Sapnote_0001318883 SOA Error in EH5 System

7/27/2019 Sapnote_0001318883 SOA Error in EH5 System

http://slidepdf.com/reader/full/sapnote0001318883-soa-error-in-eh5-system 1/3

19.04.2013 Page 1 of 3

SAP Note 1318883 - Introduction of new authorizations in Web Service Framework

Note Language: English Version: 11 Validity: Valid Since 17.12.2012

Summary

Symptom

When you configure Web service (WS) consumer and provider objects, you

notice that the current SAP user does not have sufficient authorization to

execute the intended WS configuration operation.

The system issues a message, such as: "Not authorized [auth.obj=...,

object=..., activity=..., reason=...]".

This message may contain one of the following reasons why the authorization

check failed:

1. "No authorization found": The current SAP user account does not have

any authorization assigned to the specified authorization object.

2. "Authorization found with different values": The current SAP user

account has an authorization for the specified authorization object,

but with different values for the fields of the specified

authorization object.

Other terms

Web service configuration

Web service authorization check

Authorization checksAuthorization roles

SAP_BC_WEBSERVICE_CONFIGURATOR

Reason and Prerequisites

In your SAP NetWeaver (NW) releases or in certain Support Package levels,

new and more accurate authorization checks were introduced for the

configuration in the WS environment.

The background of this is that it was necessary to implement specific

protection for objects of the WS configuration framework when new WS

configuration objects were introduced.

The WS framework that was already introduced in the source code line of SAP

NetWeaver 6.40 is mainly based on objects from the ICF services and HTTP

destinations areas; it is not adapted sufficiently for accurate

co-ordination of authorization checks in the WS environment or new

configuration objects are not protected sufficiently.

The NetWeaver basis release that you use is either Version 7.02 or 7.20 or

higher. In earlier versions, no additional authorization checks are carried

out in transaction SOAMANAGER.

Solution



19.04.2013 Page 2 of 3


To support you when you assign suitable authorizations for the ABAP WS

configuration for SAP user accounts, (among other things) the new

authorization role SAP_BC_WEBSERVICE_CONFIGURATOR was created or enhanced.

The role contains all authorizations that are required for the WS

configuration vie transaction SOAMANAGER, as well as transactions WSCONFIG,

WSADMIN, and LPCONFIG. The latter transactions are obsolete and originate

from the SAP NetWeaver 6.40 environment. As of SAP NetWeaver Version 7.00,

these transactions should no longer be used for WS configurations.

Note that this role may already be available in your SAP client in an old

version. In this case, you can update this role with the authorizations of

the newest version (see the attachment to this note). In addition, this

role is also provided via an SAP NetWeaver Support Package.

You can use transaction PFCG to display the authorizations stored in this

role to check whether the existing role in your SAP client is the new

version or is still the old version of the role. It is the latest version

of the role if it contains authorizations for the following authorizationobjects: S_SRT_CF_C, S_SRT_CF_P, S_SRT_DEST, S_SRT_LRD, S_SRT_PROF,

S_SRT_SCEN, S_SRT_TYPE, S_SRT_UACC, S_SRT_UASG, and S_SRT_SR_P.

Implement the authorization role that is suitable for you for those SAP

users who perform configurations in the SAP ABAP WS environment, or adjust

the individual authorizations contained in the role according to your

requirements in your own authorization roles. You can use the specified

role as a copy template or an authorization model.

If you have already assigned the role or copies of it to user accounts,

after you upload the role or populate it via a relevant SAP Support

Package, you must perform an adjustment in the user accounts. You can use

transaction PFCG to upload the role and to adjust the user accounts. For

more information about using transaction PFCG, see the SAP documentation

(available for each SAP NetWeaver source code line at http://help.sap.com).

Header Data

Release Status: Released for Customer

Released on: 17.12.2012 13:26:39

Master Language: German

Priority: Correction with medium priority

Category: Customizing

Primary Component: BC-ESI-WS-ABA-CFG WebServices ABAP

Configuration

Valid Releases

Software Component Release From

Release

To

Release

and

Subsequent

SAP_BASIS 60 640 640




19.04.2013 Page 3 of 3


Software Component Release From

Release

To

Release

and

Subsequent


Support Packages

Support Packages Release Package Name

SAP_BASIS 701 SAPKB70105







Related Notes

Number Short Text

1835832 Support for user group names in Servises Registry views

1473968 No authorization check is required for design time objects

1364177 SAP_BC_WEBSERVICE_PI_CFG_SRV: added s_srt_cf_p, s_srt_cf_c

1319507 Overview: Analysis of ABAP Web Service Configuration

1120273 Migration of 6.40 and 7.00 WS configurations to 7.20

Attachments

FileType

File Name Language Size

ZIP SAP_BC_WEBSERVICE_CONFIGURATOR.zip E 3 KB

Documents

Sapnote_0001318883 SOA Error in EH5 System