "000", "001" and "066". The problem is that when i try connecting to this newly created client using the credentials Username: SAP*, Password: pass i get an error as follows:
name or password is incorrect (repeat logon).
I also tried the password that i use to connect to the default clients and i get the same error message. Please assist.Hi,
Set parameter login/no_automatic_user_sapstar with value 0 in t-code: RZ10 then restart SAP system.
User SAP* may get locked due to incorrect login attempts. So, delete SAP* record from database level.
> sqlplus / as sysdba
SQL> delete from sapsr3.usr02 where bname='SAP*' and mandt='<client number>';
it should show 1 rowe deleted..then
SQL> commit;
Now system will allow you to login with user SAP* and password 'pass'
With Regards,
Renu -
SAP NetWeaver Application Server ABAP 7.4 on SAP MaxDB - default password
Hello colleagues,
I have deployed this app.server (see subject) on the AWS cloud but unfortunately I cannot log-in. I've tried all known default passwords for SAP* and DDIC with no result. The documentations says - "You specify the master password during instance creation in the SAP Cloud Appliance Library"... It didn't ask me to specify the password ((
Hence, I have a few questions:
- What's the default password and where should I change it;
- How to unlock blocked accounts in SAP instances (SAP* and DDIC are blocked due to lots of failed attempts);
- How I can access the file system (this VM is on Linux), so... Putty???Hi,
You can unlock them:
update <schemauser>.usr2 set uflag='0' where bname like 'username what you want to unlock' ;
You can use emergency SAP* user if you are totally lost with the passwords.
Like this:
update <schemauser>.usr2 set bname='SAPP*' where bname like 'SAP*' ;
and you need to change the parameter:
login/no_automatic_user_sapstar to value of '0'
If you do these steps you can logon with SAP* user and 'pass' password....
after you finished you should change back login/no_automatic_user_sapstar to value of '1' in the profile !
Hope this helps,
Krisztian -
Use of activating SAP default ATM window in DBACOCKPIT
Hi Friends, As part of Glive implementation SAP asking us The SAP default ATM window is not configured/active. What is the use of ATM Configuration and Diagnostics. What are advantages of we activating SAP default ATM window using DBACOCKPIT. Please suggest. Regards, Karthik.
Hi Karthik,
Refer to this doc, ATM stands for Automatic table maintenance and as per below is explained a bit better. The attachment is the scn doc desbribing it in much more detail and should address all your queries.
DBA Cockpit: Automatic Table Maintenance for Sybase ASE
1835880 SYB: How to diagnose issues with Sybase ASE Job Scheduler, ATM, or Scheduled Jobs
The advantages as stated by document is automatic maintenance of objects as required to reduce workload of DBA and improve performance /DB of stability as well. It does lightweight scheduled maintenance activities. My wording to describe it may not be entirely correct you should read the DOC it is very helpful.
Kind Regards,
Johan -
'Change your password' error when log to designer using SAP Authentication
Hi All,
Here is the scenario. I want to create a universe on BW.
1. I try to log into designer using SAP authentication (by choosing SAP as the authentication option)
2. In the system name its the name of the CMS
3. The username and password that I entered were for my SAP system. (Yes, my SAP role is already present in CMC)
4. After I entered, I got a message saying ' You must change your password to continue. If you do not change your password, your account might get disabled'.
5. I am prompted with dialogue box to change my password.
6. After I enter a new password (fairly complicated), it gives an error Failed to change password/ Details : [repo_proxy 15]. Sessionfacade:: changePassword - User password has not been updated (Incorrect password).
I know that's not the case because I am able to log into SAP GUI and into CMC using my SAP credentials.
Any advice please ? Why is this happening in designer ?Hi,
Your issue may be fixed in FP1.8 with the following reference:
ADAPT01229385
Description:
+If an Enterprise alias is created for a SAP user accounts in the Central Management Console (CMC), and set to change their+
+passwords at the next log on, the SAP users may be unable to log on to applications with their SAP credentials.+
+This problem happens even after the Enterprise alias is removed from the SAP user accounts in the CMC.+
I hope this helps.
regards,
Henry -
UME using SAP R/3 as Data Source
Hi,
We are trying to set User authentication to SAP R/3 system, not load balanced system, on the User Management Configuration values: Client=501, Userid=sapjsf, Password=pwd, sys id=RS1, Group and Message server= blank, Application server= server.company.com, Sys. number=00, Max pool=10, Max wait=300000.
When testing connection, I get this message:
(System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing
(System ID & System Number): OK
Is this an error? since our SAP R/3 is not a load balanced system.
Did we miss any item for the setup, in dataSourceConfiguration_r3.xml? The SAPJSF "communication user" got the right sap role and authorizations.
Portal version : EP6 SR1
Regards
HuzaifahHi,
If u want to Use The SAP R3 System as Data source u may
do it from config tool if u got following message.
WARNING! You are not allowed to select dataSourceConfiguration_r3.xml as active configuration file.
(For Portal Patch less than SP13 u must download two data source file which is attached with note - 718383
and upload it to portal which is described in the note)
the following are the procedure which i apply ,
Go to System Administration -> System Configuration ->UM Configuration
Now Do not change Data source from Here.
Make sure your data source is "Database Only"
(dataSourceConfiguration_database_only.xml)
Now enter the following value under SAP System Tab.
Client : - Your sap system client
User:- Sap user
password: - password
System language:- your system language
Application server: - Host name or IP of sap system
System Number : - SAP instance number
Maximum Size of Connection Pool : - As per req.
Maximum Wait Time in Milliseconds :- 10000
Now, save the changes and shutdown the portal server.
Using Config Tool change the data source. Run the following
<drive:\> usr\sap\<sid>\JC<instance number>\J2EE\configtool\configtool.bat
(Make sure the portal system is shutdown)
Under Cluster Data -> Global Server Configuration -> services -> com.sap.security.core.ume.services
Now find the key: - ume.persistence.data_source_configuration
The default was : - dataSourceConfiguration_database_only.xml
change the value to :- dataSourceConfiguration_r3.xml
click on set and from flie-> apply
Now restart the portal server ur data source changer to SAP R3 System
Regards,
Kaushal -
Reset SAP GUI passwords for number of users one time
Dear,
i need your help in how to Reset SAP GUI passwords for number of users one time, as we have non-SAP users, only ESS users that they are currently using Portal ESS, but we need to reset thier GUI passwords so that they will not be accessing the GUI.
we need to do it one shot, one time for more than 600 users.
is there any way?
thank youYou can also create an ABAP program which can be used to do a mass user password change.
Here are the functions that will do what you need
SUSR_GENERATE_PASSWORD - Generates a Password. Use this function only if you want to do random passwords. Otherwise you can upload your own password.
BAPI_USER_CHANGE - You can use this BAPI to change just the password of a user
Here is an example of some abap code. There may be some syntax errors and possible other issues. I just typed this out and didnt check it. You upload a comma delimited file which is the username,password. If the password field is blank the program will generate its own. Hope this helps
constants: con_comma TYPE c VALUE ','.
data: it_tab TYPE filetable,
gd_subrc TYPE i,
v_filename_string TYPE string,
p_npass like XU400-NEWCODE.
DATA: BEGIN OF itab OCCURS 0,
dLine(40) type c,
END OF itab.
DATA: begin of it_Users occurs 0,
UserID like BAPIBNAME-BAPIBNAME,
Password Like XUBCODE,
end of it_Users.
parameters: p_file like rlgrap-filename default 'c:\users.txt' LOWER CASE.
AT SELECTION-SCREEN ON VALUE-REQUEST FOR p_file.
*& FILE_OPEN_DIALOG METHOD *
CALL METHOD cl_gui_frontend_services=>file_open_dialog
EXPORTING
window_title = 'Select File'
default_filename = '*.txt'
multiselection = ' '
CHANGING
file_table = it_tab
rc = gd_subrc.
LOOP AT it_tab INTO p_file.
ENDLOOP.
v_filename_string = p_file.
START-OF-SELECTION.
*& GUI_UPLOAD function *
Upload file to internal table
CALL FUNCTION 'GUI_UPLOAD'
EXPORTING
FILENAME = v_filename_string
FILETYPE = 'ASC'
HAS_FIELD_SEPARATOR = 'X'
TABLES
DATA_TAB = ITAB
EXCEPTIONS
FILE_OPEN_ERROR = 1
FILE_READ_ERROR = 2
NO_BATCH = 3
GUI_REFUSE_FILETRANSFER = 4
INVALID_TYPE = 5
NO_AUTHORITY = 6
UNKNOWN_ERROR = 7
BAD_DATA_FORMAT = 8
HEADER_NOT_ALLOWED = 9
SEPARATOR_NOT_ALLOWED = 10
HEADER_TOO_LONG = 11
UNKNOWN_DP_ERROR = 12
ACCESS_DENIED = 13
DP_OUT_OF_MEMORY = 14
DISK_FULL = 15
DP_TIMEOUT = 16
OTHERS = 17.
IF SY-SUBRC <> 0.
MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
Loop through internal table and split the comma delimited file
LOOP AT ITAB.
SPLIT ITAB-dLINE AT con_comma INTO it_Users-UserID
it_Users-Password.
APPEND it_Users.
ENDLOOP.
LOOP AT it_Users.
if it_users-Password is initial.
CALL FUNCTION 'SUSR_GENERATE_PASSWORD'
IMPORTING
PASSWORD = p_npass
else.
p_npass = it_users-Password.
endif.
CALL FUNCTION 'BAPI_USER_CHANGE'
EXPORTING
USERNAME = it_users-userid
PASSWORD = p_npass
PASSWORDX = 'X'
TABLES
RETURN = it_ret2.
Loop at it_ret2.
if it_ret2-number = 039.
write: / 'password changed'.
else.
write: / it_ret2-message.
endif.
endloop.
Write: / ''.
refresh it_ret2.
ENDLOOP. -
Error in license check using SAP*
Dear All,
Even though we have deleted the SAP* password in DB level, I am unable to login R3 level
using SAP/Pass and with the parameter login/no_automatic_user_sap =0;
when i login to R3 level using SAP*/PASS , Errors is " LOGON not possible ( error in license check)
Could you please let me know , how can we rectify this error?
Thanks and RegardsHi,
This Error will come if you have changed any port recently.
Most probable msserv_internal port will create problem.
Steps:
You need to check this on os level as you cant login to SAP.
1) Check start profile for parameter msserv_internal if its there comment it and restart SAP system
2) Check instance profile for parameter msserv_internal if its there comment it and restart SAP system.
3) Check default profile for parameter msserv_internal if its there comment it and restart SAP system.
update status once done!
Regards,
Gagan Deep Kaushal -
BAPI-VB, Unable to call method GetDetail of USER Object using SAP.BAPI.1
Hi,
I am trying to call SAP Methods using Excel VBA.
In the below example, I am trying to get the user details.
I can solve this, if I use SAP.Functions object, but not when I use SAP.BAPI.1 object.
The Procedure GetUserDetails() works fine, but the 2nd one GetUserDetails2() fails?
Can you tell what is the difference in calling SAP method with SAP.Functions and SAP.BAPI.1 ?
Also how can I run the program GetDetails2() using SAP.BAPI.1
Const CNT_STR_USR As String = "XXXXX"
Const CNT_STR_PWD As String = "XXXXX"
Const CNT_STR_APPLN_SRVR As String = "ides47"
Const CNT_STR_SYSTEM As String = "IDS"
Const CNT_STR_SYS_NUM As String = "00"
Const CNT_STR_CLIENT As String = "800"
Const CNT_STR_LOGON_LANG As String = "EN"
Const CNT_STR_LOG_FILE As String = "C:sap_vb.txt"
Const CNT_INT_LOG_LEVEL As Integer = 9
'Works Fine
Public Sub GetUserDetails()
'Using SAP Functions
Dim obSAPFn As Object
Dim obFuncUsrDtl As Object
Dim obFuncRtrn As Object
Dim obFuncLogDtl As Object
Dim sRetStatus As String * 1, sErrText As String, sUsrGroup As String * 12
Dim iRetRowCount As Integer, iLoop As Integer
Dim bErrFlag As Boolean
'Set obSAPFn = New SAPFunctions
Set obSAPFn = CreateObject("SAP.Functions")
obSAPFn.Connection.ApplicationServer = CNT_STR_APPLN_SRVR
obSAPFn.Connection.SystemNumber = CNT_STR_SYS_NUM
obSAPFn.Connection.User = CNT_STR_USR
obSAPFn.Connection.Password = CNT_STR_PWD
obSAPFn.Connection.Language = CNT_STR_LOGON_LANG
obSAPFn.Connection.Client = CNT_STR_CLIENT
obSAPFn.LogLevel = CNT_INT_LOG_LEVEL
obSAPFn.LogFileName = CNT_STR_LOG_FILE
'Check For Connection
If obSAPFn.Connection.Logon(0, True) = False Then
MsgBox "R/3 connection failed"
Exit Sub
Else
If obSAPFn.Connection.IsConnected Then
' MsgBox "Connected"
Else
MsgBox "Not COnnected"
Exit Sub
End If
End If
'Get User Details.
Set obFuncUsrDtl = obSAPFn.Add("BAPI_USER_GET_DETAIL")
obFuncUsrDtl.Exports("USERNAME") = CNT_STR_USR
obFuncUsrDtl.Call
Set obFuncRtrn = obFuncUsrDtl.Tables("RETURN")
iRetRowCount = obFuncRtrn.RowCount
bErrFlag = False
For iLoop = 1 To iRetRowCount
If obFuncRtrn(iLoop, "TYPE") = "E" Then
' ErrorUsuario = True
sErrText = "E" & obFuncRtrn(iLoop, "ID") & obFuncRtrn(iLoop, "NUMBER") & _
" " & obFuncRtrn(iLoop, "MESSAGE")
MsgBox sErrText
bErrFlag = True
Exit For
End If
Next
If bErrFlag = False Then
Set obFuncLogDtl = obFuncUsrDtl.Imports("LOGONDATA")
sUsrGroup = obFuncLogDtl("CLASS")
MsgBox sUsrGroup
End If
Set obFuncRtrn = Nothing
Set obFuncLogDtl = Nothing
Set obFuncUsrDtl = Nothing
obSAPFn.Connection.LogOff
Set obSAPFn = Nothing
End Sub
' Does not work
Public Sub GetUserDetails2()
'Using BAPI Object
Dim obSapBAPICtrl As Object 'BAPI control object
'Dim obSAPConn As Object 'Connection object
Dim obSAPUSER As Object ' To Get Details of USER Object
Dim obLogondata As Object, obDefaults As Object, obAddress As Object, obCompany As Object
Dim obSnc As Object, obParameter As Object, obProfiles As Object, obActivitygroups As Object
Dim obReturn As Object, obAddComrem As Object, obAddRml As Object, obAddPag As Object
Dim obAddUri As Object, obAddSsf As Object, obAddPrt As Object, obAddRfc As Object
Dim obAddX400 As Object, obAddSmtp As Object, obAddTlx As Object, obAddTtx As Object
Dim obAddTel As Object, obAddFax As Object, obParameter1 As Object
Dim sRetStatus As String * 1, sTransId As String, sUsrGroup As String
Dim iRetRowCount As Integer, iLoop As Integer
Set obSapBAPICtrl = CreateObject("SAP.BAPI.1")
obSapBAPICtrl.Connection.ApplicationServer = CNT_STR_APPLN_SRVR
obSapBAPICtrl.Connection.SystemNumber = CNT_STR_SYS_NUM
obSapBAPICtrl.Connection.User = CNT_STR_USR
obSapBAPICtrl.Connection.Password = CNT_STR_PWD
obSapBAPICtrl.Connection.Language = CNT_STR_LOGON_LANG
obSapBAPICtrl.Connection.Client = CNT_STR_CLIENT
obSapBAPICtrl.LogLevel = CNT_INT_LOG_LEVEL
obSapBAPICtrl.LogFileName = CNT_STR_LOG_FILE
'Don't show the logon details
'Connect to SAP
If obSapBAPICtrl.Connection.Logon(0, True) = False Then
MsgBox "R/3 connection failed"
Exit Sub
Else
If obSapBAPICtrl.Connection.IsConnected Then
' MsgBox "Connected"
Else
MsgBox "Not COnnected"
Exit Sub
End If
End If
Could not find a way to pass the User Id?
Is this the right way to pass the user Id for this Object?
Set obSAPUSER = obSapBAPICtrl.GetSAPObject("USER", CNT_STR_USR)
Set obLogondata = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Logondata")
Set obDefaults = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Defaults")
Set obAddress = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Address")
Set obCompany = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Company")
Set obSnc = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Snc")
Set obParameter = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Parameter")
Set obProfiles = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Profiles")
Set obActivitygroups = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Activitygroups")
Set obReturn = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Return")
Set obAddComrem = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddComrem")
Set obAddRml = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddRml")
Set obAddPag = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddPag")
Set obAddUri = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddUri")
Set obAddSsf = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddSsf")
Set obAddPrt = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddPrt")
Set obAddRfc = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddRfc")
Set obAddX400 = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddX400")
Set obAddSmtp = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddSmtp")
Set obAddTlx = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddTlx")
Set obAddTtx = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddTtx")
Set obAddTel = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddTel")
Set obAddFax = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "AddFax")
Set obParameter1 = obSapBAPICtrl.DimAs(obSAPUSER, "GetDetail", "Parameter1")
sTransId = obSapBAPICtrl.CreateTransactionID()
'obSapBAPICtrl.TransactionId = sTransId
obSAPUSER.GetDetail Logondata:=obLogondata, Defaults:=obDefaults, Address:=obAddress, _
Company:=obCompany, Snc:=obSnc, Parameter:=obParameter, Profiles:=obProfiles, _
Activitygroups:=obActivitygroups, Return:=obReturn, AddComrem:=obAddComrem, _
AddRml:=obAddRml, AddPag:=obAddPag, AddUri:=obAddUri, AddSsf:=obAddSsf, _
AddPrt:=obAddPrt, AddRfc:=obAddRfc, AddX400:=obAddX400, AddSmtp:=obAddSmtp, _
AddTlx:=obAddTlx, AddTtx:=obAddTtx, AddTel:=obAddTel, AddFax:=obAddFax, _
Parameter1:=obParameter
iRetRowCount = obReturn.RowCount
If iRetRowCount > 0 Then
For iLoop = 0 To iRetRowCount
sRetStatus = obReturn(iLoop, "TYPE")
If sRetStatus = "S" Then
sUsrGroup = obLogondata("CLASS")
MsgBox sUsrGroup
End If
Next
End If
Set obSAPUSER = Nothing
obSapBAPICtrl.Connection.LogOff
'Set obSAPConn = Nothing
Set obSapBAPICtrl = Nothing
End Sub
Regards,
VikasThe problem was occuring because, the structure Return was not holding any values.
But the other tables which returned values were getting populated.
Regards,
Vikas -
Here's my question gurus...
Is there a way to enable SSO so that, after a user authenticates themselves within the portal, go back to the standard Windows SAP GUI Logon(pad) select the system enter the desired client and logon with having to provide a username and password? The credentials would be passed from the portal to the connected backend system.
We currently have a slew of systems and there corresponding clients it would be awesome to sync all systems with the portal and only have to administer passwords from and for the portal. Consequently the portal would handle the rest. The folks here have not fully embraced using the html version of the gui hence the reason for this posting.Hi Mike,
If i understood your requirement, You want to use SAP functionality form portal.
You Can do that, by creating a SAP System from your portal and you can call any Transactions from the portal it self, by using that System.
How to create System and User mapping for that System you can find in the below link. It may helpful to you. Ping me back, if you have any doubts.
http://help.sap.com/saphelp_nw04/helpdata/en/3d/b5f9c2ea65c242957ee504ca4a37a9/frameset.htm
Transaction Iview with integrated ITS.
Please correct me, if i am wrong.
Regards,
Sridhar -
How to implement SSO to non-SAP systems using SAP logon ticket?
Hello,
We would like to implement Single Sign On between our SAP Netweaver system and a Siebel which is a non-SAP system using SAP logon tickets.
Can anyone please give me some leads on this, in particular:
1. Is there a JAVA API or an SAP plug-in that can be implemented on the Siebel machine to extract the SAP logon ticket?
2. As the other machine might seat on a complete different domain, is it possible to implement SAP logon ticket without using cookies (perhaps through the HTTP header?
3. In case you think using SAP logon tickets is not the best solution here I would be happy to hear any other suggestions you might have.
RoyHi,
I'm currently using SAML as well. Unfortunately the SAP J2EE cannot work as authority (identity provider) but what you can do is using an open implementation of SAML such as opensso which is an open version of SUNs Java System access manager.
There are a couple of other projects such as opensaml, apache's wss4j or shibboleth that might be interesting in this context.
I just installed opensso and got it working with SAP J2EE 7.0 using SAPs JAAS SAMLLoginModule to authenticate users within SAP J2EE.
In this scenario opensso serves as identity provider just as you need! There are a couple of Policy agents available on SUNs Download site you can use with Apache, Tomcat, JBOSS, WebSphere, Bea Web Logic etc. in order to authenticate! Otherwise you just directly authenticate against opensso. When installing opensso you can configure the type of user store you want to use! By default it uses LDAP but you can also use different types of user store using JDBC or other mechanisms. Since you have a Directory Service you could easily connect it to your existing directory.
There is also a way to map user ids directly in opensso by adding a uid mapping class. I created some documentation with lots of screenshots about using opensso with SAP J2EE. You can easily use opensso with any other system that supports SAML. In the case of SAP the usage is currently limited to SAML versions 1.0 and 1.1. Version 2.0 is not yet supported but should be in one of the following versions.
Here are some links you might want to check:
OpenSAML: https://spaces.internet2.edu/display/OpenSAML/Home
wss4j: http://ws.apache.org/wss4j/
shibboleth: http://shibboleth.internet2.edu/
opensso: https://opensso.dev.java.net/
On SDN you will find a documentation on how to connect SUN Java System Access Manager to SAP J2EE (see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/906d9fc6-31b9-2910-1385-90edad7d7570). As I said opensso is based on the SUN Access Manager code and looks quite the same. So you can adapt this documentation in order to configure opensso or you can just ask me for the documentation.
Hope this is helpful...
Let me know if you need further assistance on this topic
Cheers -
Change SAP BI Password from BO Client Tools / Infoview, SAP Authentication
Hi,
We are using SAP BI BO Integration Kit (BO XI 3.1, SAP BI 7.0) & able to use SAP BI Queries with WebI, Xcelsius etc.
For a user group, we would be providing only Infoview access (using SAP Authentication). This means we would not want to install any BO Client Tools, SAP GUI or SAP Integration Kit Client, on user desktop.
We are faced with a issue - How does the user change password from Infoview (this is an SAP BI User ID used to login from Infoview).
Initial Password of SAP BI User cannot be changed from Infoview, since it doesnot prompt for changing the Initial Password.
Any ideas how to handle this situation.
regards,
Rajesh K SarinHi Erwin,
no. Also within BI4 you are not able to change your SAP password.
The Workaroung of Ingo is very suitable using SAP GUI for HTML.
You can vote this idea on idea place:
https://ideaplace.brightidea.com/ct/ct_a_view_idea.bix?c=BB5523E4-062F-4420-B35F-0B1F0D4769A9&idea_id=CBAD2E43-C21E-4809-A0B0-CFD3B9551A41#
Regards
-Seb. -
Can I use SAP HR to drive ESS Portal user creation?
Hello
We are implementing a new instance of SAP HR and Portal for ESS and MSS and I am not sure of all the steps that need to be completed so any guidance / tips would be greatly appreciated.
Company currently has an LDAP - but not used extensively. Not all employees currently in LDAP as not all have network ids. All employees will have a SAP account to enable ESS (via Kiosks etc). ESS iViews in Portal will call SAP HR and possibly SAP BW. We have an instance of SAP already and user admin maintained via CUA - this will continue.
Scenario:
My initial thoughts are that we try to use SAP HR as the leading system to drive the ESS Portal users and access. Basically I want to create the user in SAP and assign them an ESS SAP role... then through syncronization have the user created in the Portal and have the correct ESS Portal assigned (in the Portal)
My thinking so far is to go the following way;
1) Create User Master Record in SAP (SU01)
2) Hire employee into the org structure (via HR processes)
3) Populate Infotype 0105 with SAP username
4) Populate Infortype 1016 - with SAP role to be assigned to allow ESS access (not sure about this aspect) or role could be assigned in 1) above
I am not sure of the next steps - I think there must be a way in an SAP table to map the ESS SAP role to the ESS Portal Role (is this via WP3R?)
then I am hoping that a standard job can be run (is this RSLDAPSYNC_USER) that will create the user in the Portal (UME?) and assign the correct Portal role ?
(obviously configuration needed)
For MSS and HR Power users - we would continue to assign SAP roles via SU01.
Can anyone assist with;
- Is my thinking correct in terms of how this should / could work?
- in SAP how can I map SAP Roles to Portal Roles ?
- will syncronization in SAP create the user in Portal and assign the role ? what do I need to configure?
Thanks in advanceDear Michale,
I just dont know if this can throw some light on your prob.'
In our Orgn we had around 250 ess users and 200 sapr/3 users. Some of the r/3 users also logon to ess via their r/3 uname and password.
What we have done is like follows:
1. Created a role for only the ess users ZHRESS. For this i asked the HR functional people with sap_all profile to do all the job which the ESS users are supposed to do and tracer the authorization via tcode st01. We created the role on the basis of this trace report.
2. For the purely ESS users we created the users via tcode HRUSER and assigned then with the above role.
3. For the R/3 users who are supposed to avail the ess facility we assigned them with the role ZHRESS role in addition to the other roles assigned to them to carry out their normal R/3 transactions. Then we mapped their R/3 uname to their employee no via PA30 infotype 105.
4. Tcode HRUSER saved time which would have consumed had we done it via su01 and moreover it picked Name etc data from the HR master table. In HRUSER tcode , setting the user attributes helps to define what roles the users are to be assigned, what should be their initial password etc.
Pl let me know if it satisfies you querry.
Regards -
R/3 Secure Store and Forward, while using SAP portal for SSO
Hello,
We are using SAP Portal UME for authentication, then SAP SSO tickets to log into the SAP R/3 system. Initially we decided that the end users would have a "disabled password" so that they must use the portal authentication mechanism to get into R/3 and therefore could not log in straight to R/3 system via SAP GUI.
All was working fine until during integration testing when someone tried to use the electronic signature function on a QM t-code (QA11) that prompted for an e-sig. Since local passwords have been disabled, the user could not execute the e-sig.
We do not want to activate local R/3 passwords for the users. Can anyone give some advice or a best practice regarding how to set up electronic sigs in R/3 while using an external authentication source? FYI, we are also trying to avoid using the LDAP connector from R/3 to our LDAP.
Please comment for any clarity needed or comments,
Thanks in advance,
RyanGood point - but I'm afraid of not knowning an instant answer.
Well, theoretically one could make use of the fact that an NWAS ABAP can act as http client (submitting http requests to the NWAS Java to validate logon data); but that's just a rough idea.
Regards, Wolfgang -
Sales Order creation using SAP NCo 3.0 x64
Hi,
I have been trying to create a sales order using the SAP NCo from Visual Studio (C#) and I'm stuck.
The code I have used is:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using SAP.Middleware.Connector;
namespace ConsoleApplication2
class Program : IDestinationConfiguration
static void Main(string[] args)
RfcDestinationManager.RegisterDestinationConfiguration(new Program());
RfcDestination destination = RfcDestinationManager.GetDestination("EHP6");
try
RfcRepository repo = destination.Repository;
IRfcFunction salesDoc = repo.CreateFunction("BAPI_SALESORDER_CREATEFROMDAT2");
IRfcFunction salesDocCommit = repo.CreateFunction("BAPI_TRANSACTION_COMMIT");
IRfcStructure salesHeader = salesDoc.GetStructure("ORDER_HEADER_IN");
IRfcTable salesItems = salesDoc.GetTable("ORDER_ITEMS_IN");
IRfcTable salesPartners = salesDoc.GetTable("ORDER_PARTNERS");
IRfcStructure salesItemsStruct = salesItems.Metadata.LineType.CreateStructure();
IRfcStructure salesPartnersStruct = salesPartners.Metadata.LineType.CreateStructure();
//Sales Header
salesHeader.SetValue("DOC_TYPE", "MOR");
salesHeader.SetValue("DOC_DATE", Convert.ToDateTime("2014-06-19"));
salesHeader.SetValue("SALES_ORG", "M210");
salesHeader.SetValue("DISTR_CHAN", "01");
salesHeader.SetValue("DIVISION", "M1");
salesHeader.SetValue("CURRENCY", "USD");
//Sales Items
salesItemsStruct.SetValue("ITM_NUMBER", "000010");
salesItemsStruct.SetValue("MATERIAL", "MP_SHEET_22");
salesItemsStruct.SetValue("SHORT_TEXT", "Sheet Grade B, BWT 20lb/75gsm");
salesItemsStruct.SetValue("PLANT", "M210");
salesItemsStruct.SetValue("TARGET_QTY", "2000");
salesItemsStruct.SetValue("TARGET_QU","LBR");
salesItemsStruct.SetValue("TARGET_VAL", "11655.67");
// Partner
salesPartnersStruct.SetValue("PARTN_ROLE", "SP");
salesPartnersStruct.SetValue("PARTN_NUMB", "MP-CUST201");
RfcSessionManager.BeginContext(destination);
salesDoc.Invoke(destination);
salesDocCommit.Invoke(destination);
RfcSessionManager.EndContext(destination);
Console.WriteLine("Sales Order Created!!");
Console.ReadLine();
catch (RfcCommunicationException e)
e.ToString();
Console.WriteLine(e);
Console.ReadLine();
catch (RfcLogonException e)
e.ToString();
Console.WriteLine(e);
Console.ReadLine();
catch (RfcAbapRuntimeException e)
e.ToString();
Console.WriteLine(e);
Console.ReadLine();
catch (RfcAbapBaseException e)
e.ToString();
Console.WriteLine(e);
Console.ReadLine();
public RfcConfigParameters GetParameters(String destinationName)
if ("EHP6".Equals(destinationName))
RfcConfigParameters parms = new RfcConfigParameters();
parms.Add(RfcConfigParameters.AppServerHost, "xx.xxx.xxx.xx");
parms.Add(RfcConfigParameters.SystemNumber, "00");
parms.Add(RfcConfigParameters.SystemID, "IE6");
parms.Add(RfcConfigParameters.User, "user");
parms.Add(RfcConfigParameters.Password, "password");
parms.Add(RfcConfigParameters.Client, "800");
parms.Add(RfcConfigParameters.Language, "EN");
return parms;
else return null;
It returns me no error and even displays "Sales Order Created!!" from the try block. But when I check in VBAK, no Sales Order is being created.
Can somebody help me understand, if I have missed out something or if I'm going wrong somewhere?
All dependencies have been added correctly, platform being set to x64. No build/run-time errors.Hi Sreyan Choudhury
have you check if you have completed all the mandatory field?
the partner "SP" is the customer in your system?
here an example on how I've used this bapi in a webdynpro:
* Order Header Details
CLEAR w_order_header_in.
w_order_header_in-doc_type = zauart.
w_order_header_in-sales_org = zvkorg.
w_order_header_in-distr_chan = stru_order_header-distr_chan.
w_order_header_in-division = 'GN'.
w_order_header_in-purch_no_c = stru_order_header-purch_no_s.
w_order_header_in-purch_no_s = stru_order_header-purch_no_s.
w_order_header_in-sales_grp = zvkgrp.
w_order_header_in-sales_off = zvkbur.
w_order_header_in-compl_dlv = stru_order_header-compl_dlv.
w_order_header_in-req_date_h = stru_order_header-req_date_h.
CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
EXPORTING
input = w_order_items_in-material
IMPORTING
output = w_order_items_in-material.
* Order Partner Details
CLEAR: i_order_partners,w_order_partners.
w_order_partners-partn_role = 'AG'.
w_order_partners-partn_numb = stru_order_partners-partn_numb.
CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
EXPORTING
input = w_order_partners-partn_numb
IMPORTING
output = w_order_partners-partn_numb.
APPEND w_order_partners TO i_order_partners.
*partener roles
SELECT * INTO w_agenti FROM zagenti WHERE vkgrp = zvkgrp.
CLEAR w_order_partners.
w_order_partners-partn_role = w_agenti-parvw.
w_order_partners-partn_numb = w_agenti-lifnr.
CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'
EXPORTING
input = w_order_partners-partn_numb
IMPORTING
output = w_order_partners-partn_numb.
APPEND w_order_partners TO i_order_partners.
ENDSELECT.
* Order Items
LOOP AT stru_order_items INTO i_order_items.
CLEAR: w_order_items_in.
MOVE-CORRESPONDING i_order_items TO w_order_items_in.
w_order_items_in-store_loc = i_order_items-lgort.
w_order_items_in-itm_number = sy-tabix * 10.
w_order_items_in-item_categ = 'TAN'.
w_order_items_in-ship_point = 'LS00'.
w_order_items_in-plant = 'DS00'.
APPEND w_order_items_in TO i_order_items_in.
w_order_items_inx-itm_number = w_order_items_in-itm_number.
w_order_items_inx-target_qty = 'X'.
w_order_items_inx-item_categ = 'X'.
w_order_items_inx-ship_point = 'X'.
w_order_items_inx-plant = 'X'.
IF w_order_items_in-batch IS NOT INITIAL.
w_order_items_inx-batch = 'X'.
ENDIF.
IF w_order_items_in-store_loc IS NOT INITIAL.
w_order_items_inx-store_loc = 'X'.
ENDIF.
APPEND w_order_items_inx TO i_order_items_inx.
w_order_schedules_in-itm_number = w_order_items_in-itm_number.
w_order_schedules_in-sched_line = '0001'.
w_order_schedules_in-req_qty = w_order_items_in-target_qty.
APPEND w_order_schedules_in TO i_order_schedules_in.
w_order_schedules_inx-itm_number = w_order_items_in-itm_number.
w_order_schedules_inx-sched_line = '0001'.
w_order_schedules_inx-req_qty = 'X'.
w_order_schedules_inx-updateflag = 'I'.
APPEND w_order_schedules_inx TO i_order_schedules_inx.
* Order Condition Details
IF i_order_items-prriga <> i_order_items-prnet AND
i_order_items-prriga <> i_order_items-prbase.
CLEAR: w_order_conditions_in.
w_order_conditions_in-itm_number = w_order_items_in-itm_number.
w_order_conditions_in-cond_type = 'ZMAN'. “manual
price condition
w_order_conditions_in-cond_value = i_order_items-prriga / 10.
APPEND w_order_conditions_in TO i_order_conditions_in.
ENDIF.
DATA: v_message_riga TYPE string.
* Get message manager
DATA: l_current_controller TYPE REF TO if_wd_controller,
l_message_manager TYPE REF TO if_wd_message_manager.
l_current_controller ?= wd_this->wd_get_api( ).
CALL METHOD l_current_controller->get_message_manager
RECEIVING
message_manager = l_message_manager.
IF i_order_items-prriga = 0 AND i_order_items-omaggio = ''.
CONCATENATE 'Error during the creation '
'empty line INTO v_message_riga.
* v_message_riga = 'Errore durante la creazione. Riga non
*valorizzata'.
* Report Error message
CALL METHOD l_message_manager->report_error_message
EXPORTING
message_text = v_message_riga.
i_bloccasalva = 'X'.
ENDIF.
ENDLOOP.
Maybe you are looking for
-
Is Adobe doing anything to correct the problems that Premiere CS6 has when creating titles that look great until they are rendered, at which point they become blurry...titles created in Photoshop and/or AfterEffects render out the same way in Premier
-
Daylight savings time stared today and the alarm on my Z3v was correctly set to 0730. The alarm didn't go off though until 0830. I did set the alarm with google now, but around 8 o'clock i also checked the Alarm and Clock app and verified the correct
-
We live in motel but my iMac is not connecting with the internet but my cousin has hp laptop that works perfectly fine in my room. So can you help me with this situation?
-
As I have just started working in OSB, so my query is whether I can get a proper error message from OSB validate action against the particular attribute in an XML which is having the wrong input. Example : Suppose in my XSD i have defined student's i
-
HI All, One more issue related to rebate agreements. User has made partial rebate settlement. Now business wanted to close the rebate agreements though balance accruals are avaialble, but business decided not to pay any more whatever is left. But all