What authorization-roles for user login (java stack)
Hello SAP-Fans ,
which authorization role needs to be assigned to the users for logging into a java-stack on port 50.000?
We always get the error-message: "Error 403 forbidden, You are not authorized to view the requested resource."
I know this is a beginner's question. Java is completely new to us.
Thanks in advance
Danny Winn
Hi Danny,
Welcome to SDN,
Logon to the portal with the user Administrator, go to User Administartion and create a user for yourself by assigning Super Admin Role.
portal Url must be http://<host.fqdn>:50XX0/irj/portal where XX is the system number in this case 00.
You will able to see at the user admin tab all the SAP standard roles.
regards
Juan
Please reward with points if helpful
Similar Messages
-
How add Authorization check for user with assigened role for t.code-MIR4
Hi All,
Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4 using ABAP.
In Detail:2) All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
suggest me...
Thanks,
srii..Hi Sri ,
first u need to find out in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
make use of Tcode SUIM to find out all roles which are using this Object.
or
ask ur basis guy to remove authorizations to create/change....
regards
Prabhu -
Authorization roles for release strategy FRGSX
Hi guys,
we are using R/3 4.7. We are going to implement release strategy for Purchase orders in our company .
We have customized different release groups, for several release strategies and release codes, without implementing any workflow.
We have a problem on authorization roles because we assigned for each combination of release group and release code a authorization role but it is not sufficient to restrict the role for users because we don't take into consideration the release strategy.
We had a look on the system but we didn't find any object related to release strategy (techical name FRGSX).
Could you someone help me?
Thanks in advance
VirWhen assigning user authorization for PO release strategy each user is assigned to release group and release code. You cannot make a connection between specific release strategy to user.
Pay attention that the authorization needed are also for change PO (ME22N) - meaning you can limit the users by all the authorization values of the ME22N objects.
Use t.code SU24 to explore what auth. are checked in each transaction.
Nir -
Help Required in Authorization Roles for Workbooks
Hi All,
In our project, we have a requirement of creating a role for users with below authorizations.
1. Can display and execute the workbooks in the role menu.
2. Can create copy workbooks ( Save as) in the role menu.
3. Can not delete the original and the copy workbooks from role menu.
We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
Thanks,
SachinRe: Adding report (query & workbook, templates) in roles
Go through this thread.
And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
we have added Auth objects S_TCODE and S_GUI.
in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
So that they can just share the workbook. nothing else can be done.
Try like this. Hope this would help you. -
Required Authorization Role for E-commerce manager
Hi ,
Could you please tell me required Authorization Role for E-commerce manager and catalog administartor?
Thanks.
Regards,
PVSAP_CRM_ECO_ISA_WU_B2B_FULL CRM-ECO: ISA Internet User (Full Document Authorization) ISA_B2B_FULL
SAP_CRM_ISA_UA_SUPERUSER Internet Sales User Administration Authorizations Superuser
*SAP_CRM_ISA_WEBSHOP_MANAGER * Authorizations for the Internet Sales Web shop Manager Webshop Manager
SAP_CRM_ECO_ISA_WU_B2C Internet User for B2C -
Authorization Role for S_ALR_87099918
Hi all,
I am not sure if this is the right place to post this one (if it is not, please tell me which one is, i have tried to search the forum, but can't seem to find the place to post about this "security" problem)
Currently having a trouble while creating the authorization role for transaction s_alr_87099918 (primary cost planning : depreciation / interest).
I have already maintained the authorization objects:
- A_A_VIEW and
- A_PERI_BUK
Checked with Su53, but no missing authorization object or anything
While executing the transaction, the system said "no records were found", when i execute it with another ID, there are results. I have checked the parameter input-ed, both are already the same.
I am wondering if anyone has ever experienced this before?
What can be the possible cause and the solution?
Thank you so much
Regards, Erwin
Edited by: Erwin Hartono on Dec 3, 2010 9:39 AMSorry, my deepest apologies, i think i found the right place to post this
-
How to create authorization role for just displaying query prefix Q and X.
Hi Expert,
I hope someone can help me on how to create authorization role for just displaying and executing BEX Queries prefix Q and X. I'm currently using SAP BI 7.1.
Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
-->Manually Business Information Warehouse
--> Manually Business Explorer - Components
Activity : Display, Execute, Enter, Include, Assign
InfoArea : *
InfoCube : *
Name(ID) of a reporting component : *
Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
--> Manually Business Explorer - Components
Activity : Display, Execute
InfoArea : *
InfoCube : *
Name(ID) of a reporting component : Q* , X*
Type of a reporting component : Query
But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
Please assist. Very much appreciate your help. Thanks.
Edited by: nadiyah salleh on Mar 18, 2008 11:22 AMQuestion close. This issue has been resolved.
-
Failed to activate authorization check for user SAPSYS
Hi Experts
I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
i am getting a error Failed to activate authorization check for user SAPSYS.
Please help me to solve this issue.
Regards
VenkatHi, Mr. Joe Bo.
Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
Basis Patch - 15, Kernel 159
I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
Thanks & Regards
Venkatesan J -
Hi,
in forms 10g , it's possible to change the role for user
REVOKE role_name FROM :USERNAME;This should work, but the user revoking a role from a different user needs to have the admin option of this role.
When creating a role, by default the "Admin option" for that role should be enabled for the user creating the role.
Normally, this would be the schema-owner of the application objects ...
A user holding the "admin option" may grant a role to a different user and grant the other user "admin option" on this role... -
How to configure Email notification for User login's in Exchange Infrastructure?
How to configure Email notification for User login's in Client Machines?
Hi ,
Based on the description , you need to assign logon scripts to the end users via group policy and also use your exchange server as the smtp server in that logon script to relay emails to the internal recipients.
Thanks & Regards S.Nithyanandham -
HI,how to find roles for user based on userid?
hi,
i need to find roles for each user based on user id.
can i know any one knows this how to get roles for user?
thanks,
jpullareddyhi,
i solve my self.
i am getting values
jpullareddy -
Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?
Hi all,
I'm running a site that requires user login. I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
However, I guess I never learned the correct way to handle a user login. It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number. Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
<cfset This.Sessionmanagement=true>
<cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
<cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
<cflocation url="../index.cfm" addtoken="no">
</cfif>
...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID. If not, all session variables are cleared and it bounces you back to the login page. When the user clicks Logout, all I do is delete all the session variables.
This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity. You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application). I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
SO: any reason you can think of why session variables would be spontaneously clearing for some people? Would having your router reset its IP address invalidate the session or something? Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
And on a more general note... did I go about this completely the wrong way to begin with? If so, what's the standard way to manage a login?
Lots of questions, I know... thanks very much for any answers or suggestions!
JoeIan,
Thanks very much - very helpful information.
Sounds like passing the tokens in every request is probably the way to go for this. I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
Is that all I would have to do, is add the tokens to every path? Would that guarantee that all the session variables would remain valid until timeout or being cleared?
Again, thanks, you've been really helpful.
Joe
On Jun 23, 2010 4:37 PM, Ian Skinner <[email protected]> wrote:
Unfortunately this is the nature of HTTP web applications. There is NO state maintained from HTTP request to request. This is by design in the HTTP protocol specifications.
ColdFusion provides two methods to circumvent this limitation. Each method has limitations and caveats. They both rely on the passing of tokens between the client and the server with every request. These tokens can be passed as cookies OR URL (GET) variables. You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method. If something happens to the cookies the session can be lost.
You could pass the (CFID & CFTOKEN) OR JESSIONID tokens through the URL query string with every request. This requires one to add these values to every link, form action, cflocation or other request path in our application. ColdFusion provides the session.urltoken variable to make this easier to do. The tokens will be visible to the user. Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case). Then that user will access the session of the original user.
Cookie session management is by far the most common choice by CF developers. If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications. One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server. Thus not suffer the stateless nature of the normal HTTP request-response cycle.
I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated. But I would not think it is beyond the relm of possibilities. -
How to create Roles in UME (ABAP+JAVA stack)
Hi,
I have created roles earlier on JAVA stack alone. However, this time I am working on JAVA+ABAP stack. When I am trying to create role in UME, I am getting only two tabs:
General Information
Assigned Groups
I am not getting Assinged Actions tab here.How do I assing actions ?
Can any one please help me in creating roles in ABAP+JAVA stack.
That would be a great help!
Regards
FaisalHI Faisal,
When ABAP is the UME, you can only edit users / groups that are J2EE only. Any group that is defined in ABAP is read-only for the Java Server to prevent conflicts (there is no synchronization) and has to be changed in ABAP.
Please take a look at this link, which has a great graphic describing this.
http://help.sap.com/saphelp_nw04s/helpdata/en/7c/36dcd59865b246b993c471199ba37a/content.htm
So, if the Java group was created in ABAP, the ABAP user has to have the ABAP role assigned to him, so that he is in the group on the Java server. make sense? The graphic in the link above really explains it well I think.
If you a new / custom Java group (not in ABAP) then you should be able to assign users to it from the Java server. -
Authorization scheme for users stored in a database table?
Hello!
I'm trying to find out how to make an authorization scheme for database users.
I first made an authentication scheme for my current application, I named it "Authentication for database accounts", and the scheme type is "Database Accounts".
A word of explanation:_
I have a table in my database, named "USERS". Inside this table, I have the following columns:
- USERID (NUMBER)
- USERNAME (VARCHAR2(50))
- PASSWORD (VARCHAR2(50))
- EMAIL (VARCHAR2(200))
For this question, I'll take an example user. The username is USER and the password is USER. Email and UserID don't matter here, but let's just say the UserID is 1.
What I want:_
When you go to the application, and you are requested to log in (page 101), then I want a user to be able to log in with the data that has been stored in the USERS table.
So, on the login page, the user will enter USER as username, and USER as password. The authorization scheme then needs to check whether or not this username and password match the data in the USERS table. If it does, then it must sign the user in with the credentials the user entered (those being USER and USER).
I also want the UserID to be stored somewhere in the application (if possible, in an application item).
How do I do this? I've never made an authorization scheme before... I'm not too good with PL/SQL either, but I'm working on that part.
Any help is greatly appreciated.I'm trying to find out how to make an authorization scheme for database users. I think there may be some confusion here. An authorization scheme gives the user access to different parts of an Apex Application. Database users are the users that you use to login to the database, for example with sqlplus.
From the rest of your post it sounds like you need a custom authentication scheme to validate users against a custom table. For this you need to create a custom authentication scheme and select use my custom function to authenticate. Exactly how you set up the authentication scheme depends on the version of Apex you are using. But an example of validate user function you could use is given below:
function validate_login (
p_username in varchar2
, p_password in varchar2) return boolean
is
v_result varchar2(1);
begin
select null into v_result
from USERS
where userid = p_username
and password = p_password;
return true;
when no_data_found then return false;
end validate_login;Once the user has successfully logged on the userid will be in the APP_USER apex substitution string.
And for Application Express Account Credentials, does this mean an admin must make each new user by hand?If you using Apex account credentials the user details are stored within the Apex tables. You can create users using the Apex admin application or by using the APEX_UTIL.create_user api.
Rod West -
What are the benefits of single JAVA stack?
Dear all,
what are the benefits of a single stack SAP BI/BW (JAVA) - which functionality is inside a JAVA Single Stack that is not in a Double Stack inside?I think that the ram advantages of 64 bit computers is just a minor issue with most existing Mac computers. The average user today has between 2 to 8 GB's of ram. This amount of ram is easily handled by existing OS's like Leopard.
I believe that the actual benefits for most users will be when the code of their applications is re-written to run in 64 bit code.
From Apples Page on New Technologies: "It can also enable computers to crunch twice the data per clock cycle, which can dramatically speed up numeric calculations and other tasks." And on the same page: "64-bit applications can use more advanced security techniques to fend off malicious code".
http://www.apple.com/macosx/technology/
The 'twice the data per clock cycle' will affect all users regardless of how much ram they have or plan to buy for their machines. More data per cycle means more speed. Better security built into the OS is always a plus.
This is why a MBP with a 3GB limit will still want to run a 64 bit application, and my new iMac with an 8GB limit will still benefit from Snow Leopard.
I view all this extra memory abilities as something very far off for Mac users today. Ram prices will have to go down even lower, new machines will have to be bought with new ram management chips, etc.
Meanwhile, most of Apple's applications are currently running in 64 bit even if the Kernal is running at 32 bit, and other companies (like Adobe) should be coming out with 64 bit versions of their applications. Most experts agree that since the Kernal runs very low-level functions, it won't benefit from 64-bit operation near as much as user applications.
The big delays here, are for hardware drivers to work in 64 bit, and also for helper applications like Flash. Apple knew this going into the SL project. It's going to take a year or so until almost all of our programs are upgraded. Meanwhile, both 32 bit and 64 bit programs will run on Snow Leopard.
Message was edited by: dechamp
Maybe you are looking for
-
HT1766 HOW CAN I CHANGE MY BACKUP FOLDER FROM THE C DRIVE TO ANOTHER?????
HOW CAN I CHANGE MY BACKUP FOLDER FROM THE C DRIVE TO ANOTHER????? because my c drive in the windows computer gets filled and i need to back up my ipod to a portable hard disk.. bt i dont know how to do it.. plz help
-
Edge doesn't appear on CC installer as an item for update
Can I find out why Edge and Lightroom that are installed on my Mac did not appear on the CC installer? I need to update Edge to the latest version as I need to do work on that was created on the latest version which cannot be open on the current vers
-
L/R channels reversed on headpho
Hey all, I'm a bit of a newb here, so bear with me. I'm having a problem that's driving me nuts. I have a Audigy 2 ZS Platinum. When I plug my pair of Sennheiser HD 580 headphones into the headphone jack on the front panel, the left and right channel
-
I would love to hear if anyone else has had this problem and if you were able to fix it and how.
-
How do I enable the flip/flop image button in the geometry room?
How do I enable the flip/flop buttons in the geometry room. A noob question to be sure, but I just can't figure it out. The buttons are grey, and won't respond when I click on them. I shot on the HVX using the brevis adaptor, so the footage is all up