Solved: Giving deployment authorization to UME user

hi ,

I am working on Netweaver 7.1. I have created UME user and want to give that user permission for deployment from Netweaver client. When i assigned administrator group to that user i could deploy applications using new user but this user has administrative rights , he can create , edit delete and use other functions like administrator. Which i dont want. is there any way to give only deployment access to this user??? Can anyone tell me which role/group/actions should b assigned to this user so that he is only able to deploy???

SAP Managed Tags:
NW AS Java Administrator (NWA)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (1)

Hi kavi,

As per your message concern, you need to add the developer - user in the following grops , so that they can able to deploy

1 . NWDI.Developers

2 . Authenticated Users

Regards

MLN

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

i hv already added Authenticated Users to Assigned group and SAP_SLD_DEVELOPER to Assigned roles . There is no such group as NWDI Developers. Still it is not working. I am not able to deploy using this user id . I am getting following error.

Deploy finished with errors.

Exception:

com.sap.ide.eclipse.deployer.api.APIException: DeployException,cause=[ERROR CODE DPL.DCAPI.1023] AuthorizationException.

Reason: , An error occurred during the deployer retrieval. Cause =[ERROR CODE DPL.DC.3151] The user devtest could not be authorized, because doesn't own the (com.sap.engine.interfaces.security.ServiceAccessPermission dc) permission for deploy controller.

at com.sap.ide.eclipse.deployer.dc.ComponentManagerImpl.getDeployProcessor(ComponentManagerImpl.java:62)

at com.sap.ide.eclipse.sdm.threading.DCDeployThread.run(DCDeployThread.java:118)

Caused by: com.sap.engine.services.dc.api.deploy.DeployException: [ERROR CODE DPL.DCAPI.1023] AuthorizationException.

at com.sap.engine.services.dc.api.deploy.impl.DeployProcessorImpl.<init>(DeployProcessorImpl.java:152)

at com.sap.engine.services.dc.api.deploy.impl.DeployProcessorFactoryImpl.createDeployProcessor(DeployProcessorFactoryImpl.java:26)

at com.sap.engine.services.dc.api.impl.ComponentManagerImpl.getDeployProcessor(ComponentManagerImpl.java:46)

at com.sap.ide.eclipse.deployer.dc.ComponentManagerImpl.getDeployProcessor(ComponentManagerImpl.java:58)

... 1 more

Caused by: com.sap.engine.services.dc.cm.security.authorize.AuthorizationException: [ERROR CODE DPL.DC.3151] The user devtest could not be authorized, because doesn't own the (com.sap.engine.interfaces.security.ServiceAccessPermission dc) permission for deploy controller.

at com.sap.engine.services.dc.cm.security.authorize.impl.AuthorizerImpl.doAuthorize(AuthorizerImpl.java:71)

at com.sap.engine.services.dc.cm.security.authorize.impl.AuthorizerImpl.doAuthorize(AuthorizerImpl.java:46)

at com.sap.engine.services.dc.cm.impl.CMImpl.doAuthorize(CMImpl.java:206)

at com.sap.engine.services.dc.cm.impl.CMImpl.getDeployer(CMImpl.java:78)

at com.sap.engine.services.dc.cm.impl.CMImplp4_Skel.dispatch(CMImplp4_Skel.java:357)

at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:351)

at com.sap.engine.services.rmi_p4.server.ServerDispatchImpl.run(ServerDispatchImpl.java:70)

at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:62)

at com.sap.engine.services.rmi_p4.P4Message.execute(P4Message.java:37)

at com.sap.engine.services.cross.fca.FCAConnectorImpl.executeRequest(FCAConnectorImpl.java:877)

at com.sap.engine.services.rmi_p4.P4Message.process(P4Message.java:53)

at com.sap.engine.services.cross.fca.MessageReader.run(MessageReader.java:58)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:108)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:304)

Hi,

Surely there will be role called NWDI.developers..

search developers in the group. Because this role only we gave for our developers.There are able to work and deploy fine.

Regards

MLN

But i am working on CE server. And on CE there is no concept called as Development infrastructure. Our development infrastructure is on different server (7.0) .

hi,

Ok.. Are you trying to deploy directly to sdm or via tru DI.

regards

MLN

We are directly deploying to SDM.

Hi,

Otherwise add the dev-users in "everyone" group and try it.

Is that dev-user are member in this group "Authenticated Users"

regards

MLN

sorry , we are not using SDM for deployment. We are directly deploying using SAP J2EE Engine (Deploy Tool). I checked roles/group for user , Everyone and Authenticated users are there in list.

Did your problem solved ? or else in the same status.

What is your SP level in your system.

Please look at this link

http://help.sap.com/saphelp_nwce10/helpdata/en/1b/8fd43fb9490e65e10000000a114b1d/frameset.htm

I think the above link will help you.

To deploy the component , the dev-users need administration role..

regards

MLN

Hi,

Did you gone tru the link which i posted.

regards

MLN

sorry for late reply. i went through ur link .I had tried with administrators group , but this allows user all administrative rights , he has access to NWA , can create , edit , delete users . I want to restrict access only for deployment , don't want to give this user other administrative rights.. My support pack is 5.

Regards

kavita

Hi ,

I try many options, but it doesnt work. So you better raise OSS message to clarify the issue..In the OSS message you just tell that link which metioned.

Regards

MLN

Answers (1)

Not Answered

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi,

Did SAP not answered ? am i right..

regards

MLN

yup. not yet.

Any improvement in your issue ? Stil its remain same.

Regards

MLN

Still same. will surely let u know as i get solution for this issue.

Hi,

Fine....

i have an one query related to EP. How your are able to monitor the user history in EP. Is there any option like user audit report.

Regards

MLN

sorry , no idea about monitoring user history.

Thanks

Hi Kavita,

There is a security audit log, for the AS Java.

Here is another question. If your developer can deploy to the server, they can theoretically create their own roles and applications with equivalent administrator access. What is the risk?

-Michael

Hi Kavita,

I'm right now facing the same issue. If it is resolved, can you help me by providing the error cause and resolution?

Thanks

Anudeep KM

Ask a Question

Top Q&A Solution Author

User

Count

Giving deployment authorization to UME user

Accepted Solutions (1)

Accepted Solutions (1)

Answers (1)

Answers (1)

Re: Change header field of purchase order on save

Re: How to the find the usage of a Fiori app from ...

Re: CIG transaction tracker handling

Auto close/update all open Notifications work orde...

Re: SAP BW - Master Data Delta Load