Hi Martin,
the class you posted looking interesting and is another opportunity, but we decided to try another way. We will try using the standard abap functions of the report ssf02.
Cheers, Alex
↧
Re: Signing an XML with Report SSF02
↧
Re: Authorization check required in ME51N at storage location
Hi ;
Can you check status?
Go to SU24.
*Authorization / Edit all assignments of an Authorization
*Object : M_BANF_LGO
*Type of application: Transaction , run.
*Status : Maintained ?
If it is ok , go to Su01 , you can add object manually to related roles.
Regards.
M.Ozgur Unal
↧
↧
Re: Signing an XML with Report SSF02
AS ABAP 7.02 (and latest SPs of 7.01) contain the class CL_SEC_SXML_DSIGNATURE to create XML signatures. This is the implmentation used for XML signing to goverment offices (nota fiscale Brasil, elster Gemany) and also by SAML2.
In ABAP digital signature are handled by different components:
1) Canonicalization (C14N) is handled by the XML parser in the ABAP kernel
2) Logic inside ABAP
3) RSASHA1 signature calculation by the SAPCRYPTOLIB
Please check the class documentation. It references a report for testing the functionality, similar to SSF02.
↧
Re: Signing an XML with Report SSF02
Hi Martin,
CL_ST_CRYPTO_X509->X509_SIGN relies on the secure XML parser to compute C14N values for the data to be signed directly.
Customers must not use these classes directiony but instead use class CL_SEC_SXML_DSIGNATURE.
Regards,
Martijn
↧
Default User Parameters
Hi,
I want some default parameters automatically be assigned to new users when they are created instead of manually adding every time in su01 transaction code. Do you know how to configure this?
Thank you.
↧
↧
Re: Default User Parameters
Hi,
A simple technique that I have used in the past is to have a template UserID that contains your defaults and then just copy that and populate with the variable info like roles, user name etc.
↧
Re: Default User Parameters
↧
Re: Authorization check required in ME51N at storage location
Hi MM;
Did you try my last advise ?
Also ; did you add object to SU01 User role ?
Regards.
M.Ozgur Unal
↧
Re: How to avoid standard Authorization checks in BAPI_MATERIAL_SAVEREPLICA
Thanks Julius.
We are following the standard documentation in
SPRO-->Logistics - General-->Material Master-->Configuring the Material Master-->Here's How (Quick Guide Using an Example)
Now only few users who are added in OMT3E tcode will have accounting and costing views in display mode.
↧
↧
Re: Signing an XML with Report SSF02
Hi Martijn,
thanks for this. I was not aware of this class. It's even documented. The testing program is called SECXML_DSIGNATURE. Not sure why I could not find it by using where-used for this class. I also found a note 1456433 that describes these 2 new classes.
Cheers
↧
Restrict ERP connect for business users
Hello,
Does anybody know how to resrict/ disable access to ERP connect?
We tried to forbid object S_RFC field RFC_NAME BSOB, but this authoriaztion is used for BEX 7.
We found recomendation to disable ERP conncet usage through BAPI Explorer or OLAP BAPI , but not how.
Can you please advise anything?
Thanks a lot
Vendy
↧
Re: Restrict ERP connect for business users
Is it possible that you actually mean TREX 7 and SAPConnect??
↧
Re: Default User Parameters
Hi Fatih
Create a template user.(which will have the default parameters you needed) and make a copy of template user every tym you create a new user.
Note: You can create a SECATT for tcode SU10 ( I recommend it only when you are creating bulk users frequently like you get creation of users every day like 100 or 50 users )
I hope this helps you
Cheers
↧
↧
SAP upgrade 4.7 to ECC 6 issue with SU25
Hi,
We are in a middle of SAP upgrade from version 4.7 to ECC 6.0 (EHP 6), in sandbox system(it was copy of production) when we executed SU25 step 2(B) it gave list of around 1000 tcodes for manual adjustment. Now in development system step 2(B) only gives list of 200 tcodes to be adjusted, moreover USOBT_X table was updated during step 2(A) as per my knowledge step 2(A) is not supposed to update anything. Any help explaining the reason behind this and possible ramifications will be deeply appreciated. Let me know if you guys need any further information regarding this scenario.
↧
Re: How to block the multiple logons with NWBC?
If multiple logins from different terminals is the problem, then you can deactivate the password based authentication and use SSO instead. That normally sorts it out and the "clones" come asking for their own IDs / AD accounts / PKI certs / etc.
Cheers,
Julius
↧
Re: ERROR: local PSE does not match original in database
And the other way round?
I wonder how to overwrite the System PSE held on database level with the SAPSYS.PSE from $INSTANCEDIR/sec
AFAIK sapgenpse does enhance/add the SAPSYS.PSE with extra certificates using the import_own_cert option, but is there an option to use sapgenpse to import SAPSYS.PSE as the database held System-PSE without changing anything, just to replace the copy residing in the DB?
If that's not the tool - anything simple like deleting the system PSE using STRUST and firing up SAP with the SAPSYS.PSE residing on the file system will do?
Not much experiments on this yet, so anybody got a more profound knowledge of the mechanics used?
I know if there is no SAPSYS.PSE on file it will become created automacilly when firing up SAP, or when using STRUST from an already running installation.
↧
Re: In BW 3.5 - Making an Customer Auth Obj and Organizational Item
You cannot promote Auth Objects to org. levels. You can only promote fields. That then applies to all objects which use the field.
If you also have a custom field and the org.field create program is not available to adjust SU24 and roles, then you can maintain the USORG table with the field as it does not affect anything (except perhaps test roles).
But using derived roles has more disadvantages than just this. I have always regretted it when I became tempted to use them.
Perhaps you can explain where you are using your custom object and what it is controlling access to which does not have a standard object for it and "old concept" reporting field for?
Also: is a release upgrade planned? With the new BW reporting concept you have much more flexibility.
Cheers,
Julius
↧
↧
Re: Tcode ranges not working as expected
Hi,
S_ is after SBC@ so that interval is not valid. The character _ is after letter B. Sorting in Excel is different than sorting in ABAP AS. The following simple program can be used to test intervals.
REPORT zmv_test.
TABLES: anek.
SELECT-OPTIONS: s_tcode FOR anek-tcode.
START-OF-SELECTION.
IF 'SA38' IN s_tcode.
WRITE: / 'OK'.
ELSE.
WRITE: / 'Fail'.
ENDIF.
Also don't forget that SA38 has additional authorization object S_PROGRAM attached to it.
Cheers
↧
Re: Tcode ranges not working as expected
Exactly.
Additionally the TSTCA check at the start of SA38 requests at least some authority for S_PROGRAM. But S_PROGRAM is suppressed for programs without groups and SUBMIT is not needed to start programs -> VARIANT is enough.
If you can start a transaction but the TSTCA check fails, then you are also informed that you are not authorized for the transaction as it makes no sense to continue (depending on how sensible the TSTCA is maintained..).
There is unfortunately no syntax check or input validation on it. So it sometimes contains nonsense.
Cheers,
Julius
↧
Re: How to block the multiple logons with NWBC?
Thanks Frederic for the update. But isnt it a tedious task to monitor SM04 continuously and the users can login at any time which makes this very inconvenient. 
↧