Quantcast
Channel: SCN: Message List - Security
Viewing all 5338 articles
Browse latest View live

FTXP is showing in Display mode

June 11, 2016, 6:39 am
$
0
0

Hello Expert,

 

 

FTXP is showing in Display mode in QAS system where as it is in change mode in PRD.

In Production, in SCC4 following is the status.

 

1. Changes and Transports for client Specific Objects are selected as "No changes allowed" .

2. Cross client object Changes selected as " No changes to Repositary and cross-client customizing object".

3. Protection : Client copier and comparison tool selected as "Protection level 0: No restriction"

4. CATT and eCATT Restriction selected as "eCATT and CATT not allowed".

 

 

Please assist.

 

 

Regards

Suri

Search

LSMW - Mass user creation very SLOW due to ADR7

June 11, 2016, 3:57 pm
$
0
0

Hi,

 

I had created an LSMW with the necessary recordings of SU01. The email address which is maintained in the recording should update only to ADR6. But when i checked SM50 it is taking time to update ADR7 table (remote email address). The ADR7 table is non-indexed so the speed of the user creation has dropped very much and with addition of each entry it is going even slower. Can you please help in suggesting a solution.

 

 

UPGRADE_EHP7 - PFCG new version of screen

June 11, 2016, 9:49 pm
$
0
0

Dear Friends, After EHP7 upgrade PFCG version of screen has changed ( Compassion between screens of EHP5 and EHP7 is enclosed).

 

Please let me know the following: -

 

1. Why this change ?

2. Would this be a mandatory screen going forward ?

3. How to revert back to old version of screen ?

 

Any documentations related to change will be of great help.

 

Thanks

Raj 

Re: How to set HTTPOnly attribute on cookies

June 12, 2016, 2:43 am
$
0
0

We found that setting icf/set_HTTPonly_flag_on_cookies works for cookies created by SAP NetWeaver ICF code, but if our code is calling set_cookie() to set a cookie, then the HTTPOnly flag is not set.

Personal numbers not authorized

June 12, 2016, 2:12 pm
$
0
0

Hi team,

 

We are facing the issue like,

 

No Authorization for personal number XXXX using the data entry profile XXX  in CAT2 .

 

We have took the trace and applied the missing authorisations for P_ORGIN

 

but there are some employess are authorized fr the same data entry profile (we have only one DE profile), but when we check thre is no difference found in PA0001 for both pernrs (working and non working)

 

Even we have tried with * also for all the fileds (except persa in P_ORGIN), but not worked. We have checked the SAP notes which was also not useful.

 

 

But interestingly, CAT2 is working fine if we give * in persa filed of  P_ORGIN.

 

 

Please let me know what could be the reason and also suggestion as we do not want to give * to that field.

 

 

Thanks,

Sankar.

Re: LSMW - Mass user creation very SLOW due to ADR7

June 12, 2016, 4:29 pm

Re: UPGRADE_EHP7 - PFCG new version of screen

June 13, 2016, 1:07 am
$
0
0

Hi Rajashekar,

 

Only the look and feel of the screen is improvised. There seems no difference in the functionality of PFCG.

 

Regards,

Surya

Re: Bi authorization error

June 13, 2016, 3:54 am
$
0
0

Hi Rohit,

 

The report will show you all those company codes which are maintained in the same AA which has the report's infoprovider (infocube/multiprovider).

this is under assumption that, in your BI security design you maintain infoprovider attribute and company code attribute in the same AA.

If a user is only able to see some CCodes in the report, that may be because the AA which contains the infocube of this report has less number of CCodes maintained in its infoobject Comp_code.

 

Thanks, Anish

Search

How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 6:56 am
$
0
0

Hello!

 

I need to know if there is any way to check if an access (to an authorization object) that appears in AGR_1251 was generated or not.

 

What heppens is that i noticed that, when i grant a access on a Role (by PFCG) and save, without click on the "Generate" button (Shift + F5), this access appears in the AGR_1251 table associated to the Role, but is does not appear in the SUIM, and the user still can't use the access.

 

In case, i need to know all the Roles that grant a specific access by the AGR_1251 table. My question is whether there is any way, by the AGR_1251 table, i can check if a access was generated or not in a role, knowing if the AGR_1251 is bringing me false-positive results.

Re: How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 7:16 am
$
0
0

Hi Bruno,

 

Im not sure that AGR_1251 brings you this information about the authorization objects inserted in the role (saved but not generated).

 

Maybe this transaction can to be helpful to check with roles was saved but not generated:

 

- In PFCG: Utilities/Overview Status

 

- Program: PRGN_STATUS_ALL

 

In this screen, you can select the roles that you need to check (Z*), also you can check/uncheck a chceckbox to display all roles or roles with errors and warnings:

123456_2.jpg

 

And the program will display you the roles that was not generated in Authorizationb tab (column "Profile Status" in Yellow, it will appears in Red if the role dont have any authorization).

asdfghjklkjhgfds.jpg

 

I hope that it can to be helpfull for you.
Best regards.

Re: How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 8:10 am
$
0
0

Hi Bruno,

 

Check table AGR_1016 in the fields Generated(GENERATED) and Version(PSTATE) which will help you to understand whether the role is generated or not

 

Regards,

Radhakrishnan

Re: How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 9:46 am
$
0
0

Thank you, Alejandro and Radhakrishnan. Both tables are very usefull. But  what i need is to see the specífic access that is pendent to be generated.

 

Is there any way to see the specífic object/value that is pendent to be generated? Unfortunately the AGR_1251 don't have this information (witch would be the best and easiest way).

Re: How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 9:58 am
$
0
0

Hi Bruno,

 

Unafortunatelly I cannot find any table with this information, Im not sure that this information exist to check.

 

Sorry, I hope that if somebody knows about it, reply you and solve your doubt asap.

 

Best regards.

Re: How to verify, in the AGR_1251, a access granted in a Role (PFCG) that was not generated?

June 13, 2016, 10:32 am
$
0
0

Thank you, Alejandro. Do you know if it's useful to, instead of filter the AGR_1251, use the filter in the UST12 and then compare it with the AGR_1251 to see the roles? Could i loose information this way?

Re: Restrict user type change in SU01 T-code

June 13, 2016, 6:03 am
$
0
0

Hello Narendra,

 

It will be good create a custom transaction (ex: ZSU01). So please ask ABAPer to restrict the user type modification at program level in custom transaction. and remove the standard SU01 transaction from all the roles and assign custom transaction for those you want to restrict.

 

 

Satish Chelluboina

Search

Re: Profile Generation problem after EHP upgrade

June 13, 2016, 11:58 pm
$
0
0

Thanks for viewing, This issue was resolved. Hence I am sharing my solution, so that it will be useful for someone.

This has occurred while clicking 'generate derived role' button from reference role with more than one profile. Then only one of the profile for each derived role was updated in USR12 table.

So even though user has the role and profile assigned to user, the objects from profiles will not be updated in user buffer.

As a temporary solution all the derived roles in the system line had to be regenerated from Development-Quality-Production system which was updating USR12 table correctly.

 

And when issue was forwarded to SAP, It was informed that SAP note: 2228102 had to be implemented and this was made as a permanent solution for this issue.

Re: Profile Generation problem after EHP upgrade

June 14, 2016, 2:46 am

Re: Restrict user type change in SU01 T-code

June 14, 2016, 2:49 am
$
0
0

Along similar lines a transaction variant could work.

 

More importantly, if you cannot trust users not to change user types then there is no way that they should be allowed to have SU01.  A simpler solution would be to tell them not to do it and review change reports.  If you detect an anomaly then discipline/remove from your account.  Behaviours will soon change.

Maintenance of user locked by user CUA_PXX_100 error

June 14, 2016, 4:16 am
$
0
0

A role has been assigned in CUA system but it did not reflect in the child system.

It did not work even after text comparison

 

When I check SCUL logs, I could see the below error.

 

CUA error.JPG

So may I know

 

1. Why we got error even that user was not locked as the same CUA_PXX_100 user should make the new role assignment also.

2. Do we have any option to resume the role assignment step which was not done due to this error. (ensured that user is not locked)

 

Thanks in advance for your answers.

 

Regards,

Chaitanya

Re: Maintenance of user locked by user CUA_PXX_100 error

June 14, 2016, 4:33 am
$
0
0

Hi

 

1. The user was opened in destination system for maintenance. Maybe you started some synchronization on CUA or replication.

2. Save the user again in CUA

 

Regards

Przemek

Viewing all 5338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>