Re: Audit Logs In SAP MM
Hi, SM19 tcode is used to activate security audit. Through that you can have a log of User Login ,Logoff Failed attempt,Transaction start,Report start & system related log.That log you can...
View ArticleRe: User passwords at CUA setup time
Thanks, What if user John has Telephone number 1234 in system XYZ1 and in XYZ2 his telephone number has value 5678. Which number is pulled into the Central CUA?
View ArticleRe: Is there a way in SAP to check what all Authorization Groups are used by...
Hi Lee, Your solution has solved almost 70% of my Task. For Rest of the Transactions I need to put on a trace and find it manually. Thank you!!. Regards
View Articlemerge PFCG menu at user level
Hi, I want to merge the menu of two different PFCG single roles when they are assigned to the same user. For e.g Role A Role B Menu A...
View ArticleDisable change authorization in debug mode for single class
We wanted to disable some "Generic Object Services" such as attachment list / create attachment. So certain users are not allowed to see the attachment. We achieved it using SGOS to Substitute...
View ArticleRe: merge PFCG menu at user level
Hi Sai, You can create a composite role RoleAB using transaction PFCG and assign the roles Role A and Role B in the roles tab, then click on save.And in the Menu bar of this composite role you need to...
View ArticleRe: User passwords at CUA setup time
the data exisitning in the central system is kept then. Thanks, but what if: user does not yet exist in central system? I have to make all values same in XYZ1 and XYZ2 before pulling into CUA?user...
View ArticleRe: Disable change authorization in debug mode for single class
ACTVT 02 (change variables) supports the object name and package, but ACTVT 01 (system debugging) does not as those programs override almost everything and the calling program does not matter anymore....
View ArticleRe: Disable change authorization in debug mode for single class
ps: Look to see who has object type FUGR with ACTVT 16 as well. That is also the same as SAP_ALL actually as remote FMs don't check your authorizations and update FMs are not meant to check and auths....
View ArticleRe: Disable change authorization in debug mode for single class
Hi, they can also go straight to DB table using SE16 and get attachment from there. Right? Honestly, that case when they really need to have access to change in debugger should be so rare that you can...
View ArticleRe: merge PFCG menu at user level
Hi Balaji, What Laxman said was correct, you need to follow the composite role strategy, so you could have menu's of both the roles and also in the authorizations page you could see all the auth object...
View ArticleRe: SU25 UPG ENHP : how to find modified roles?
Hi Bob SU25 screen or table PRGN_STAT will show the last date the job was executed. Also, for the Step 2A entry for preparing table you will see if it's been run when the release number is same as...
View ArticleHow to read user name - SAML2
Hi,I've get configured our NW Gateway system (NW 7.31) with external identity provider by SAML2, so our web apps (web dynpro and SAPUI5) are now accessible for people who don't have account in our SAP...
View ArticleClik here to view.
Re: Disable change authorization in debug mode for single class
Thanks Julius, We are trying to achieve this in a test system not in production. In production we have controlled emergency use concept. There developers can have debug change authority only in case of...
View ArticleRe: SNC: Problem implementing SNC on a system with multiple instances
Hi Philip, did you specifiy SAP/Kerberos<SID>@<DOMAIN>" literally or did you replace it to keep the info private. If the latter, you at least forgot to hide the sid completely ;-)In you...
View ArticleClik here to view.
Re: HR-Security: Restriction at PSA/Orgkey(VDSK1) wise
Hello Julius, Thanks for leaving ball in my court. Yes its new requirement , let me explain clearly. We have 3 type of users in SAP-HR. 1)HR Admin2)Time Admin3)Payroll Admin here, we restricted the...
View ArticleRe: How to read user name - SAML2
Hi Neuzil, what do you mean by user name? The sy-uname gets filled just as with every other authentication method. Regards, Patrick
View ArticleCUA Company address specific for each child system
Dear colleagues, we have a CUA model with two child systems for two companies. Company address is specific for each system because each company has its own system. So I have set up standard address in...
View ArticleRe: How to read user name - SAML2
Hi, I assume that you have one service user that is used to execute gateway services and you map every external user to this user. I don't think that you will be able to get original user. I am not...
View ArticleRe: How to read user name - SAML2
Hi,thanks for reply. I think in sy-uname will be some default communication user, but I need user name used for authentication on nonSAP portal. Scenario: WD App on Gateway -> user click on logon...
View Article