Hi,
I am looking for Roles where special values of an authority objects are not defined. How do I fill the fields in a report for a complex search for roles?
Example: I start the Report S_BCE_68001423 (Roles by complex selection criteria - by authority values). The object I am looking for is the object G_800S_GSE. What should I enter in the field BRGRU (Authority Groups) when I am looking for roles where the value BRGRU is not defined?
Regards
Complement: if you have the repository object type (R3TR SUSC ..., R3TR SUSO ..., or any other one), you may also enter "t" in the command field of SE63 to directly enter the object type instead of searching in the tree.
Hi Experts,
We have a scenario where the access to change NB type PR is restricted to the users whereas they are given with ME51N/ME52N tcode access for other type PRs. The NB type PRs are getting created in SAP system from an external system. Sometimes incorrect PRs will be created which needs to be deleted. We tried to develop a custom transaction with the BAPI_REQUISITION_DELETE, but the authority check for NB type is preventing the closure of PR. Kindly advice how to overcome this authorization check and close the PR from the custom transaction.
Thanks!
Hi Filipe Santos,
Thanks for your replay, I recreate the SNC PSE in STRUST, it helps to me . no system starts well.
Thanks a lot dear,
Thanks and Regards,
Sajmal TS
Pl check in SPRO,
IMG ->Materials Management -> Purchasing ->Purchasing Requisition ->Define Screen Layout at Document Level ->Administrative Data, item
Use field selection key ME51N and ME52N and change the control settings of Deletion indicator,
In case any doubt, Pl ask.
Hi Sajmal,
Just to clarify: Do you want to configure SNC Client Encryption for SAP GUI (SNC Logon without SSO)?
Cheers,
Filipe Santos.
Hi Filipe,
I want to config SNC Cilent for GUI without SSO,
Thanks and Regards,
Sajmal
Hi Sajmal,
In order to configure SNC Client Encryption please follow as described in the guide attached to the SAP KBA below:
#2185235 - Using SNC Client Encryption (SCE) for Encrypting SAP GUI Connection with CommonCryptoLib
https://launchpad.support.sap.com/#/notes/2185235
Cheers,
Filipe Santos
Hi Filipe ,
I want to know , if we want to generate certificate for SNC PSE in STRUST..?
I have already SAProuter, so installed sapcryptolib already. If need other one for SCN and generate new certificate for SCN...??
Thanks and Regards,
Sajmal
Hi Sajmal,
The PSE's own certificate is generate when the PSE is created via STRUST or the sapgenpse tool.
As I said, all information related to this configuration can be found in the guide delivered by the SAP KBA #2185235 
Cheers,
Filipe Santos
Hi Pankaj,
Thanks for the reply.
Do you mean that I need to mark all the fields in the PR as display option in the field selection and assign it to only NB type PR? Because the users are not allowed to have access to change the NB type PR..
In case we make all the fields as display and get access to change NB type PR from Basis, is there any chance of modifying the PR or adopting a PR line and create a new one with reference to the PR line?
Hello Pavan, We had created a role change document which was accessible for everyone who makes changes to the role. There is used to maintain what role has been changed, what are the changes, when it is changed, who has changed it, ticket number, transport request number and where the changes are right now. Since this a manual task sometime it happens that due to some urgent request few fellow forgets to add these details which lead us to problem. So i was trying to finding out is there any other method to overcome this.
Hello Experts,
This is Ram , I am facing the below issue in IDES System, Please help,
I am creating a Single role ZSINGLE (With the Tcodes SU01 & SU10),
and then in the Authorization TAB,
When i click on the "Change Authorization Data" to maintain authorizations , its is throwing me the below error,
I tried multiple times, by logging IN/OFF, tried with different, but not able to get this done ,
still facing the same error , Please clarify .
Thanks in Advance,
Ramu Mannava
(ERROR Message as Below)
_______________________________________
Runtime Errors CALL_FUNCTION_NOT_FOUND
Except. CX_SY_DYN_CALL_ILLEGAL_FUNC
ABAP Program SAPLSUPRN
Application Component BC-SEC-AUT-PFC
Date and Time 23.06.2016 16:56:34
Short text
Function module "/VIRSA/Z_BEFORE_PROF_GEN" not found.
What happened?
The function module "/VIRSA/Z_BEFORE_PROF_GEN" is called,
but cannot be found in the library.
Error in the ABAP Application Program
The current ABAP program "SAPLSUPRN" had to be terminated because it has
come across a statement that unfortunately cannot be executed.
Error analysis
An exception occurred that is explained in detail below.
The exception, which is assigned to class 'CX_SY_DYN_CALL_ILLEGAL_FUNC', was
not caught in
procedure "SUPRN_PROFILE_GENERATOR" "(FUNCTION)", nor was it propagated by a
RAISING clause.
Since the caller of the procedure could not have anticipated that the
exception would occur, the current program is terminated.
Hi team,
when ever I run the transaction, I am getting the error as you have no authorizations for this action
Message No : 1X005,
but when I see the program , there is no where this message class used in any include.
When I took SU53,
S_RFC called with RFC names as SHI1 and SHI5 with 16 activity. Please suggest,
.
I have gone through previous threads and posts. But those are not worked for me.
Thanskm
Hi Sravanthi,
SECATT Scripts are screen dependent and it follows the same steps and inserts data at the same place where you insert during recording of the scripts. Hence if you use PFCG menu to add T codes, it will try to add it at the same position (i.e 1st position) again and again and hence it will fail.
You'll face the same problem if you try to assign role using SU01. Try with SU10, it'll do.
Thanks,
Joy
Hi ,
We have configured Trusted Authentication on BI side and the 3rd party application ( portal ) is configured for SAML.
For SAML to work with BI ( integrate) we need Trusted Authentication working as well. Also, Tomcat has been made a SAML service provider
However, when the portal redirection occurs, its not allowing to SSO to BI once Trusted Auth is enabled.
Below are the settings in the web.xml of BOE that are made
<security-constraint>
<web-resource-collection>
<web-resource-name>OnJava Application</web-resource-name>
<url-pattern>/BOE/BI</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>onjavauser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>OnJava Application</realm-name>
</login-config>
As per the above setting, its trying to Authenticate the user from the tomcat-users.xml file, rather than SecureAuth.
Also, in the global.properties file, below entries have been made
sso.enabled=true
trusted.auth.user.retrieval=USER_PRINCIPAL
trusted.auth.user.namespace.enabled= ( this is left blank as we have created an Enterprise account for the same user account in the same naming convention i.e firstname.lastname )
Are there any changes from the portal side that are needed to be added in the above code for Trusted Auth to work with SAML as the Admin guide does not provided the correct code for USER_PRINCIPAL
Individually SAML from SecureAuth and Trusted Auth from BI are working, but the handoff (response) is not happening from the Tomcat over to SecureAuth so as to authenticate the user
Also, is there any additional information that we need, so as to allow this to work.
Unfortunately once all users got deleted to a assigned role
(PFCG--> Role name--> user tab) in this user tab all existing users got deleted
can anyone help me how to get back all deleted users list in that role
Note: Manually no one deleted it got deleted automatically
Thanks & Regards,
_______________________________________________________________________
NaveenKumar Majety
Software Engineer | APPS2 | SAP - AM
Capgemini India | Bangalore
Email id: naveen.majety@capgemini.com
People matter, results count.
_____________________________________________________
PPlease consider the environment and do not print this email unless absolutely necessary.
Capgemini encourages environmental awareness.
OK there is no SAML integration with any version of BI so our product is completely unaware of any SAML configuration. What we can do in BI is turn on the web/app tracing to verify what if anything is being received from your portal-tomcat SAML config (KBA 1613472).
If the logging indicates a null value or value other than a matching username then the problem must be troubleshot outside BI. Google search for tomcat, SAML may be the best route. There are no SAP documented procedures for troubleshooting external products like this. Trusted auth assumes the customer is going to be providing the username and that their own IT will be the support for this.
Who supports your portal? Is it even capable of sending the SAML user to tomcat? If so do they document it? The web config you edited may not be the right way.
Hopefully this may help
https://cwiki.apache.org/confluence/display/CXF20DOC/SAML+Web+SSO
Regards,
Tim
Hi Navin
Goto SUIM>Change documents>For Roles-- Insert the role and mention the date or leave blank and Select the radio button role assignment for users and Execute you will get the result.
