Quantcast
Channel: SCN: Message List - Security
Viewing all 5338 articles
Browse latest View live

Re: Role Comparisons

July 27, 2013, 2:07 am
$
0
0

You could use Excel, concatenate and vlookup to run some comparisons on the AGR_1251 data for your old and new roles. But all you would be doing is replacing 50 small bad roles with 1 big bad role.

 

You've come across this requirement because the original roles were built badly, and effectively you're having to carry out a role redesign. In which case, the correct solution would be to:

 

1) Use ST01 traces to re-check what authorizations are required for each transaction - this way you know for sure that you know you are only adding relevant authorizations.

 

2) Update SU24 with the correct authorization proposals for those transactions. That way you have a link between each tcode and auths that it needs.

 

3) Add your transactions to the role menu so that the relevant auth objects and values are pulled through automatically. You will still have some open fields to maintain, but you'll know what values are needed from the trace files.

 

This will take you longer initially, but it is a more robust, longer lasting solution. There is no point in replacing one bad role design with another.

Search

PFAC vs OOCU_RESP

July 28, 2013, 5:43 am
$
0
0

Hi all,

What is the better way to maintain a rule in locked client (in a security measurement) ?

Is it better to create a transport in DEV (PFAC) or to make a change directly in PRD (OOCU_RESP)

Thanks,

Julia.

Re: Using Profit Center as an Org Level in PFCG

July 30, 2013, 2:18 am
$
0
0

Hi Joe, I concur with your assessment, it will only pick up the relevant ranges

Re: XD02 authorization for central deletion flag

July 30, 2013, 8:08 am
$
0
0

Hi,

 

That is not a surprise.  When an error message is prefixed with a Z then it it usually that it is a custom error message.  If it is a custom error message then it is likely that it is a result of some bespoke enhancement which is why you are not picking it up using the standard troubleshooting techniques.

 

Cheers

Re: Role Comparisons

July 30, 2013, 7:03 am
$
0
0

Hi Sunder

 

It is quite simple just goto table AGR_1251 and put only these 50 roles .You will get all the auth objects with values for these roles export it into a excel .Now in the excel delete everything except the auth object with values columns.Now add in another column auth objects and values of your new role.Now do a vlookup and you will get your difference if any.

 

Hope this helps

 

Regards

Pradeep

Re: XD02 authorization for central deletion flag

July 30, 2013, 6:40 am
$
0
0

Hi Akshay

 

Check for any custom table is created in this custom user exit where it allows only particular user and excludes all other user as per the entry in that table which is defined in the custom user exit.I would suggest goto transaction  SE91 and check the code and click for where used and check for authority check also.

 

If you not sure about this then involve your developer in this code check he/she will be able to tell you what checks are performed when the t-code is executed.

 

Regards

Pradeep

Re: XD02 authorization for central deletion flag

July 29, 2013, 11:50 pm
$
0
0

Hello Akshay

 

Go to tx code SE91.Input message class n number and click on Display.

 

If details are there, it will be populated.

 

Regards

 

Yogesh

Re: RFC Error - FSCM Dispute Management

July 30, 2013, 8:45 am
$
0
0

seems that the system where the issue is being faced have refreshed from other system .

 

Please check the table UDMCASEATTR00 where you can find the entry of other sysetm in the fin_log_sys field .

 

Please run the BDLS again for the table UDMCASEATTR00 and the issue will be fixed

Search

Re: XD02 authorization for central deletion flag

July 30, 2013, 9:10 am
$
0
0

Hello All,

 

Yes the tcode XD02 was customized with some user exits which prevented setting up the deletion flags.

 

I contacted a developer and troubleshooted the issue.

 

Many thanks for all your responses.

 

They were very helpful.

Re: Customer Tables - SU25

July 30, 2013, 2:01 pm
$
0
0

Julius, you are a bad man :-)

 

Manoj - your Cööstöömöör table deals with customer master data (i.e. customers of your company).  Your Kaastaamaa table reference is to the changes you (the customer) can make to the SAP proposed values for the auths.  As Julius said, don't worry about it! 

Re: Customer Tables - SU25

July 30, 2013, 1:09 pm
$
0
0

Hi Manoj

 

These tables are called Customer Tables because it contains the authorization checks and values for auth objects as per customer requirement which is changed in SU24 and saved in these tables.There are 2 other standard table from SAP with standard set of values USOBT & USOBX.

 

Hope this answers your question.

 

Regards

Pradeep

Re: Auth issue with the T-codeFMBB

July 30, 2013, 11:52 am
$
0
0

Hi Kondala

 

What error it gives can you post the screenshot of the same.Also check on SU53 for the same or trace what auth error it throws if any.

 

Regards

Pradeep

Re: Releasing the Transport in ECC taking hell lot of time

August 5, 2013, 1:14 am
$
0
0

Hi,

 

Increase the parameter value of rdisp/max_wprun_time.

Earlier we had a same problem. It is resolved by this parameter increase.

 

 

Thanks,

Sankar.

Re: Restrict user to relase particular job

August 5, 2013, 10:43 am
$
0
0

If you can assign the job to a job group, you can restrict the authorizations with object S_BTCH_JOB

 

Background processing: Operations on background jobs consists of the following fields:

  • Functions:  Operations the user is allowed to perform.
  • Possible values are:
    • DELE: Delete background jobs of other users.
    • LIST: Display spool requests created by jobs of other users.
    • Note: To guarantee the security of confidential data in spool requests via spool output control, you must protect confidential spool requests via the spool authorization field. A user with the
    • System functionsSP01
    • authorization may display all spool requests.
    • PROT: Display processing logs created by the jobs of other users.
    • RELE: Release own jobs automatically during scheduling.
    • SHOW: Display definition (start/output specifications, steps) and details of a job scheduled by another user.
  • Job group: Names of permitted job groups. Reserved: Set to *.

 

Maybe this is a suitable solution?

Re: Authorization Light Indicator Can't Turn into Green

August 5, 2013, 10:47 am
$
0
0

Did you change the org level via the buttons on top (which hives you a pop up where the org levels can be maintained). Or did you change the org levels manualy per authorization object?

I think there is probaby a blank somewhere in the details of the authorizations objects. Maybe If you can send a screenprint of the details of the role we can have a look at it.

Search

Re: Customer Tables - SU25

August 5, 2013, 10:53 am
$
0
0

Customer - A person or organization that buys goods or services from a store or other business.

Customer (tables) - derived from the word customization - (custom-make) make to specifications

 

The same word in two seperate meanings...

How to restrict "ACCEPT" button in T.code:ML81n

August 5, 2013, 10:22 pm
$
0
0

Dear experts,

i want restirct accept button in Transaction code :ML81n for specific users.please help me to resolve.

 

 

 

Warm Regards,

PHB

Re: How to restrict "ACCEPT" button in T.code:ML81n

August 5, 2013, 10:45 pm
$
0
0

Hi,

 

what is ST01 trace saying? The code seems to be using one special activity for authorization check. You should see from the trace.

 

Cheers

Re: I want to disable "Release" option under Edit->Status->"RELEASE" in CJ01

August 6, 2013, 12:15 am
$
0
0

Hello,

 

Can you share how did you resolve this? Thanks!

 

regards,

Grace

Re: Restrict user to relase particular job

August 6, 2013, 3:53 am
$
0
0

Hello Kumar,

 

Take a look to the S_PROGRAM authorization object in this URL:

 

http://help.sap.com/saphelp_40b/helpdata/en/1a/174b6e5733d1118b3f0060b03ca329/content.htm

 

You can use this authorization object in order to restrict the program that the user can release as a background job. For example, if your job is named as Z00001 and the program which is executed in the step of the job is called as Z00001 you can use the following values for the authorization object:

 

P_ACTION = BTCSUBMIT (allows to schedule the program as a background job).

P_GROUP = Z00001

 

Best regards.

Viewing all 5338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>