06-26-2009 11:30 AM
Hi all,
I found some user roles' authorizations weirdly disappeared. Then I'm not able to use those user to logon to the NW AS web admin, which had been working one day before I found the problem. Do you know what could be reason for that problem?
06-26-2009 1:39 PM
hello,
Please check if the change history of that user.See if you have some info there.
thanks,Prasanna
06-26-2009 2:30 PM
06-26-2009 2:45 PM
Hi,
1. Check the change docs in SUIM for that user
2. Check expiry date of the role for that particluar. Make sure the user comparisons are in GREEN
3. Check if there were any role changes moved recently into that system. If there are, then user comparisons should be in GREEN
Regards
Puneeth
06-29-2009 9:10 AM
Hi all
Thanks a lot for the replies! The role I encounted problem with is the "SAP_J2EE_Admin" role which is a SAP created role. I checked the change history with TCode SUIM, but didn't found any User changes made to it before I encounted the problem (not able to login to the Web AS j2ee engine, I set the starting date to two days before the date of the problem).
Last Friday, after I restarted the Web AS, I'm able to login to the server again. But the user comparison light is yellow and not able to set it to green since there is no authorization profile for the role. I read from some SAP document, says there is no authorization object for the role and its profile doesn't need to be generated (since the authorization is done with the mapping in UME by using the Visual Administrator). Is that true!? If not, what kind of authorization objects should be assigned to the SAP_J2EE_Admin role?
Thanks for your help!
06-29-2009 10:05 AM
SAP_J2EE_Admin role is a sap standard role.
It is not recommended to change the sap standard role. In some configurations it does not require an authorization object in the role. Only the profile needs to be generated.
Regards,
Pavan
07-16-2009 9:25 AM
Hi Pavan,
How to generate a role's profile (in my case, role SAP_J2EE_ADMIN) without any active authorization object assigned? I tried the mass generation, but the return messages repeated as "at least select one role" while I did select the role (SAP_J2EE_ADMIN). Any idea?
Regards,
Yong
07-16-2009 10:31 AM
open the role in PFCG , give a profile name and in the authorization data dont give any values , just generate the role and do the user comparison.
We do the same in ADS configuration, which i did successfully recently.
Regards,
Pavan
07-23-2009 6:38 PM
Hi
SAP_J2EE_ADMIN role is a ABAP role.. It appears in the JAVA environment as a group and is mapped as a JAVA group to the JAVA security role.. So it will not provide any authorization in ABAP. So no profile generation is required.
Regards,
Sandip.
07-23-2009 9:28 PM