Upload
chandram
View
230
Download
0
Embed Size (px)
Citation preview
7/27/2019 Sapnote_0001318883 SOA Error in EH5 System
http://slidepdf.com/reader/full/sapnote0001318883-soa-error-in-eh5-system 1/3
19.04.2013 Page 1 of 3
SAP Note 1318883 - Introduction of new authorizations in Web Service Framework
Note Language: English Version: 11 Validity: Valid Since 17.12.2012
Summary
Symptom
When you configure Web service (WS) consumer and provider objects, you
notice that the current SAP user does not have sufficient authorization to
execute the intended WS configuration operation.
The system issues a message, such as: "Not authorized [auth.obj=...,
object=..., activity=..., reason=...]".
This message may contain one of the following reasons why the authorization
check failed:
1. "No authorization found": The current SAP user account does not have
any authorization assigned to the specified authorization object.
2. "Authorization found with different values": The current SAP user
account has an authorization for the specified authorization object,
but with different values for the fields of the specified
authorization object.
Other terms
Web service configuration
Web service authorization check
Authorization checksAuthorization roles
SAP_BC_WEBSERVICE_CONFIGURATOR
Reason and Prerequisites
In your SAP NetWeaver (NW) releases or in certain Support Package levels,
new and more accurate authorization checks were introduced for the
configuration in the WS environment.
The background of this is that it was necessary to implement specific
protection for objects of the WS configuration framework when new WS
configuration objects were introduced.
The WS framework that was already introduced in the source code line of SAP
NetWeaver 6.40 is mainly based on objects from the ICF services and HTTP
destinations areas; it is not adapted sufficiently for accurate
co-ordination of authorization checks in the WS environment or new
configuration objects are not protected sufficiently.
The NetWeaver basis release that you use is either Version 7.02 or 7.20 or
higher. In earlier versions, no additional authorization checks are carried
out in transaction SOAMANAGER.
Solution
7/27/2019 Sapnote_0001318883 SOA Error in EH5 System
http://slidepdf.com/reader/full/sapnote0001318883-soa-error-in-eh5-system 2/3
19.04.2013 Page 2 of 3
SAP Note 1318883 - Introduction of new authorizations in Web Service Framework
To support you when you assign suitable authorizations for the ABAP WS
configuration for SAP user accounts, (among other things) the new
authorization role SAP_BC_WEBSERVICE_CONFIGURATOR was created or enhanced.
The role contains all authorizations that are required for the WS
configuration vie transaction SOAMANAGER, as well as transactions WSCONFIG,
WSADMIN, and LPCONFIG. The latter transactions are obsolete and originate
from the SAP NetWeaver 6.40 environment. As of SAP NetWeaver Version 7.00,
these transactions should no longer be used for WS configurations.
Note that this role may already be available in your SAP client in an old
version. In this case, you can update this role with the authorizations of
the newest version (see the attachment to this note). In addition, this
role is also provided via an SAP NetWeaver Support Package.
You can use transaction PFCG to display the authorizations stored in this
role to check whether the existing role in your SAP client is the new
version or is still the old version of the role. It is the latest version
of the role if it contains authorizations for the following authorizationobjects: S_SRT_CF_C, S_SRT_CF_P, S_SRT_DEST, S_SRT_LRD, S_SRT_PROF,
S_SRT_SCEN, S_SRT_TYPE, S_SRT_UACC, S_SRT_UASG, and S_SRT_SR_P.
Implement the authorization role that is suitable for you for those SAP
users who perform configurations in the SAP ABAP WS environment, or adjust
the individual authorizations contained in the role according to your
requirements in your own authorization roles. You can use the specified
role as a copy template or an authorization model.
If you have already assigned the role or copies of it to user accounts,
after you upload the role or populate it via a relevant SAP Support
Package, you must perform an adjustment in the user accounts. You can use
transaction PFCG to upload the role and to adjust the user accounts. For
more information about using transaction PFCG, see the SAP documentation
(available for each SAP NetWeaver source code line at http://help.sap.com).
Header Data
Release Status: Released for Customer
Released on: 17.12.2012 13:26:39
Master Language: German
Priority: Correction with medium priority
Category: Customizing
Primary Component: BC-ESI-WS-ABA-CFG WebServices ABAP
Configuration
Valid Releases
Software Component Release From
Release
To
Release
and
Subsequent
SAP_BASIS 60 640 640
SAP_BASIS 70 701 702
7/27/2019 Sapnote_0001318883 SOA Error in EH5 System
http://slidepdf.com/reader/full/sapnote0001318883-soa-error-in-eh5-system 3/3
19.04.2013 Page 3 of 3
SAP Note 1318883 - Introduction of new authorizations in Web Service Framework
Software Component Release From
Release
To
Release
and
Subsequent
SAP_BASIS 71 710 730
Support Packages
Support Packages Release Package Name
SAP_BASIS 701 SAPKB70105
SAP_BASIS 702 SAPKB70201
SAP_BASIS 702 SAPKB70204
SAP_BASIS 702 SAPKB70205
SAP_BASIS 711 SAPKB71104
SAP_BASIS 720 SAPKB72002
SAP_BASIS 720 SAPKB72003
Related Notes
Number Short Text
1835832 Support for user group names in Servises Registry views
1473968 No authorization check is required for design time objects
1364177 SAP_BC_WEBSERVICE_PI_CFG_SRV: added s_srt_cf_p, s_srt_cf_c
1319507 Overview: Analysis of ABAP Web Service Configuration
1120273 Migration of 6.40 and 7.00 WS configurations to 7.20
Attachments
FileType
File Name Language Size
ZIP SAP_BC_WEBSERVICE_CONFIGURATOR.zip E 3 KB