cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLD access from ESB: 403 forbidden error

Go to solution
Former Member

on ‎03-01-2010 8:26 AM

0 Kudos

I have the following issue: I get a 403 - forbidden error when trying to connect to the SLD from the ESB (PI 7.1). The SLDCHECK and SLDAPICUST settings all work out fine (default user SLD_CL_<sid> is used for connection). So, in short, all communication to the SLD from the ABAP stack seems ok, but communication from JAVA stack to the SLD fails due to insufficient authorisations, according to the error message.

One strange thing I have noticed is that the SLD_CL_<sid> user could not connect to the SLD with the default SAP_SLD_CONFIGURATOR role assigned. Therefore, I added the role SAP_J2EE_ADMIN to its profile and restarted the system to make sure the user had no active logons somewhere in the system.

All SLD related settings I checked (SLDAPICUST, SM59, RZ70, Exchange Profile, NWA, etc) point to the correct SLD with the correct user.

Does anyone have an idea what might cause this problem?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-01-2010 9:25 AM
0 Kudos

You need group SAP_SLD_ADMINISTRATOR to access.

Check this URL that talks about authorizations - http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm

-Sekhar

Show replies
Show replies
Former Member
‎03-01-2010 9:35 AM
0 Kudos

Sekhar, if I interpret this table correct, it says that using the role SAP_SLD_CONFIGURATOR you can "import SWCV (Software Component Version) from SLD"? But that is precisely what can not be accomplished when using this role. In fact, the SLDCHECK fails completely when only this role has been assigned, while it works fine in any other PI system.

I have now requested the BASIS team to review the "History of Executed Configuration Tasks" from the NWA. Maybe something went wrong over there.

By the way: we tested the system with role SAP_SLD_ADMINISTRATOR and SAP_BC_AI_LANDSCAPE_DB_RFC without success.

Former Member
‎03-01-2010 9:59 AM
0 Kudos

I agree with you, myself had faced similar issue but SAP_SLD_ADMINISTRATOR had fixed.

But before that you need to fix the error you are getting with SLDCHECK.....You may please post the error you are seeing...

-Sekhar

Former Member
‎03-01-2010 10:26 AM
0 Kudos

Thanks. I will try your suggestions later today and inform you of the outcome.

Former Member
‎03-02-2010 12:15 PM
0 Kudos

I tried all your suggestions, but no success so far. Are there any settings in the SLD itself that can be checked?

Answers (2)

Answers (2)

Former Member
‎03-01-2010 9:07 AM
0 Kudos

Hi Iddo,

I think ur ID have not suffiencient Authorizatios.Can u pls check u r ID have following Roles othewise u ask your Basis team to provide these Roles.

SAP_SLD_ADMINISTRATOR

SAP_SLD_CONFIGURATOR

SAP_SLD_DEVELOPER

SAP_SLD_GUEST

SAP_SLD_ORGANIZER

Thanks

ravi

Show replies
Show replies
former_member206760
Active Contributor
‎03-01-2010 8:35 AM
0 Kudos

may be u do not have appropriate authorisations to access SLD

http://help.sap.com/saphelp_nw04/helpdata/en/56/361041ebf0f06fe10000000a1550b0/content.htm

Show replies
Show replies
Former Member
‎03-01-2010 8:51 AM
0 Kudos

Thanks for your reply. I will definitely try and add the mentioned role SAP_BC_AI_LANDSCAPE_DB_RFC to the user, but I don't think that will make much difference. I already checked with several other PI 7.1 systems, and they all make a valid connection to the SLD from the ESB using the SLD_CL_<sid> user and the role SAP_SLD_CONFIGURATOR.

Ask a Question