Delete from <Application Server name>.USR02 where bname=’SAP*’;
Step 2) Then Login using SAP* user
Step 3) Go to EWZ5 or SU10 transaction code and unlock all the users. Note:
USR02 is a table in which all user master records are stored.
Killing SAP* will automatically recreate a user master record in USR02 table. Portal Security
All security related activities like Creation of User accounts and Creation of roles which are normally performed using SU01 and PFCG can be done using portal. In Portal administration there are two ways of maintaining users and roles information.
1) Accessing portal using an URL
2) Accessing portal using Active Directory Service Note:
1) Any portal URL, the ports will be in the 50000 series.
2) For portal we need J2EE engine to be installed and no need of ABAP engine to run.
3) All roles are configured in active directory service which are related with only portal i.e. users need to enter travel expenses and file their timesheets using portal, then separate roles are provided which are related with portal. These roles provide access to users to display the screens as well as store the information in DB.
4) Some portal screens will be integrated with SAP system i.e. PROS. Instead of logging into SAP system we use the portal screens from which the user provide the inputs and gets automatically saved in SAP DB.
Problems in Portal
Problem 1) Global page missing Solution:
Check in Active Directory whether the user is been correctly added under the role which is considered as global
Note:
In active directory services we have 2 types of roles
1)
Global roles Provide access for an user to login to portal i.e. for the initial screen to appear. They are classified based on region the user belongs to. For example: Africa, Europe etc.2)
Local Roles Provide access for certain T – Codes or activities which the user needs to perform. Eg: Time sheet filling, travel expenses. Local roles are categorized based on the location the user is situated. Eg: Country Wise IN, USA, AF3) Every user who access portal must have one global role and ‘n’ of local roles.
Problem 2) User reports “Not able to access ESS” Solution:
Check the global role
Check the exact local role, assigned to a user
Problem 3) User reports “He us able to access other global screens instead of his own screen”
Solution:
Find which global screens user is able to access. Go to AD service and then to particular global role.
Edit the role and check if the user ID is been added to that particular role. If it is added then remove the user ID and add the user ID to the correct global role and inform the user to restart his system in order to access new changes.
1) Assigning users using AD service is considered as a direct assignment where as assigning users using portal is considered as indirect assignment. This is similar to assigning users in SAP using PFCG (Direct assignment) and SU01 (Indirect Assignment).
2) Unicode in SAP supports 13 languages. All character sets of these languages are embedded in the software. Non-unicode is language specific.
3) The upgrade of SAP system from non-unicode to Unicode is possible whereas the other way is not. To achieve the transition from non-unicode to Unicode we need to have Non-Unicode export kernel CD and Unicode import kernel CD.
4) SU3 is the transaction code for maintaining user own data. 5) SCAT, T-code is used for running CATT scripts.
6) ACTVT field indicates the type of activity i.e. creates, change, generate and delete.
7) In PFCG transaction code, a profile indicates a unique identifier generated by system to identify a role.
8) Notation for parent role is Z> and for Child / Derived Role it is Z:
9) Any role starting with SAP_ or SAP defined roles, they should not be generated instead they are used as Templates, hence if we want to use any SAP role first copy a role to a customized role and generate it.
10) SAP_ roles are used mainly during implementation.
11) All roles are of type Basic maintenance only whereas HR related roles and work flow related roles are of type complete view. By default the roles are of type basic maintenance.
12) Before we delete a role, it has to be added to a transport because these actions are performed in DEV system.
13) Profile names come by default if it has to be changed then it has to start with Z.
14) Color indications in authorizations
a.
Red No organization valuesb.
Green All fields have valuesc.
Yellow Some field values are missing. Role DistributionDistribution of a role can be done using
Go to transaction code PFCG Menu tab Distribute button Enter the target system i.e. an RFC connection needs to be created between source and target system.
This procedure is distributing the roles between source and target using RFC connections
If a role is being distributed to a target system only the structure is being copied and not authorizations. Hence we need to maintain the authorization for a role in the target system.
STMS (SAP Transport management System)
1)
SAP normally follows 3 system landscape with 3 tier architecture. i.e. DEV, QAS, PRD.2) One of the systems has to be configured as transport domain controller. This configuration is done as a part of implementation i.e. immediately after executing SICK transaction.
3) The transaction to configure transport management. STMS
4)
RFC’s are generated when the Transport Management System when continued R/3 system to communicate with all R/3 systems in a domain.A) SAP systems that share a common transport directory tree form a transport group.
Q) What is transport domain controller?
A) R/3 system with the reference configuration is called as the transaction domain controller.
Q) What is transport domain?
A) All R/3 systems that are planned to manage centrally using TMS form a transport domain.
In order to configure transaction domain controller we have to login using client 000 and user sap* or any user having similar authorization using sap*.
Configuring Transport domain controller:- 1) Login to SAP using client 000 and sap*
2) Go to STMS, it will propose the system as transport domain controller, provide the description and save.
3) Go to overview menu and select systems
4) Place the cursor on SYS ID and select SAP system display
5) Go to transport pool and check under global parameter transport directory. i.e. transport directory path (\usr\sap\trans)
Note: The above steps are performed in Dev System which we can assume as domain controller
Steps for Requesting inclusion of QAS and PRD systems into domain controller Log on to QAS with 000 and SAP* go to STMS
Select other configuration
Provide the description and target hostname of the transport domain i.e. DEV system domain name and instance no and save
Login to Development using 000 and sap * and goto STMS Select the QAS
Go to sap systems Approve
This will pop up message saying “Inclusion of system in Transport Domain” then click “Yes”
Note: Repeat the above steps for inclusion of PROD system also
In Dev distribute TMS configuration by selecting extras Distribute TMS configuration
It POPs us a message and then select “Yes” Backup Domain Controller
Backup domain controller holds the copy of reference configuration and configuration changes can be managed when transport domain controller is not available.
Steps in defining backup domain controller:
1.
Log on to transport domain controller system using client 000 and SAP*. Go to STMS T-code.2.
In STMS screen go to overviewsystems select the R3 system to be defined as backup domain controller.3.
Go to SAP systemDisplay4.
Go to communication tab Select change under backup, you have to mention “QAS” and save then it will give a pop-up windows requesting you to configure the changes immediately, select YES.5.
Go to Extras from menu Activate backup domain controller. It will give a pop-up windows as “Activate system QAS as a domain controller” click “YES”.Transport Routes: