XI IR and ID authorizations problem

Similar Messages

• IPad and Mac authorization problems.

  When I plug in my iPad 2 into my Mac iTunes says that it is no longer authorized to play things that I have purchased on my iPad.  It took off more than half my apps and I cannot put them back on.  When I try to authorize my computer, it says that it is already authorized.  Please help!

  Have you downloaded apps on your iPad from two different accounts? For example, your friends account then your account.
  If so, click authorize this computer, and then authorize the other account.

• Authentication and Authorization Problems with IIS 6 and Jrun 4

  Hello all,
  I am using IIS 6 with JRun 4 as my app server, and I am having problems trying to get authentication and role authorization with Windows Integrated Authentication to work. I have set up IIS 6 to pass-through the authentication credentials to Jrun, without using an anonymous user. What I have done is written a small test servlet that displays the username of the logged in user, and then tries to check if a user is in a test role that I set up in my database. I have specified that a roles table is to be used by specifying a JDBCLoginModule in Jrun's auth.config file. The code for the servlet is below:
  package testauthenticationapp;
  import java.io.IOException;
  import java.io.PrintWriter;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class SecureTestServlet extends HttpServlet {
     private static final String CONTENT_TYPE =
        "text/html; charset=windows-1252";
     public void init(ServletConfig config) throws ServletException {
        super.init(config);
     public void doGet(HttpServletRequest request,
                       HttpServletResponse response) throws ServletException,
                                                            IOException {
        response.setContentType(CONTENT_TYPE);
        PrintWriter out = response.getWriter();
        out.println("<h3>REMOTE USER: " + request.getRemoteUser() + "</h3>");
        if (request.getUserPrincipal() != null){
           out.println("<h3>" +request.getUserPrincipal().getName() + "</h3>");
        } else{
           out.println("<h3>User Principal is null</h3>");
        if (request.isUserInRole("Test_Role")){
           out.println("<h3>User is in Test_Role</h3>");
        } else {
           out.println("<h3>User is NOT in Test_Role</h3>");
        out.close();
  1.  What I am seeing is that when request.getRemoteUser() is called, the username information is what I expect it to be. It is of the form <Domain>\<Username>. When I try to redisplay the username using the request object's Principal object, the call to request.getUserPrincipal() returns null. This is a little confusing to me since I thought that essentially getRemoteUser() was a short cut for calling getUserPrincipal().getName(), and if I get something for getRemoteUser, getUserPrinicipal should return something as well. I guess they work differently at some level. Has anyone ever encountered this before?
  2. When I call request.isUserInRole("Test_Role"), it returns false. I've checked the role name being called for typos in both my database and in the code, and that does not seem to be the case. I think the setup in auth.config is properly configured because I have created many other applications using declaritive FORM based authentication, and the role information was retrieved fine from the database. I would think that when I use request.isUserInRole in my servlet code it would use the same role information, but I could be wrong since this is a different type of authentication. Do you think that the reason request.isUserInRole() is returning  false could be tied to the fact that request.getUserPrincipal() is returning null (even though getRemoteUser() is returning a valid username)? How does request.isUserInRole() get its user information, by using getUserPrincipal().getName() or getRemoteUser()?
  Any help that is provided is appreciated. Thanks in advance.

  Try This...
  Close All Open Apps...  Perform a Reset... Try again...
  Reset  ( No Data will be Lost )
  Press and hold the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Release the Buttons.
  http://support.apple.com/kb/ht1430

• Crystal Reports and Authorization Problems

  I am having an issue with Crystal Reports and User Authorizations.
  I was build a Crystal Report and import into SAP Business  One (SBO 8.8 PL18 HF). After that i give full authorizations for this report in some users. Then if the user login in SBO and choose to see the report his has the following error
  You are not permitted to perform this action - "The name of the Report " [Message 200-30]
  or
  You are not permitted to perform this action - "The name of another Crystal Report " [Message 200-30]
  This happen also if I edit a crystal report and re import the new version.
  If i change the user to Super User  then there is no Problem but i don't want something like this. Is something going wrong with Import Crystal Report and SBO menu items?
  Any Idea?
  Thanks In advance
  Edited by: Apostolis Andrikos on Feb 17, 2011 1:25 PM

  Hi Balakumar,
  I had tried also with the way that you suggested...
  Only if I give full authorizations for all the modules itu2019s possible for the user to open the crystalu2026
  And I said possible because sometimes with full Authorizations everything it is ok and sometimes not.
  The most strange thing is that if I choose to open a Crystal Report  the display error as i said before is
  for another Crystal Report in SBO menu.
  e.x I choose to run a Daily Cash Report from the User
  and the ERROR Said
  "You are not permitted to perform this action - Outgoing Payments Message 200-30"
  Thanks for your Response

• Tacacs problem with ACS 4.2 NDG and shell authorization sets

  Hi all,
  I am trying to solve this problem without success so far. I have fresh ACS 4.2.15 patch 5 ACS installation and I am tryng to deploy it to our environment. So I have configured one 2960S to be my test client and everything works fine. Problem is when I try to create fine grained policies using network device groups and shell authorization sets.
  I have created shell authorization sets called ReadOnly and FullAccess. I have also created NDG called FloorSwitches and added my 2960. I have 2 user groups called FloorSwitchesReadOnly and FloorSwithcesFullAccess. Now, if I configure group FloorSwitchesFullAccess and assign Shell command authorization set per NDG and then log into the switch, all of my commands are refused as unauthorized.
  One thing that I have noticed is that if I assign shell command authorization set to any device ( in user group settings ) it works fine. Or if I create association with DEFAULT NDG in user group it also works. So my conclusion is that ACS for some reason does not associate my switch with correct group but rather puts it to DEFAULT group for some reason.
  Did anyone had similar problem or is there something that I am doing in a wrong way? Is there another way to achieve such thing without using NDG's?
  Thanks everyone....

  Please upgrade to patch 6, there is a bug in patch 5 and you can check the release notes or the readme for more information.
  What is your user setting set to while you are testing command authorization, did you set it back to the group setting?
  Thanks,
  Tarik Admani

• Profit center and comapny code missing authorization problem.

  Could you help any body,i have some missing authorization problem with profit center and company code,
  How to search the roles  which having require profit and company code values.
  Is there any way to search.
  Please let us know very fast.
  Thanks in advance

  Another, and probably much easier way, is just to use Ctrl + Y... and use subsets of the selections in the SUIM reports.
  But I can well understand the temptation to use tables or at least double-check the SUIM output against them.
  The bugger with tables is that you can easy make the same mistakes or more than the SUIM reports do, or use old obsolete tables, or incorrect logic when interpreting single fields of the user tables.
  Personally,  I would normally check the exits first. Developers don't always raise self-explanatory messages...
  Cheers,
  Julius

• PHP and MySQL Connection problem

  I am trying to make a PHP MySQL on a remote server connection in Dreamwesaver CS3.
  When I enter the information (host, user, password, etc.) and hit TEST, I get the following error message.
  "Access Denied. The file may not exist, or there could be a permission problem. Make sure you have proper authorization on the server and the server is properly configured."
  I know the user, password, etc. work, as I can access the MySQL database with other software.
  I checked with my host and they say there are no permission problems on their end.
  I have checked the settings on the Test Server page in Site Setup and everything looks correct and works there.
  I have not seen this particular problem described in other forum postings (although there are a LOT of postings on this topic!).
  Any help would be appreciated.

  I thought my testing server was the remote server and is always on as far as I know. I don't know how to turn it on or off.
  Is there some other testing server that I should be aware of?
  Frank
  Date: Wed, 3 Jun 2009 15:43:02 -0600
  From: [email protected]
  To: [email protected]
  Subject: PHP and MySQL Connection problem
  I know you are using remote, but is your testing server on? if not turn that on and see if that does it. it just happened to me working on remote server and could not get mysql conn to work, until I turn on my testing (developer server), then I was able to connect to mysql and the tables that I created in phpmyadmin remotly was downloaded.
  >

• How I fixed my authorization problem

  There have been many posts on the authorization problem that has cropped up since the latest update of iTunes, and there doesn't seem to be universal cure. I fought it myself for a couple of weeks, and recently fixed it on my PowerBook and thought I would share it with others.
  The common theme here seems to be that it affects people who have had more than one account in iTunes. For the record, I have NEVER purchased music from the iTMS using a different account, so I was confused as to why this was happening to me.
  I have two Macs in play here: an older eMac at home and a PowerBook G4. My initial iTunes library started on the eMac, and then I moved it to my PowerBook a little over a year ago when I bought it. I purchased music from the iTMS on both Macs, using the exact same account.
  When I upgraded iTunes on my PowerBook, I reauthorized using my only account, and the music that I had purchased since I transfered my library worked just fine. The music that I had purchased on my eMac simply would not authorize!
  It dawned on me yesterday that I setup a .mac account on my PowerBook several months ago, although I never used it in the iTMS and I never used it on the eMac at home. I also realized that I had NOT run iTunes on the eMac since the most recent upgrade.
  I installed the iTunes upgrade on my eMac, and proceeded to authorize it with my only known iTMS account. No issues, and all purchased music was auhtorized, including songs that would not play on my PowerBook.
  On my PowerBook, I decided to authorize using my .mac username and password, even though I have NEVER used it to purchase music. I didn't even own that account when the music files in question were purchased. As I suspected though, the authorization went through and I can now play all of my purchased music from iTMS.
  When I try to step through this logically, it makes my head hurt. There is definitely a major problem with Apple's DRM authorization relationship somewhere, as there should be no reason at ALL for any of my music to require my .mac account.
  I don't know if this will help anyone, but if you're struggling with it and you have a .mac account, give it a shot and it might work.

  The fact that you saw no glitches while running Logic before applying the update means almost nothing because that uses only a small subset of system resources. Far more significant is that Safe Mode restored some missing functionality: because it disables non-essential items like user fonts, third party drivers, & so on, it points to problems in those areas.
  Equally significant, the fact that there are relatively few reports of post-update problems among the several million Snow Leopard users points away from the update itself as the cause of your problems.
  Separate & apart from that, it so happens that I'm a sound engineer/system designer/board operator with nearly 40 years of professional touring experience. FWIW, I never have & never will update the software of any system I must rely on professionally (whether it is running on a Mac, a PC, or dedicated hardware) unless & until I can thoroughly test it first and I have a trustworthy backup/recursion strategy to fall back on in case of problems.
  I strongly suggest you learn from your unpleasant experience & do the same. I have had far fewer problems with Macs than with PC's, but nothing is 100% reliable to begin with. Changing the OS software part way through the tour is just asking for trouble, no matter how reliable that has been in the past. Even if the budget allows for nothing better than a stack of burned CD's & a couple of consumer grade CD players, no professional tour can afford to be without some fallback strategy in place. That should be self-evident & require no warning from Apple or anybody else.

• Authorization problem when using the Transaction Launcher

  Hi All,
  We have an authorization problem when we call a transaction (EL37) in ECC from the IC Web Client.
  We believe that we have done all the necessary customizing in CRM and when we press the link in the Navigation Bar we are asked to logon to our ECC system. After logging on, we get an error message saying that "You do not have authorization for transaction EL37". If I then enter the transaction directly in the white command field in top of the ECC screen, then I have no problem calling the transaction.
  My user has SAP_ALL, so it shouldn't be a problem with the authorizations. Maybe it has something to do with the transaction IC_LTXE? I have also tried to add this transaction to my user profile, but that didn't help.
  Does anyone have a suggestion for how to fix this problem?
  Kind Regards,
  Gitte.

  Hi,
  I have found the solution for the problem myself. The transation code in the Transation Launcher Wizard must be written in capitals! We had entered 'el37' and have now changed it to 'EL37'.
  Best Regards,
  Gitte.

• Transport roles and analysis authorization with user assigned

  Hi expert,
  I face with this problem transport roles and analysis authorization with user assigned. When I have created a transport request to move the roles and analysis authorization from development system to test system. I couldnu2019t maintain the user assigned, after transport I have to assigned manually all of user or create a program to fill AGR_USER table or there are other way.
  Thanks for your time,
  Luis

  Hi,
  In role administration, you have the following options for transporting roles:
  You can download the roles from one system and upload them into another  
  You can import the role from a remote system using RFC  
  You can transport the roles with the transport function.
  Role upload loads all role data, including authorization data from a file into the SAP system. The user assignments for the role and the generated profiles for the role are exceptions in this case.
  Transporting Roles with the Role Transport Function
         1.      Start the role administration function by choosing Tools ® Administration ® User Maintenance ® Role Administration ® Roles (transaction PFCG).
         2.      Enter the role to be transported and choose Transport Role.
  The Mass Transport of Roles screen appears. You can control the default settings for the options Also transport single roles for composite roles and Also transport generated profiles for roles using Customizing switches (see Role Administration Functions in the section Functions of the Utilities Menu).
  You should not change the authorizations profiles of the role after you have included the role in a transport request. If you need to change the profiles or generate them for the first time, transport the entire role again afterwards.
  For more information go thrpugh the below link
  http://help.sap.com/saphelp_nw70/helpdata/EN/6d/7c8cfd410ea040aadf92e1f78107a4/content.htm
  Regards,
  Marasa.

• ATV2 "authorization" problem

  So, I purchased an ATV2 at Heathrpw airport before I left UK as well as a cheap (£14.95) HDMI cable.
  I wanted to use the ATV2 in my home in Switzerland and purchased a Sony Bravia TV to watch it on.
  1. My first problem, when streaming content from my iTunes is that the ATV2 sometimes gets "disconnected" from the television, i.e. I see the blnk HDMI1 screen for a split second, then it reconnects.
  2. Second problem is that after about 15 minutes of watching anything on my ATV2, the picture turns to a combination of pink and blue, the picture is still visible but i have never seens anything like this.
  3. third and most annoying problem: I rented a movie directly from ATV2 last night (with my UK iTunes account), paid for it, and when it pops up on the screen saying it is ready to be watched, I pressed play but it loads, then authorizes and then a message appears that "this device is not authorized to play this content".
  I thought that perhaps this was one movie, so I rented a second one. When that didnt work, I figured it may be because I am in Switzerland and using a UK iTunes account, so I logged into my swiss one and rented something else. To no avail!
  *Things I have done to try and fix the problems*
  1. I have authorized and de-authorized my computer
  2. I have reset the ATV2 to its factory settings
  3. I have tried Swiss as well as UK iTunes accounts to rent movies
  This is increedibly frustrating and I hope someone can help! Thank you in advance!

  I too got an ATV 2 very recently. From my iMac I can order movies and watch them (as well as music, etc.). From my MacBook Pro I can do all except stream movies. Every time I try something new on the MacBook Pro (I keep buying the same two movies, so "they" know I am sincere), I get authorization problems.
  1. REMOTE: I can preview but not watch ATV 2 movies using the remote: "your apple tv is not authorized to play this content."
  2. MACBOOK PRO: I cannot use my macbook pro itunes to order and watch movies (music yes, movies no): "Authorization is required..." even though I have authorized/reauthorized the laptop 10 times. And I have reset/restored ATV 2.
  3. IMAC: I can use my iMac itunes to order movies. I then choose that computer on the ATV 2 screen and movies stream.

• BI Authorization problem query in web

  Hello Guru,
  i have authorization problems to execute query on the Web.
  When i try to execute query on web i have these messages:
  - Missing display authorization msg R9 108
  - Missing authorization to execute query msg R9 108
  - User doesn't have authorization for selected component
    Component selected can not be executed
    Contact person responsible for the authorizations if user need authorization to execute this component
    Function is checked with object "Business explorer - components" with these fields:
      - InfoCube ZSD_007
      - Component type ERP
      - Component ZTEST_SD_007
      - Activity  16
    Message number BRAIN 800
  In BI i have add to my usere all these profiles and role, but the problem still again:
  Profiles:
  SAP_ALL                                                                               
  S_A.SYSTEM               System administrator (Superuser)
  S_RS_ADMWB_A        All Administrator Workbench Authorizations
  S_RS_EXPL_A             All Business Explorer Authorizations
  T-BS590005                  Profile for role Z_RS_RREPU
  T-BS590006                  Profile for role Z_RS_RREDE
  Roles:
  SAP_BW_CFO_ADMIN
  Z_RS_RREDE   (copy from template  RS_RREDE)
  Z_RS_RREPU   (copy from template  RS_RREPU)
  I can not understand if this problem is related to BI authorization or maybe something in Netweaver
  please help me
  Kind regards
  Boris

  Hello,
  i can execute query from transaction RSRT, anyway also from this transaction when select "ABAP WEB" , web page is open but i have same authorizations problem.
  In transaction SU53 seems everithing correct (i have all authorizations) .... this is probably becouse my problem is in Portal or netweaver side and not in BI ???
  any suggestion?
  Thanks in advance
  Boris

• IP device tracking and idle timer problem

  Hi,
  We are deploying 802.1X in our network and have encountered problem with a type of payment terminal.
  The problem is that the terminal do not 'speak' to the network after the first initial DHCP request, the terminal waits for incoming packets from a counter to start the payment process. After the idle-time the MAC is flushed from the switch and the port is not authorized any more.
  To solve this we set 'authentication control-direction in' on the port and use 'ip device tracking' to keep the client on the network, ip device tracking sends an arp request every 30 seconds to clients.
  Our ISE is sending Radius:Idle-Timeout = 300 and the timer start to count down when the client is authenticated.
  In Wireshark, I can see that the ARP request is going out and the ARP reply coming back in but this does not update the inactivity timer for the client. So after 5 minutes the port is gone, and there is no way to get the port up again from the network. Traffic from the client brings up the network.
  This looks like a bug to me, anyone seen this, or a similar behaviour?
  Running:
  ISE 1.2p6
  IOS 12.2(55)SE6
  From Trustsec 1.99 Wired 802.1X Deployment Guide:
  Tip Enable IP Device Tracking with inactivity timers to keep quiet endpoints connected. When IP Device Tracking is enabled, the switch periodically sends ARP probes to endpoints in the IP Device Tracking table (which is initially populated by DHCP requests or ARP from the end point). As long as the endpoint is connected and responds to these probes, the inactivity timer is not triggered and the endpoint is not inadvertently removed from the network.
  From CLI output
  SW03#sh auth sessions int fa0/4
              Interface:  FastEthernet0/4
            MAC Address:  xxxx.xxxx.5289
             IP Address:  10.10.10.64
              User-Name:  XX-XX-XX-XX-52-89
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-auth
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
        Session timeout:  N/A
           Idle timeout:  300s (server), Remaining: 2s
      Common Session ID:  0A17BD07000000A925152A7B
        Acct Session ID:  0x00000458
                 Handle:  0x090000A9
  Runnable methods list:
         Method   State
         dot1x    Failed over
         mab      Authc Success
  SW03#
  SW03#
  SW03#
  SW03#sh auth sessions int fa0/4
              Interface:  FastEthernet0/4
            MAC Address:  Unknown
             IP Address:  Unknown
                 Status:  Running
                 Domain:  UNKNOWN
         Oper host mode:  multi-auth
       Oper control dir:  both
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0A17BD07000000AA251A0019
        Acct Session ID:  0x00000462
                 Handle:  0x800000AA
  Runnable methods list:
         Method   State
         dot1x    Running
         mab      Not run

  Here is the port config.
  Just to clarify, everything is working except that the terminal is losing the authentication. The terminal works again if traffic is initiated from the terminals menu, like with ping.
  interface FastEthernet0/4
   description Standard
   switchport access vlan xxx
   switchport mode access
   switchport block unicast
   switchport voice vlan xxx
   switchport port-security maximum 2
   switchport port-security
   switchport port-security aging time 5
   switchport port-security violation restrict
   priority-queue out
   authentication control-direction in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan xxx
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication timer inactivity server
   authentication violation restrict
   mab
   no snmp trap link-status
   dot1x pae authenticator
   dot1x timeout tx-period 5
   storm-control broadcast level pps 100
   storm-control multicast level pps 100
   storm-control action trap
   spanning-tree portfast
   service-policy input users

• Confusion on iTunes Plus Files and Computer Authorization

  I wonder if someone could help me alleviate some confusion surrounding iTunes plus files and computer authorizations.  I personally also have iTunes match on my account.
  Reading online it appears that all iTunes Plus files do not not have DRM. I have this setup on my main iMac in my house. Now, I am copying music to my wife's laptop via home sharing. She is not using iTunes match because she has her own iTunes account. The home sharing is using her iTunes account. What is confusing me is that her laptop asking me to authorize the computer for playback of the audio files under my iTunes account. Why is this occuring if there is no DRM on the files?
  I understand that I need to authorize machines for my iTunes match account, but these all should theoretically be DRM files that I am dragging and dropping via home sharing to her machine. Can anyone clarify what is going on in this situation?

  Go to Store -> View Account. Log in to your account and click Purchase History. Then click Report a Problem. Then choose your upgrade purchase and explain your situation.

• BW BEX Queries and Analysis Authorizations

  Hello....
  Have an opportunity with BW BEX queries and Analysis Authorization...would like to see if anyone has had the same experience and if so is there a answer....
  1) given a query....
  2) given a analysis authorization with a info-object that has intervals defined to be both single values and ranged values
  the following happens...
  after the query is fired the starter screen appears...the info-object in question appears with the defined single values only....if....the window is opened....again only the single values appear...the range values do not appear...once the query is executed the only results given are those for the single values...
  also if you re-fire the query and manually enter a valid value for the info-object that falls with-in any of the range values no result is given...even if there is data for it....the reponse given is no data found....
  NOW...if the single values, for the given info-object, are removed from the Analysis Authoriization then the range values appear and work....
  Is this a problem within in the query...or...is this a "feature" of the query...and thus must be "lived" with...
  Terry
  PS...this problem currently only happens if the window for the info-object allows for multi-selection....this problem does not occurr when the window only allows for one selection...

  Hi,
  This is a known problem with analysis authorization and multi selection IO selection criteria.
  When you define the analysis authorization with ranges and when you try to enter single values on the selection critera of the query, then the system shows zero data.
  You can run the query without entering any selection values for the IO in question only.
  I have tried several combinations and still encountering the same issue.
  Ravi