Search found 75 matches

by mithileshkotwal
Thu Jan 15, 2009 12:31 pm
Forum: Basis
Topic: LDAP SYnc Configuration Problem
Replies: 0
Views: 974

LDAP SYnc Configuration Problem

We are trying to configure the LDAP connector to sync SAP with out Active Directory. However, the connector is facing an error whenever we are trying to logon to AD. We have checked that we have the correct base entry and distinguished name configured for the server and the system. We just get the e...
by mithileshkotwal
Thu Jun 05, 2008 1:06 pm
Forum: SAP Security
Topic: Error in LM01
Replies: 7
Views: 4005

Re: Error in LM01

use transaction LRFMD from ECC 5.0 onwards to assign the user to a profile
by mithileshkotwal
Wed Mar 26, 2008 2:51 am
Forum: SAP Security
Topic: Unable to Run Transaction CJSG as Background Job
Replies: 2
Views: 799

Re: Unable to Run Transaction CJSG as Background Job

Try auth object G_800S_GSE. For such situations, I would advice checking the code for the abap program for authority check statements
by mithileshkotwal
Fri Mar 07, 2008 10:38 am
Forum: SAP Security
Topic: What table contains the SNC (SSO) name for a user?
Replies: 2
Views: 1934

for SNC name, the table is USRACL.. best way to assign the snc names is to have a background job running based on transaction SNC1
by mithileshkotwal
Mon Jan 14, 2008 2:36 pm
Forum: SAP Security
Topic: Double authorization role cleaning
Replies: 19
Views: 4268

PRGN_COMPRESS_TIMES is actually the program thats called when you go to Optimize User Assignment.
by mithileshkotwal
Mon Jan 14, 2008 10:11 am
Forum: SAP Security
Topic: Double authorization role cleaning
Replies: 19
Views: 4268

You would face the same issue with the ABAP program since the child system would need to communicate back to CUA that the role assignments have been changed. You are better off disconnecting the system from CUA, running the standard Optimise user assignments and then reconnect the system to CUA.
by mithileshkotwal
Fri Jan 11, 2008 10:29 am
Forum: SAP Security
Topic: Parameter ID
Replies: 1
Views: 924

I don't know about any default way to setup PIDs. However they can be setup across all clients using a CUA. You should also setup PRGN_CUST with the appropriate value for CUA_PARAMETER_CHECK as per your requirements.
by mithileshkotwal
Fri Jan 11, 2008 10:26 am
Forum: SAP Security
Topic: Double authorization role cleaning
Replies: 19
Views: 4268

I was working on a client a while back and we had a bit of a problem with user creation scripts. One of the guys in the team made the good point that as SU10 deletes from or appends to the roles assigned to a user it's actually much more useful than SU01 etc. The script isn't hugely efficient but g...
by mithileshkotwal
Fri Jan 11, 2008 10:19 am
Forum: SAP Security
Topic: Double authorization role cleaning
Replies: 19
Views: 4268

It won't work with an active CUA. However, you can disconnect the system from CUA, run this and then re-connect the system tto CUA.
by mithileshkotwal
Thu Jan 10, 2008 10:23 am
Forum: SAP Security
Topic: Double authorization role cleaning
Replies: 19
Views: 4268

You can also try using the following
Go PFCG, display the role, and then go to Utilities--> Optimize User Assignment.
We are on ECC 5.0 SAPKB64020.
by mithileshkotwal
Wed Jan 09, 2008 9:37 am
Forum: SAP Security
Topic: CUA: is this normal?
Replies: 5
Views: 1902

Its normal behaviour. You need to have the output device defined both systems for it to work properly. You might also want to check PRGN_CUST for settings related to CUA. it won't solve your printer issue but might help for settings related to user groups, parameters, etc.
by mithileshkotwal
Wed Jan 09, 2008 9:33 am
Forum: SAP Security
Topic: Firefighter - Message to Firefighter / Multiple Logon [R]
Replies: 3
Views: 2024

Its strange that the FF problem has been fixed by a note related to audit logs
by mithileshkotwal
Thu Dec 20, 2007 1:52 pm
Forum: SAP Security
Topic: Firefighter - Message to Firefighter / Multiple Logon [R]
Replies: 3
Views: 2024

Check User Exit

Check the FF_52_ABAP_Installation document from the GRC release 5.2 documents from the service market place and check whether the part about implementing the logon user exit has been completed. Not sure if this is the solution to your problem but its worth a shot. Let us know if this works for you.
by mithileshkotwal
Wed Oct 31, 2007 10:39 am
Forum: SAP Security
Topic: SSO: multiple users to single SAP Login
Replies: 5
Views: 1532

Theoretically, the only way you can do that is by forcing the user PCs to generate the exact same certificate/logon ticket for SSO. That way, irrespective of the user logging on, the same certificate is passed to SAP and then you can maintain the same SNC name for both users Logically, as a security...
by mithileshkotwal
Wed Oct 03, 2007 1:34 pm
Forum: SAP Security
Topic: USMM runtime error
Replies: 1
Views: 1224

We had the same problem with SP20.. however our problem went way after applying the said OSS note correctly.