cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP AS JAVA trace for authorization check

Go to solution
Former Member

on ‎12-05-2013 6:07 AM

0 Kudos


Hi all,

Is there any tracing tool in NW AS JAVA similar to ST01 in ABAP for getting detailed log for authorization check?

Actually we are migrating one of our PI landscape which is on NW 7.00 (AS ABAP + JAVA) to NW PI AEX 7.31 SP09(AS JAVA). There some system users which are used for message processing.

I am having trouble finding the appropriate roles for these users in AS JAVA and as a temporary solution I have attached more roles than actually required.

I have also gone through the security guide of NW 7.31 PI AEX but still I am not able to identify the exact roles required.

Kindly help!!

Regards,

Robin Singh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-05-2013 8:01 AM
0 Kudos

Hello Robin,

Check the below links for more info on AS Java Security logs & Trace.

"

Logging and Trace Files

The following files are available for logging important security events and helping administrators with troubleshooting:

  • Security Logging

Location in Log Viewer: ./log/system/security.<n>.log

Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\server<n>\log\system\security.<n>.log

This file contains the log entries of a number of security related services, including the following:

  • Authentication
  • User Management
  • Virus Scanner Interface
  • Web Services
  • Destination service"


Links:
Logging and Tracing (SAP Library - SAP NetWeaver CE Security Guide)

http://help.sap.com/saphelp_nwce10/helpdata/en/fe/4f5542253fb330e10000000a155106/content.htm

Mudasir.

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎12-05-2013 10:32 AM
0 Kudos

Hi,

Thanks Rishi and Mudasir.

I went through the following trace and log files at OS level namely :

1.defaulttrace.trc

2.security.log

3.server.log

Out of these files I could find some useful information related to authorization failures in the default trace file. However looking at the trace it was very hard to identify which action was missing in the list of roles already attached to the user.

I was hoping to get some information similar to the one in Tx ST01 in ABAP which lists the missing authorization objects.

My motive to this question was if some user is missing some authorization how can I decide which action or role is needed ?

Regards,

Robin Singh


Show replies
Show replies
Former Member
‎12-05-2013 3:12 PM
0 Kudos

Hello Robin,

Can you try this.

NWA -> Troubleshooting -> Security Troubleshooting Wizard -> Start Diagnostics. It collects the Authentication errors with user-names specified.

Hope it works for you.

Mudasir.

Former Member
‎12-07-2013 12:37 PM
0 Kudos

Thanks Mudasir.

That tool was actually new to me.

Its a helpful tool indeed. However as you mentioned that it gives Info about authentication failures along with user id, it still does not serve my purpose.

I think there is no tool or trace as of now in AS JAVA which can match the information that we get through ST01 in AS ABAP.

I have opened a support message with SAP regarding this. Lets see what they have to say.

Regards,

Robin Singh

RafaelVieira
Active Participant
‎10-09-2014 8:51 PM
0 Kudos

So, Robin, what did you get from SAP?

Could you update the thread?

Tks!

Former Member
‎12-05-2013 6:41 AM
0 Kudos

hi,

Try this if it helps.

Login in portal NWA---->Troubleshooting ---> log and traces--->

Security Troubleshooting Wizard: Scenario Tracing

Thanks

Rishi abrol

Show replies
Show replies
Former Member
‎12-05-2013 7:11 AM
0 Kudos

Hi Rishi,

Thanks for the reply.

I have already checked them but they unfortunately they do not give any information related to what actions were missing in case of an authorization error.

Should I try to increase the log level to debug(currently the log level is 'info')?

But that will create a lot of trace

Regards,

Robin Singh

Former Member
‎12-05-2013 7:28 AM
0 Kudos

Hi,

Please check the below link if it helps.

Login to NWA and Check the SAP logs like defaultTrace through NWA or phsically loggin onto server for narrowing down to the issue.

SAP Library - Portal

Thanks

Rishi abrol

Ask a Question