SAP从业者联盟

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
SAP从业者联盟 门户 SAP notes 查看内容

1318883 - Introduction of new authorizations in Web Service Framework

2014-9-9 10:47| 发布者: isap| 查看: 4671| 评论: 0|来自: SAP SMP

摘要: Version Validity: 2012-12-17 - activeSymptomWhen you configure Web service (WS) consumer and provider objects, you notice that the current SAP user does not have sufficient authorization to execut ...
Version         Validity: 2012-12-17 - active 

Symptom


When you configure Web service (WS) consumer and provider objects, you notice that the current SAP user does not have sufficient authorization to execute the intended WS configuration operation.

The system issues a message, such as: "Not authorized [auth.obj=..., object=..., activity=..., reason=...]".

This message may contain one of the following reasons why the authorization check failed:

    1. "No authorization found": The current SAP user account does not have any authorization assigned to the specified authorization object.
    2. "Authorization found with different values": The current SAP user account has an authorization for the specified authorization object, but with different values for the fields of the specified authorization object.


Other Terms


Web service configuration
Web service authorization check
Authorization checks
Authorization roles
SAP_BC_WEBSERVICE_CONFIGURATOR


Reason and Prerequisites


In your SAP NetWeaver (NW) releases or in certain Support Package levels, new and more accurate authorization checks were introduced for the configuration in the WS environment.

The background of this is that it was necessary to implement specific protection for objects of the WS configuration framework when new WS configuration objects were introduced.

The WS framework that was already introduced in the source code line of SAP NetWeaver 6.40 is mainly based on objects from the ICF services and HTTP destinations areas; it is not adapted sufficiently for accurate co-ordination of authorization checks in the WS environment or new configuration objects are not protected sufficiently.

The NetWeaver basis release that you use is either Version 7.02 or 7.20 or higher. In earlier versions, no additional authorization checks are carried out in transaction SOAMANAGER.


Solution


To support you when you assign suitable authorizations for the ABAP WS configuration for SAP user accounts, (among other things) the new authorization role SAP_BC_WEBSERVICE_CONFIGURATOR was created or enhanced.

The role contains all authorizations that are required for the WS configuration vie transaction SOAMANAGER, as well as transactions WSCONFIG, WSADMIN, and LPCONFIG. The latter transactions are obsolete and originate from the SAP NetWeaver 6.40 environment. As of SAP NetWeaver Version 7.00, these transactions should no longer be used for WS configurations.

Note that this role may already be available in your SAP client in an old version. In this case, you can update this role with the authorizations of the newest version (see the attachment to this note). In addition, this role is also provided via an SAP NetWeaver Support Package.

You can use transaction PFCG to display the authorizations stored in this role to check whether the existing role in your SAP client is the new version or is still the old version of the role. It is the latest version of the role if it contains authorizations for the following authorization objects: S_SRT_CF_C, S_SRT_CF_P, S_SRT_DEST, S_SRT_LRD, S_SRT_PROF, S_SRT_SCEN, S_SRT_TYPE, S_SRT_UACC, S_SRT_UASG, and S_SRT_SR_P.

Implement the authorization role that is suitable for you for those SAP users who perform configurations in the SAP ABAP WS environment, or adjust the individual authorizations contained in the role according to your requirements in your own authorization roles. You can use the specified role as a copy template or an authorization model.

If you have already assigned the role or copies of it to user accounts, after you upload the role or populate it via a relevant SAP Support Package, you must perform an adjustment in the user accounts. You can use transaction PFCG to upload the role and to adjust the user accounts. For more information about using transaction PFCG, see the SAP documentation (available for each SAP NetWeaver source code line at http://help.sap.com).

Header Data

Released On2012-12-17 21:26:39
Release StatusReleased for Customer
ComponentBC-ESI-WS-ABA-CFG WebServices ABAP Configuration
PriorityCorrection with medium priority
CategoryCustomizing

Validity

Software Component
From Rel.
To Rel.
And Subsequent
SAP_BASIS
640
640
 
701
702
 
710
730
 

Support Packages & Patches

Support Packages
Software Component
Release
Support Package
SAP_BASIS
701
702
702
702
711
720
720





鲜花

握手

雷人

路过

鸡蛋

Archiver|SAP从业者联盟 ( 京ICP备09055458号-2 

GMT+8, 2017-11-25 13:55 , Processed in 0.035112 second(s), 14 queries .

Powered by i-sap.org X2

© 2001-2011 Comsenz Inc.

回顶部