You are not authorized to create users in group

Similar Messages

• "You are not authorized to change users in user group XY"

  Hello,
  I ran a report. Within that report, a BAPI is called. It's name is user_change.
  That BAPI enables you to change user details like passwords and so on...
  When I tried to change the user's password, an error message occured.
  "You are not authorized to change users in user group XY"
  The user belongs to the group XY.
  After an unsuccessful pwd change, there is no SU53 file!
  So how could I solve that?
  Could I explicitly define for which user groups, passwords can be changed?
  Any other ideas?
  Thanks a lot in advance,
  holger

  Hi Holger,
  May be they might have restricted to change password. See <a href="http://www.sap-basis-abap.com/bc/restrict-role-to-unlock-lock-change-password.htm">this</a> for more details.

• You are not authorized to schedule user SM_EFWK in sm21

  Hello All,
  We have solman 7.1 system.
  CCMS_CPH_RAW_DATA_UPDATE BG job has been triggered in every one hour once and it is finished successfully.
  But in SM21 we are receiving the message like that, It is in green color anyway we need to fix it.
  I have searched in SMP and http://scn.sap.com/thread/90664 as well I’m not getting anything. Kindly give a suggestion to fix this.
  Thanks,
  'Priyanga G

  Hi Karthik,
  I have checked the SM_EXTERN_WS user role.
  The two roles are in the security document: 
  1)      SAP_SM_EXTERN_WS
  2)      SAP_J2EE_ADMIN
  These two roles are present in the user SM_EXTERN_WS with the name
  ZSAP_SM_EXTERN_WS
  SAP_J2EE_ADMIN
  Weather ZSAP_SM_EXTERN_WS role is there instead of SAP_SM_EXTERN_WS .
  Is it creates a problem?
  In solman_setup TC where do I need to check the user details in step1?
  Thanks,
  Priyanga G

• Not authorized to create users

  HI,
  We installed WebAs 640 SR1, First for ABAP and installed J2EE Plug-in. And deployed Portal 6.0 SR1 and Collaboration.
  I logged in as J2EE_ADMIN user, who has administrator roles. When i tried to create a new user, i am getting the following error: "Could not create a user". When i see the error message in "defaultTrace.o.trc", the following error message displayed:
  We haven't connected to any LDAP.
  #1.5#0002B32BE31500590000000300000E100003F47E9A7D9929#1113249525140#com.sap.security.core.persistence.datasource.imp.R3Persistence#sap.com/irj#com.sap.security.core.persistence.datasource.imp.R3Persistence.createPrincipalDatabag()#J2EE_ADMIN#1271##ep60_SC2_2277150#Guest#11ec48b0aac411d9b42a0002b32be315#Thread[PRT-Async 2,5,PRT-Async]##0#0#Error#1#/System/Audit#Java###An exception was thrown in the UME/ABAP user management connector. Message: . --> #2#BAPI_USER_CREATE1@SC2CLNT000: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group#com.sap.security.core.persistence.datasource.PersistenceException: BAPI_USER_CREATE1@SC2CLNT000: ID=01, NUMBER=491, MESSAGE=You are not authorized to create users in group
       at com.sap.security.core.persistence.datasource.imp.R3PersistenceBase.handleBapiRet2Table(R3PersistenceBase.java:3136)
       at com.sap.security.core.persistence.datasource.imp.R3Persistence.doBapiUserCreateChange(R3Persistence.java:5265)
       at com.sap.security.core.persistence.datasource.imp.R3Persistence.doDispatchWrite(R3Persistence.java:3622)
       at com.sap.security.core.persistence.datasource.imp.R3Persistence.createPrincipalDatabag(R3Persistence.java:1570)
       at com.sap.security.core.persistence.datasource.imp.R3Persistence$R3PersistenceTransaction.commit(R3Persistence.java:7395)
       at com.sap.security.core.persistence.imp.DistributedTransaction.commit(DistributedTransaction.java:1061)
       at com.sap.security.core.imp.UserMaint.commit(UserMaint.java:543)
       at com.sap.security.core.admin.UserBean.createUser(UserBean.java:565)
       at com.sap.security.core.admin.UserAdminLogic.performUserCreate(UserAdminLogic.java:2628)
       at com.sap.security.core.admin.UserAdminLogic.executeRequest(UserAdminLogic.java:544)
       at com.sapportals.portal.prt.component.usermanagement.admin.UserAdminComponent.doContent(UserAdminComponent.java:71)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
       at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
       at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
       at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
       at com.sapportals.portal.prt.core.async.AsyncIncludeRunnable$1$DoDispatchRequest.run(AsyncIncludeRunnable.java:377)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sapportals.portal.prt.core.async.AsyncIncludeRunnable.run(AsyncIncludeRunnable.java:390)
       at com.sapportals.portal.prt.core.async.ThreadContextRunnable.run(ThreadContextRunnable.java:164)
       at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:729)
       at java.lang.Thread.run(Thread.java:534)
  Could you anyone please help me.
  Thanks
  Vijay

  Hi,
  I have the same problem. Could you solved the problem??
  Have you documentation about UME configuration?? I am begin the configuration of portal ep 6.0 Sp9 and I have problem with the function create user.
  Thanks you, I hope that can you help me!!!
  Dayana

• You are not authorized to page for Create button only

  Background fact: we just updated to APEX 3.2.
  I have an existing page that works fine with a report region that you can edit or click on a button to add a new record on a new page.
  I attempted to add a region with a tabular form region. When I attempted to add my first record in a new table (no existing records) I got the message that "You are not authorized to page!". Since I had to add yet another editable region, I decided to just put 2 report regions on the existing page instead of using the tabular form. I did so, and all works well until I click on the Add buttons (either one of the 2 new buttons associated with the 2 new report regions). When I click on these buttons, I STILL get the "You are not authorized to page!" error. The edit works fine.
  I checked the security on the old page, and it is set up with no authorization scheme, authentication: Page requires authentication, and Form Auto Complete On.
  The new pages are set up the same way.
  I don't understand why one region would work and the other, new regions won't. Could it have something to do with the upgrade?
  I hope you have some suggestions.
  TIA,
  Deb

  Export the application and look for "You are not authorized to page!" in the file. That will tell you where the message is coming from.
  Scott

• You are not authorized to execute this application in SAP E-Recruit

  Hi,
  We are getting the below error while going to recruitment page for recruiter:
  "You are not authorized to execute this application"
  At the same time when we check in SLG1, we get the below errors:
  No candidate could be found for US E0023127
  The error occurred in program CL_HRRCF_CANDIDATE============CM003 line 361
  Apart from this we are not getting any dumps/traces in ST22/ST05/ST01.
  When we encountered this error for the first time, we executed the report RCF_CREATE_USER in SE38 and the problem was resolved.
  We got the error again 2 days back, after that also it got automatically resolved. But, now we are getting this error continuously.
  We also tried re-executing the report RCF_CREATE_USER and HRALXSYNC but no use.
  The service user (for recruiter) is a reference user from RCF_CAND_INT.
  We have also tried giving different roles and authorizations to the user.
  SAP_ERC_RECRUITER_CI_4
  SAP_RCF_RECRUITER
  SAP_ERC_REC_ADMIN_CI_4
  SAP_ALL
  We are in ECC 6 EHP 6 and we have a standalone EREC system with ERECRUIT 617 SP3.
  We are stuck at this point in our EREC project.
  Kindly provide your valuable suggestions for this issue.
  Thanks in advance!
  Regards,
  Khushboo

  Hello Khushboo,
  the message you are getting is a bit misleading as it is the standard behavior of the quick search if the user you are logged in as recruiter does not have a candidate assigned. So the message in SLG1 points into the correct direction.
  I am not sure what you are meaning by "the service user (for recruiter)". Although table T77RCF_ROLE allows to specify a reference user for all roles in eRec only the entries for internal and external candidates are actually used. So the authorization assignment for the recruiter specific roles has always to be done directy for each user. A reference user could be overwritten / reset to RCF_CAND_INT by the ALE.
  What bothers me a bit is the user name and that you mention RCF_CREATE_USER and HRALXSYNC at the same time. This might be the reason for your issue. Looks like you created a candidate for a user using RCF_CREATE_USER which is later transferred in the ALE from HR Core to eRec. This was not a good idea. RCF_CREATE_USER is only for creating project users when the HR core to eRec and for special users who need a candidate while do not have an employee id in HR core (e.g. WF-BATCH). This is why I always recommend to use non-production user Ids for everyone during project phase. Its been quite a time some of my projects did otherwise and I remember a similar issue with one of the customer admins. Everytime data for the user / employee was send in ALE the candidate / user was messed up.
  Getting this fixed was quite troublesome. In the end we had to dump the original candidate. We deleted all records between candidate object, central person, business partner and person object in HRP1001. By that time the customer was still on the old ALE version so today I would also delete all entries in HRP558X infotype tables for the employee. Then I would first try to finger the employee id (e.g. change the name, save, directly change it back, save again ) so it is transferred during the nightly processing of the change pointers and put in the IDoc. If this is not working I would try to transfer it again using PFAL.
  Kind Regards
  Roman     

• CProjects - DMS integration:26 036 You are not authorized for with doc.type

  Hi Experts,
  I need to use cProjects integration with DMS. When I try to create a link to an existing document I find the following error:
  26 036 You are not authorized for with document type DRW
  My user has authorization to the doc type in the DMS system (linked by RFC to cProjects system). I also have defined the object link in the document type.
  Do you know which configuration may be missing?
  Thanks in advance!
  Neil

  Hi Niel,
  How is the RFC connection established between DMS and cProjects system? Do check the authorizations of the RFC user through which the connection is established.
  Regards,
  Vivek Pandey

• While running tcode vn01, getting message you are not authorized

  Hi friends,
  one of the end while running tcode vn01 is getting message you are not authorized to use this function, earlier it was working fine and still it is working fine in quality, so please suggest what might be the problem,
  Regards,
  Tarun

  Dear Friends,
  Thanks a lot for your help, my problem has been resolved.
  let me once again explain you what was the problem and how it got resolved.
  Problem: when user was running tcode vn01, he use to enter the very first screen of vn01 but with pop up that u are not authorized to use this function.
  although he was having the authorization for this tcode.
  Solution: i gave sap_all to the user and after giving sap_all his problem got resolved, so it become confirmed that its only authorization problem
  then i removed sap_all, checked related object of vn01 i.e s_number and its calling snum, i gave the authorization for snum and rnro but still he was facing the same problem
  Then i created new role with only vn01 and assigned to my user id it was working fine, so i assigned the same role to that user but again his problem didn't resolved, then i created the copy of user and started removing roles one by one, other and for the role having vn01 authorization, by doing this problem got resolved and the role which was blocking vn01 to run come into picture, so i thought some tcode might be blocking this but it was not the case the role itself was blocking that tcode because i created the copy of the same role which was blocking vn01 and assinged to user then it was working fine and problem got resolved.
  so what it concluded that might me the profile of that role was not created properly or may be it got corrupted or might be bug in ecc6.0
  Thanks to all friends who contributed for the same.
  i am posting one more question, please help me out in that also
  i

• When I try to launch terminal, i get an error "You are not authorized to run this applicationThe administrator has set your shell to an illegal value."

  When I try to launch terminal, i get an error "You are not authorized to run this applicationThe administrator has set your shell to an illegal value."

  If you'd asked a question in your original post it might have solicited more pertinent responses. As it is, you were stating a fact. No one knew whether you considered that fact a problem, or what you were hoping to gain by doing so.
  The simple addition of 'can anyone help me fix this so I can run Terminal' would have counted for a lot.
  As it is, your solution is likely to require the Terminal, so you're going to need to fix that one way or another. The simplest would be to create a new admin account (System Preferences -> Users & Groups) then log in using that account.
  Then try and launch the terminal. If that works the problem is specific to your original account and can likely be fixed via some command-line tweaking. I'd start with:
  dscl . read /Users/<username>
  (where <username> is the short name of the account having a problem). This will show the records in the directory data for your account, one of which will be UserShell. Chances are that value is invalid, or missing, and can be corrected via:
  sudo dscl . -change /Users/<username> UserShell <currentValue> /bin/bash
  (where <currentValue) is the current setting for UserShell) which will change the user's shell to /bin/bash (the default).
  Of course, you might already know this and already tried, but since you didn't say so in your original post it's worth checking.

• You are not authorized to enter the application

  Hi Gurus,
  I am working on crm 5.0 and configuring B2B Scenario,
  while trying to login E-selling user mangement URL,
  I am getting below error.
  "You are not authorized to enter the application'
  I have given all the authorization roles.
  Regards
  Chandramohan

  Hi Sateesh,
  Thanks for ur quick reply....
  I am getting error while entering into the User Management Link.
  I have maintained the below Authorizations needed to enter into this application.
  SAP_CRM_ECO_ISA_WU_B2C
  Internet User for B2C
  SAP_CRM_ECO ISAWU_B2B_FULL
  Internet User for B2B
  SAP_CRM_ISA_WEBSHOP_MANAGER
  Super User for Customer
  SAP_CRM_ISA_WEBSHOP_MANAGER
  Web Shop Manager to create Internet User
  Created one employee and maintained him as system user.
  Employee Number has been maintained as Alias in the SU01 for the user(weblogin)
  Did Iam missing anything.
  Regards
  Chandramohan

• "You are not authorized to edit the chosen object" in LWE

  Hello gurus,
    I want to edit the standard HTML content that is delivered with Life and work events. Before editing this, i want to copy the ESS HTML content package to a custom folder and then edit and modify as per my requirements. i navigated to Life an work events - US --> HTML content --> Content Package --> ESS HTML Content Package and clicked on Open. I am getting the error "You are not authorized to edit the chosen object".
  How do I access this content without any error? Do I need any specific roles to be able to access this content? i need to access this content to be able to copy and paste it to a custom folder.
  Also, when I tried copying at the ESS HTML content Package level and then pasting it into a custom folder, i get a popup with all empty rows and columns and there are two buttons OK and CANCEL.
  How do I copy this ESS HTML content package to a custom location?
  please suggest . 
  An update: Since I could not open/edit the standard ess html content package, I created my own HTML files from scratch and created a content package and uploaded my html files and folders into the custom content package. Now, I want one of the pages that I created to be displayed as the start page of one of my life and work events.
  How do I achieve this? What else is needed to call these html pages from the event?
  Please suggest and any help is really appreciated.
  Thanks,
  Maria Kutty Somori.....
  Edited by: MariaKutty on Jun 24, 2011 1:01 AM
  Edited by: MariaKutty on Jun 24, 2011 1:05 AM

  Hello Maria,
  I too tried earlier for copying these HTML content and paste them in my custom folder and then modify them....
  But I too faced the similar error as of yours.
  I dont' know the reason why this happens....I guess SAP does not allow you to modify there content.
  Nyways, there is always a workaround solution....
  You are spot on when you say...You are creating new HTML files from scratch.....but you dont' need to create from scratch !!
  You can still get these files.
  1. Check Directory Structure : Navigate to Life and work events - US folder in GP design time -> HTML Content -> Content Package ->  ESS HTML Content Package and click on "Open" then click on content tab..
  Here you can view all the content files supplied....additionally please note that there are two folders "CSS" and "Images".
  If you wish to create your own content from modification to SAP supplied content...then make sure in your own package these folders are also with similar directory structure.
  2. Come out of gallery and as an end user Open your life and work events page that you wish to modify.
  For e.g. ESS -> Life and Work events -> My First Days -> New Hire Checklist.
  3. Right click on HTML page and click on Properties.
  4. Copy the Address/URL of page.
  It will be something like :
  http://Host:Port/gpcore/ctpkg/094BABAA643911E091070000014B8BFA/NewHireCheckList.html
  5. Access above URL directly from Browser (In new window)  and refresh that opened page. Check that all the content is visible and in correct font and format.
  6. Click on "Page" -> Save As...from your browser tool bar.
  7. From "Save as type" select HTML complete....
  and save the page.
  8. As a result you will get an HTML file and a folder.
  Inside the folder there will be your images and CSS....Now you know how to make your own content.......
  Very Important : Please note that directory structure of your CSS images and HTML must be similar to what you                 saw in point 1.
  And you can easily modify your content...accordingly...
  Now the second part of your question :
  "Now, I want one of the pages that I created to be displayed as the start page of one of my life and work events. "
  I hope you refer to something that is given by SAP in the form of " ESS -> Life and Work events -> My First Days -> New Hire Checklist"..
  As you can see "New hire checklist" is the First link available under My first days...thus by default it gets displayed when user clicks on "My first days"....
  Is this that you want to mimic ?
  Well for that your process in GP design time must look like this :
  http://img594.imageshack.us/img594/7/imageqw.png
  For eg. Create a new callable object with name "New Hire Checklist" of type : "Content package"..
  Wizard will help you with the rest.
  Revert back if you face any issues.

• You are not authorized to access the request resource

  I just updated my iMac to the new OS Mavericks, and when I attempt to access the itunes radio, where I have my radio stations created, and I attempt to play them it returns this message: We could not complelte your iTunes Store request. You are not authorized to access the requested resource.  Is this an issue with the new OS or is it an issue with iTunes working with the OS.  Any suggestions on how to fix this issue so I can access the radio would be helpful.
  Thanks

  Hello there, TaylorGraphics.
  Some users have seen resolution to this issue by logging out of the iTunes Store and then back in. The following Knowledge Base article provides a reference on how to do that:
  Using an existing Apple ID with the iTunes Store, Mac App Store, and iBooks Store
  http://support.apple.com/kb/ht2589
  Use your Apple ID with the iTunes Store
  Open the latest version of iTunes.
  Choose Store > Sign In.
  Enter your Apple ID and password and click Sign In.
  Click Review when asked to review your information.
  Enter your billing information.
  Click Continue after you enter your credit card and billing information. You can remove or edit your credit card information at any time. Learn more about updating your iTunes Store account information.
  Thanks for reaching out to Apple Support Communities.
  Cheers,
  Pedro.

• You are not authorized to display the case component, when using copy

  I copied the standard UDM_SPS_CASE_RECORD and created a Z version with no changes, in addition also copied the standard Case Record model with no changes. I have entered my new case record model into my new element and tied both the to case type. When trying to create a case get a message "You are not authorized to display the case component"
  SU53 looks good, and BASIS did a Trace and did not see anything.
  When I change the configuration back to use the standard no issues and case is created. Anybody know what the issue might be?
  Thanks

  dear friend,
  when you get this error on screen type /NSU53 , hit Enter and get a new screenshot
  if you see the message ""The last  authorization check was successful" that means nothing to do with Basis team, it could be a custom message - talk to abaper ;
  but if you see some objects there (Authorization check failed) - please pass to security or basis guys
  ask / try another user which hasn'rt such error and comare the roles you and he/she has - try to find out the difference
  good luck!

• "you are not authorized to view the report(s)" while access from custom fol

  Hey all,
  Becz of some requirement, i have customized SQR to store PDF output files into custom directory located in UNIX,
  psreports/htst2/my_fodler.
  When i try to access them using ViewContentURL or manually writing the follolwing URL into my browser while im being
  in environment as syntaxed below
  http://<webserver>/psreports/htst2/my_folder/my_pdf.pdf
  the system kicks out of the system with the error "you are not authorized to view the report(s)" for all the users.
  By default if i ran any report as distribution node setup all the PDF's are getting saved into...
  /psreports/htst2/YYYYMMDD/CONTENT_ID/my_pdf.pdf
  Those files im able to access like below
  http://<webserver>/psreports/htst2/CONTENT_ID/my_pdf.pdf
  Can anyone helpme out what is the difference and any workaround for this?
  Thanks in advance.

  Fortunately, it is not allowed to go through all the path directories you want onto the server. If you want your report in a specific folder, then rewrite your code to create the output file where you want, after the admin give you the proper grant against that folder.
  Nicolas.

• The error in SRM7.0-You are not authorized to display the auction

  Hi, My Expert :
  I work in SRM 7.0 . The purchaser created one Auction and published it .When the bidder logon the system and click the "Live Auction ", the system displayed"You are not authorized to display the auction".I guess that there is  something wrong with the LAC. Or orthers?
    BR!
    Alex!

  Hello Alex,
  The link you have mentioned opens a Java applet which is called as live auction cockpit.
  The views will be diff depending upon the role purchaser/bidder.
  But for this the Java server has to be properly integrated with the SRM server.
  basis has to correctly define the authorisations of the integrating user.
  Please check this with the help of LAC installation guide
  Also check below Notes
  687840-Live Auction works before Java patch but fails after SDM patch.Error message 'You are not authorized to display auction'
  730403
  Also useful info in below thread
  How to initiate Live auction...
  Thanks & Regards
  Arshad
  Edited by: arshad ahmed on Sep 17, 2009 9:37 AM