cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integration Builder: Business System Assignment: Insufficient Authorization

Go to solution
former_member198943
Explorer

on ‎04-08-2015 7:33 PM

0 Kudos

Hi Experts,

Looking for some light on my issue.

We had been implementing PI 7.4 AEX SP10 and in the processing of setting the ID configuration prior which the SLD part is completely done.

While starting with Assigning Business Systems it throws the below error.

Insufficient authorization to create object Communication Component:

I had all the authorizations for my user. When tested for edit authorization, i tried to import a Party from other system and it gets imported successfully. But the only issue while assigning business systems.

I have checked this note already. 

1690250 - Error when executing Display/Edit in PI ESR/Directory

Have any of you faced this. Can you share your ideas here. Thanks in advance.

I am still looking for solution and if it gets fixed, i will share what helped me.

Best regards,

Venkat

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member184720
Active Contributor
‎04-08-2015 7:38 PM
0 Kudos

Can you explicitly assign the "XiDir_Unrestricted" role in useradmin and see ?

After that make sure you closed all open session and launch them again or try from NWDS.

Show replies
Show replies
former_member198943
Explorer
‎04-08-2015 7:52 PM
0 Kudos

Hi Hareesh,

Thanks for response. This role was already added and tested. Everytime i tried a role, i had closed all sessions and re-logged in. This didn't help that.

former_member184720
Active Contributor
‎04-08-2015 7:56 PM
0 Kudos

Did you check the default trace file to see if it logs anything ?

Also did you try from NWDS?

former_member198943
Explorer
‎04-08-2015 8:19 PM
0 Kudos

I checked the default trace, but didn't find any for this. Regarding NWDS, I have not set it up yet. I will try that now meanwhile.

former_member184720
Active Contributor
‎04-08-2015 8:40 PM
0 Kudos

You can enable the show console from Java control panel and see if it captures.

javaws -viewer -> advanced -> setting -> java console -> show console.

then when you launch, you should see an additional console opened. Don't close it. It should record every action that you work on Integration builder tools

former_member198943
Explorer
‎04-08-2015 8:53 PM
0 Kudos

Hi Haressh, I tried your suggestion above. I have got the below capture from the java console. i have the top few lines below. The complete error in the attached notepad, just to decrease the length of the reply post.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>

#67 14:51:38 [Pool-Thread-0] ERROR com.sap.aii.ibdir.gui.cpa.bswizard.GeneratorPage: error creating business system assignment

Thrown:

com.sap.aii.ib.core.oa.OaPermissionException: Insufficient authorization to create object Communication Component:  | BS_SYSA

  at com.sap.aii.ib.server.oa.ServerObjectAccess.checkPermissionInternal(ServerObjectAccess.java:4038)

  at com.sap.aii.ib.server.oa.ServerObjectAccess.checkPermission(ServerObjectAccess.java:3907)

  at com.sap.aii.ib.server.oa.ServerObjectAccess.hasPermission(ServerObjectAccess.java:3354)

  at com.sap.aii.ib.server.oa.ServerObjectAccess.hasPermission(ServerObjectAccess.java:3331)

  at com.sap.aii.ib.server.oa.ServerObjectAccess.create(ServerObjectAccess.java:1688)

  at com.sap.aii.ib.server.oa.ObjectAccessBean.create(ObjectAccessBean.java:489)

  at sun.reflect.GeneratedMethodAccessor699.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

  at java.lang.reflect.Method.invoke(Method.java:597)5)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ID_BSAssignErr.txt.zip
former_member184720
Active Contributor
‎04-08-2015 9:37 PM
0 Kudos

Sorry i couldn't analyze the log further....

But since you are on the most recent release, i would suggest you to contact SAP and attach this log.

May be something might have changed in terms of ACL authorizations.

QQ -> I hope you have selected the unrestricted profile, when you launched it for the first time.

former_member198943
Explorer
‎04-08-2015 11:35 PM
0 Kudos

I have just checked it in ESR I was AEX profile, but I switched it to unrestricted profile and launched the ID again. Tried it for the same. But no luck. I will have to create the sap mesage.

But In case you or any one who see this message has more ideas please share the same.

Update: I have tried using NWDS as well. But I am unable to do.

former_member198943
Explorer
‎04-13-2015 3:55 PM
0 Kudos

Hi,

I didn't get the reply, but while going to some help documents and trying some solutions, the below worked for me.

I got the issue fixed and would like to provide the details, for some who might get stuck in similar issue.

The issue was with the combination of the Authorization checks at system level.

1) com.sap.aii.util.server.auth.activation - Was False

2) com.sap.aii.ib.server.acl.enable - Was True (set to False)

Though the 2nd parameter was True, it still need to work when Authoriztions are defined. It didn't work.  Might be some dependency further which I had to investigate.

Below is the the combinational results of of the above two parameters. This is picked from the SAP Help.

Perform the following steps to activate authorization checks.

  1. Access the ES Repository system properties.
  2. Search for the following properties:
    • com.sap.aii.util.server.auth.activation : To define user roles
    • com.sap.aii.ib.server.acl.enable : To define authorizations
  3. Set these properties to true and save your settings.Based on the value defined for authorizations and user roles, the system performs the following actions:
    Value of com.sap.aii.ib.server.acl.enable (Authorizations)Value of com.sap.aii.util.server.auth.activation (User Roles)Action in ES Builder
    FalseFalseBoth authorizations and user roles are disabled. All users have permissions to create, edit, and delete objects.
    FalseTrueUser roles are enabled.
    TrueFalseAuthorizations are enabled. However, if no authorizations are defined, users will not have permissions to create, edit, and delete objects. To perform any of these actions, you should define authorizations.
    TrueTrueBoth authorizations and user roles are enabled.If authorizations are defined, the system grants permissions based on the defined authorizations and not the user roles. However, if no authorizations are defined, the system checks for the user roles and permissions are granted accordingly.

Best Regards,

Venkat

former_member184720
Active Contributor
‎04-13-2015 6:04 PM
0 Kudos

Thanks Venkat for sharing your findings. It helps.

Answers (0)

Ask a Question