on 12-05-2013 6:07 AM
Hi all,
Is there any tracing tool in NW AS JAVA similar to ST01 in ABAP for getting detailed log for authorization check?
Actually we are migrating one of our PI landscape which is on NW 7.00 (AS ABAP + JAVA) to NW PI AEX 7.31 SP09(AS JAVA). There some system users which are used for message processing.
I am having trouble finding the appropriate roles for these users in AS JAVA and as a temporary solution I have attached more roles than actually required.
I have also gone through the security guide of NW 7.31 PI AEX but still I am not able to identify the exact roles required.
Kindly help!!
Regards,
Robin Singh
Hello Robin,
Check the below links for more info on AS Java Security logs & Trace.
"
The following files are available for logging important security events and helping administrators with troubleshooting:
Location in Log Viewer: ./log/system/security.<n>.log
Location in file system: <drive>:\usr\sap\<SID>\<instance_number>\j2ee\cluster\server<n>\log\system\security.<n>.log
This file contains the log entries of a number of security related services, including the following:
Links:
Logging and Tracing (SAP Library - SAP NetWeaver CE Security Guide)
http://help.sap.com/saphelp_nwce10/helpdata/en/fe/4f5542253fb330e10000000a155106/content.htm
Mudasir.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Thanks Rishi and Mudasir.
I went through the following trace and log files at OS level namely :
1.defaulttrace.trc
2.security.log
3.server.log
Out of these files I could find some useful information related to authorization failures in the default trace file. However looking at the trace it was very hard to identify which action was missing in the list of roles already attached to the user.
I was hoping to get some information similar to the one in Tx ST01 in ABAP which lists the missing authorization objects.
My motive to this question was if some user is missing some authorization how can I decide which action or role is needed ?
Regards,
Robin Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Mudasir.
That tool was actually new to me.
Its a helpful tool indeed. However as you mentioned that it gives Info about authentication failures along with user id, it still does not serve my purpose.
I think there is no tool or trace as of now in AS JAVA which can match the information that we get through ST01 in AS ABAP.
I have opened a support message with SAP regarding this. Lets see what they have to say.
Regards,
Robin Singh
hi,
Try this if it helps.
Login in portal NWA---->Troubleshooting ---> log and traces--->
Security Troubleshooting Wizard: Scenario Tracing
Thanks
Rishi abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rishi,
Thanks for the reply.
I have already checked them but they unfortunately they do not give any information related to what actions were missing in case of an authorization error.
Should I try to increase the log level to debug(currently the log level is 'info')?
But that will create a lot of trace
Regards,
Robin Singh
Hi,
Please check the below link if it helps.
Login to NWA and Check the SAP logs like defaultTrace through NWA or phsically loggin onto server for narrowing down to the issue.
Thanks
Rishi abrol
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.