Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lost authorizations of user roles

Former Member

‎06-26-2009 11:30 AM

0 Kudos

Hi all,

I found some user roles' authorizations weirdly disappeared. Then I'm not able to use those user to logon to the NW AS web admin, which had been working one day before I found the problem. Do you know what could be reason for that problem?

9 REPLIES 9

Former Member

‎06-26-2009 1:39 PM

0 Kudos

hello,

Please check if the change history of that user.See if you have some info there.

thanks,Prasanna

Former Member

‎06-26-2009 2:30 PM

0 Kudos

Did you check SUIM?

Former Member

‎06-26-2009 2:45 PM

0 Kudos

Hi,

1. Check the change docs in SUIM for that user

2. Check expiry date of the role for that particluar. Make sure the user comparisons are in GREEN

3. Check if there were any role changes moved recently into that system. If there are, then user comparisons should be in GREEN

Regards

Puneeth

Former Member
In response to Former Member

‎06-29-2009 9:10 AM

0 Kudos

Hi all

Thanks a lot for the replies! The role I encounted problem with is the "SAP_J2EE_Admin" role which is a SAP created role. I checked the change history with TCode SUIM, but didn't found any User changes made to it before I encounted the problem (not able to login to the Web AS j2ee engine, I set the starting date to two days before the date of the problem).

Last Friday, after I restarted the Web AS, I'm able to login to the server again. But the user comparison light is yellow and not able to set it to green since there is no authorization profile for the role. I read from some SAP document, says there is no authorization object for the role and its profile doesn't need to be generated (since the authorization is done with the mapping in UME by using the Visual Administrator). Is that true!? If not, what kind of authorization objects should be assigned to the SAP_J2EE_Admin role?

Thanks for your help!

Former Member
In response to Former Member

‎06-29-2009 10:05 AM

0 Kudos

SAP_J2EE_Admin role is a sap standard role.

It is not recommended to change the sap standard role. In some configurations it does not require an authorization object in the role. Only the profile needs to be generated.

Regards,

Pavan

Former Member
In response to Former Member

‎07-16-2009 9:25 AM

0 Kudos

Hi Pavan,

How to generate a role's profile (in my case, role SAP_J2EE_ADMIN) without any active authorization object assigned? I tried the mass generation, but the return messages repeated as "at least select one role" while I did select the role (SAP_J2EE_ADMIN). Any idea?

Regards,

Yong

Former Member
In response to Former Member

‎07-16-2009 10:31 AM

0 Kudos

open the role in PFCG , give a profile name and in the authorization data dont give any values , just generate the role and do the user comparison.

We do the same in ADS configuration, which i did successfully recently.

Regards,

Pavan

Former Member
In response to Former Member

‎07-23-2009 6:38 PM

0 Kudos

Hi

SAP_J2EE_ADMIN role is a ABAP role.. It appears in the JAVA environment as a group and is mapped as a JAVA group to the JAVA security role.. So it will not provide any authorization in ABAP. So no profile generation is required.

Regards,

Sandip.

Former Member
In response to Former Member

‎07-23-2009 9:28 PM

0 Kudos

This is the strangest thread I have ever seen here in the forum...

Lets start at the beginning: Which release are you on?

Cheers,

Julius

ps: Problem solved in duplicate post... =>

Thread locked and assumed closed to prevent more confusion

Edited by: Julius Bussche on Jul 23, 2009 10:32 PM