|
Work Process Type
|
Description
|
|
Dialog
|
D: Processes real-time information in the
foreground.
|
|
Background
|
B: Background processing for long-running
processes, reports, and batch jobs.
|
|
Synchronous Update
|
V1: Processes immediate updates to the
database.
|
|
Asynchronous Update
|
V2: Processes updates to the database on a
lower priority than V1 (that is, when time permits).
|
|
Enqueue
|
E: Manages database locks.
|
|
Message
|
M: Manages communication between application
servers.
|
|
Spool
|
S: Manages print jobs (the print spool).
|
|
Gateway
|
G: Communicates with other SAP and non-SAP
systems.
|
Monday, November 17, 2014
SAP Work Processes
Wednesday, September 3, 2014
SAP System User types (Dialog, system, communications, service, reference )
You
can specify the following user types:
● Dialog
(A)
Individual system access (personalized)
It is possible to log on using SAP GUI. The user is therefore capable
of interaction through SAP GUI.
The system checks whether the password has expired or is initial.
The user can change his or her password himself or herself.
Multiple dialog logons are checked and, where appropriate, logged.
Purpose: for individual human users (including Internet users)
● System
(B)
System-related and internal system processes.
It is not possible to log on using SAP GUI. The user is therefore
incapable of interaction through SAP GUI.
The password change requirement does not apply to the passwords, that
is, they cannot be initial or expired.
Only a user administrator can change the password.
Multiple logons are permissible.
Purpose: background processing and communication within a system
(internal RFC calls) and between multiple systems (external RFC calls).
Purpose: for example, RFC users for ALE, workflow, TMS, CUA.
● Communications
(C)
Individual system access (personalized)
It is not possible to log on using SAP GUI. The user is therefore
incapable of interaction through SAP GUI.
Although the system checks whether the password has expired or is
initial, the implementation of the requirement to change the password, which
exists in principle, depends on the logon method (interactive or
non-interactive).
The user can change his or her password himself or herself.
Purpose: external RFC calls of individual human users.
● Service
(S)
Shared system access for a larger, anonymous group of
users. Assign only very restricted authorizations for this user
type.
It is possible to log on using SAP GUI. The user is therefore capable
of interaction through SAP GUI.
During a log on, the system does not check whether the password has
expired or is initial.
Only a user administrator can change the password.
Multiple logons are permissible.
Purpose: Anonymous system access (such as for public Web services).
After an individual authentication, an anonymous session begun with a service
user can be continued as a person-related session with a dialog user.
● Reference
(L)
It is not possible to log on to the system.
User type for general, non-person related users that allows the
assignment of additional identical authorizations, such as for Internet users
created with transactions SU01.
To assign a reference user to a dialog user, specify it when
maintaining the dialog user on the Roles tab page. In general, the
application controls the assignment of reference users. This assignment is
valid for all systems in a Central User Administration (CUA) landscape. If the
assigned reference user does not exist in a CUA child system, the assignment is
ignored.
You should be very cautious when creating reference users.
■ If
you do not implement the reference user concept, you can deactivate this field
in accordance with SAP Note 330067.
■ We
also recommend that you set the value for the Customizing switch REF_USER_CHECK
in table PRGN_CUST to "E". This means that only users of type
REFERENCE can then be assigned. Changing the Customizing switch affects only
new assignments of reference users. Existing assignments are retained.
■ We
further recommend that you place all reference users in one particularly secure
user group to protect them from changes to assigned authorizations and
deletion.
Can we assign generated profiles to users directly ?
Yes but the best practice is not to
assign profile to a user master record instead, assign single role or
composite role to the user.
Scum settings - logon data tab.
SCUM
SETTINGS - LOGON DATA TAB has the following settings as below:
|
Global
|
You can only maintain the data in the central system. The data is
then automatically distributed to the child systems. These fields do not
accept input in the child systems, but can only be displayed.
All other fields that are not set to “global” accept input both in
the central and in the child systems and are differentiated only by a
different distribution after you have saved.
|
|
Proposal
|
You maintain a default value in the central
system that is automatically distributed to the child systems when a user is
created. After the distribution, the data is only maintained locally, and is
not distributed again, if you change it in the central or child system.
|
|
RetVal
|
You can maintain data both centrally and
locally. After every local change to the data, the change is redistributed to
the central system and distributed from there to the other child systems.
|
|
Local
|
You can only maintain the data in the child
system. Changes are not distributed to other systems.
|
|
Everywhere
|
You can maintain data both centrally and
locally. However, only changes made in the central system are distributed to
other systems, local changes in the child systems are not distributed.
|
How to assign a same role to 200 users ?
You can do using PFCG- >
enter the role -> change -> go to
users tab -> paste the users -> click on user comparsion-> complete comparsion -> Save the role -
it's done
or
One can also use "Authorization Data" functionality in transaction SU10 to complete this task.
User have tcode SA38. How to restrict user to execute only report rsusr003
Use SE93 to create customize tcode:
a) via 'transaction with value' where we use SA38 screen as
inheritance. We have option to hide SA38 screen to avoid user running other
program.
b) via 'transaction with value' where we use START_REPORT to call
program it self. Or you can change the
following object in the role with tcode
SE38 and in authorization object S_DEVELOP the
activities
DEVCLASS '*'
OBTYPE '*'
OBNAME ' RSUSR003'
p_group '*'
activity '03'
How to check list of user from table usr02 using SQL Query.
How to check list of user from table usr02 using SQL Query.
1. In Ms SQL Server Management studio.
2. Execute SELECT BNAME FROM hrs.USR02 WHERE MANDT='310';
Table with list of activity types.
Table with list of activity types.
01 Create or generate
02 Change
03 Display
04 Print, edit messages
05 Lock
06 Delete
07 Activate, generate
08 Display change documents
09 Display prices
10 Post
11 Change number range status
12 Maint.and gen.change document
13 Initialize number levels
14 Field select.:Generate screen
15 Field select.:Assign table
16 Execute
17 Maintain number range object
18 Deliveries from coll. proc.
19 Invoices from coll. proc
20 Transport without translation
21 Transport
22 Enter, Include, Assign
23 Maintain
24 Archive
25 Reload
26 Change customer account group
27 Display totals records
28 Display line items
29 Display saved data
30 Determine
31 Confirm
32 Save
33 Read
34 Write
35 Output
36 Extended maintenance
37 Accept
38 Exercise
39 Check
40 Create in DB
41 Delete in DB
42 Convert to DB
43 Release
44 Flag
45 Allow
46 Merge
47 Borrow
48 Simulate
49 Request
50 Move
51 Initialize
52 Change application start
53 Display application start
54 Display application archive
55 Change application archive
56 Display archive
57 Save archive
58 Display takeover
59 Distribute
60 Import
61 Export
62 Create automatic Ledger
63 Activate
64 Generate
65 Reorganize
66 Refresh
67 Translate
68 Model
69 Discard
70 Administer
71 Analyze
72 Plan
73 Execute Digital Signature
74 Revoke approval
75 Remove
76 Enter
77 Pre-enter
78 Assign
79 Assign Role to Composite Role
80 Print
81 Schedule
82 Supplement
83 Counterconfirm
84 Settle
85 Reverse
86 Rebook
87 Return
88 Exercise
89 Force Posting
90 Copy
91 Reactivate
92 Create from Template
93 Calculate
94 Override
95 Unlock
96 Reject
97 Set
98 Mark for release
99 Generate invoice list
A1 Accrue
A2 Pay
A3 Change status
A4 Resubmit
A5 Display reports
A6 Read with filter
A7 Write with filter
A8 Process mass data
A9 Send
AA Print Again
AB Settle
B1 Display permitted values
B2 Complete Technically
B3 Derive
B8 Execute Again
B9 Post Parked Document
BD Maintain obj. in non-OwnerSys.
BE IMG projection
C1 Maintenance of payment cards
C2 Display of payment cards
C3 Maintenance of manual auth.
C4 Develope Payment Card
C5 Reopen
C8 Confirm change
D1 Copy
D3 Detailed Display
DL Download
DP Delete plan
E0 Save extract
E6 Delete own extracts
E7 Delete external extracts
EP Prioritise extract
FP Change customer field selectn
G1 Maintain Budget
G2 Billing
G3 Maintain Overhead Costs
G4 Maintain Reevaluation
G5 Park
G6 Transfer Budget
G7 Reverse
GL General overview
H1 Deactivate
H2 Activate Logging
H3 Deactivate Logging
KA Activate notice
KI Knock In
KO Knock Out
KS Reverse notice
KU Give notice
L0 All functions
L1 Function range level 1
L2 Function range level 2
LM Change LDAP Mapping
LS Change LDAP Sync. Switch
MA Deactivate mod.assistant
P0 Accept CCMS CSM data
P1 Edit CCMS CSM data
P2 Maintain CCMS CSM methods
P3 Register CCMS CSM remote systm
PA Open Period
PB Close Period
PC Open Consolid. Grp Processing
PD Close Consolid. Unit Processng
PP Set Productively
PU Publish
RS Send to New Recipient
S1 Edit template
S2 Edit specification
SO Edit in Sourcing
SZ Assign Switch Framework Switch
U2 Compare business volumes
U3 Change business volume comp.
U4 Add business volume data
UL Upload
V1 Create version
V2 Change Version
V3 Display Version
V4 Delete Version
V5 Transport Version
V6 Delete Version Header
VE Create an Enhancement ID
VF Expired
W1 Debug
W2 External Start
01 Create or generate
02 Change
03 Display
04 Print, edit messages
05 Lock
06 Delete
07 Activate, generate
08 Display change documents
09 Display prices
10 Post
11 Change number range status
12 Maint.and gen.change document
13 Initialize number levels
14 Field select.:Generate screen
15 Field select.:Assign table
16 Execute
17 Maintain number range object
18 Deliveries from coll. proc.
19 Invoices from coll. proc
20 Transport without translation
21 Transport
22 Enter, Include, Assign
23 Maintain
24 Archive
25 Reload
26 Change customer account group
27 Display totals records
28 Display line items
29 Display saved data
30 Determine
31 Confirm
32 Save
33 Read
34 Write
35 Output
36 Extended maintenance
37 Accept
38 Exercise
39 Check
40 Create in DB
41 Delete in DB
42 Convert to DB
43 Release
44 Flag
45 Allow
46 Merge
47 Borrow
48 Simulate
49 Request
50 Move
51 Initialize
52 Change application start
53 Display application start
54 Display application archive
55 Change application archive
56 Display archive
57 Save archive
58 Display takeover
59 Distribute
60 Import
61 Export
62 Create automatic Ledger
63 Activate
64 Generate
65 Reorganize
66 Refresh
67 Translate
68 Model
69 Discard
70 Administer
71 Analyze
72 Plan
73 Execute Digital Signature
74 Revoke approval
75 Remove
76 Enter
77 Pre-enter
78 Assign
79 Assign Role to Composite Role
80 Print
81 Schedule
82 Supplement
83 Counterconfirm
84 Settle
85 Reverse
86 Rebook
87 Return
88 Exercise
89 Force Posting
90 Copy
91 Reactivate
92 Create from Template
93 Calculate
94 Override
95 Unlock
96 Reject
97 Set
98 Mark for release
99 Generate invoice list
A1 Accrue
A2 Pay
A3 Change status
A4 Resubmit
A5 Display reports
A6 Read with filter
A7 Write with filter
A8 Process mass data
A9 Send
AA Print Again
AB Settle
B1 Display permitted values
B2 Complete Technically
B3 Derive
B8 Execute Again
B9 Post Parked Document
BD Maintain obj. in non-OwnerSys.
BE IMG projection
C1 Maintenance of payment cards
C2 Display of payment cards
C3 Maintenance of manual auth.
C4 Develope Payment Card
C5 Reopen
C8 Confirm change
D1 Copy
D3 Detailed Display
DL Download
DP Delete plan
E0 Save extract
E6 Delete own extracts
E7 Delete external extracts
EP Prioritise extract
FP Change customer field selectn
G1 Maintain Budget
G2 Billing
G3 Maintain Overhead Costs
G4 Maintain Reevaluation
G5 Park
G6 Transfer Budget
G7 Reverse
GL General overview
H1 Deactivate
H2 Activate Logging
H3 Deactivate Logging
KA Activate notice
KI Knock In
KO Knock Out
KS Reverse notice
KU Give notice
L0 All functions
L1 Function range level 1
L2 Function range level 2
LM Change LDAP Mapping
LS Change LDAP Sync. Switch
MA Deactivate mod.assistant
P0 Accept CCMS CSM data
P1 Edit CCMS CSM data
P2 Maintain CCMS CSM methods
P3 Register CCMS CSM remote systm
PA Open Period
PB Close Period
PC Open Consolid. Grp Processing
PD Close Consolid. Unit Processng
PP Set Productively
PU Publish
RS Send to New Recipient
S1 Edit template
S2 Edit specification
SO Edit in Sourcing
SZ Assign Switch Framework Switch
U2 Compare business volumes
U3 Change business volume comp.
U4 Add business volume data
UL Upload
V1 Create version
V2 Change Version
V3 Display Version
V4 Delete Version
V5 Transport Version
V6 Delete Version Header
VE Create an Enhancement ID
VF Expired
W1 Debug
W2 External Start
Display a list of user's password status and lock status.
· Execute tcode rsusr200 or
· User-->
Users By Complex Selection Criteria -->
By
Logon Date and Password change -->
· 
Enter a list of user (or) Enter single user name.
You will be able to see details as below.
·
Table USR02 - User Lock value
1. Execute SE16
2. Enter USR02
3. Below are the value and its description:
| 0 | Not locked |
| 16 | Lock |
| 32 | Locked by CUA admin (User Admin) |
| 64 | Locked by system Administrator |
| 128 | Locked due to incorrect logon attempts or too many failed attempts |
| 192 | A combination of both. The user is locked by admin and user tries to logon with incorrect passwords and gets locked ( 192 = 64+128) |
Tuesday, August 12, 2014
USR02 SAP Table - Logon Data
| Field | Data Element | Data Type | length | Checktable | Description |
| MANDT | MANDT | CLNT | 000003 | * | Client |
| BNAME | XUBNAME | CHAR | 000012 | User | |
| BCODE | XUCODE | RAW | 000008 | Initial password | |
| GLTGV | XUGLTGV | DATS | 000008 | Valid from | |
| GLTGB | XUGLTGB | DATS | 000008 | Valid through | |
| USTYP | XUUSTYP | CHAR | 000001 | User Type | |
| CLASS | XUCLASS | CHAR | 000012 | USGRP | User group |
| LOCNT | XULOCNT | INT1 | 000003 | Number of failed logon attempts | |
| UFLAG | XUUFLAG | INT1 | 000003 | User Lock Status | |
| ACCNT | XUACCNT | CHAR | 000012 | Account number | |
| ANAME | XUANAME | CHAR | 000012 | Creator of User Master Record | |
| ERDAT | XUERDAT | DATS | 000008 | Creation Date of User Master | |
| TRDAT | XULDATE | DATS | 000008 | Last Logon Date | |
| LTIME | XULTIME | TIMS | 000006 | Last Logon Time | |
| OCOD1 | XUCODE | RAW | 000008 | Initial password | |
| BCDA1 | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| CODV1 | XUCODEVERS | CHAR | 000001 | Password Code Vers. | |
| OCOD2 | XUCODE | RAW | 000008 | Initial password | |
| BCDA2 | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| CODV2 | XUCODEVERS | CHAR | 000001 | Password Code Vers. | |
| OCOD3 | XUCODE | RAW | 000008 | Initial password | |
| BCDA3 | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| CODV3 | XUCODEVERS | CHAR | 000001 | Password Code Vers. | |
| OCOD4 | XUCODE | RAW | 000008 | Initial password | |
| BCDA4 | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| CODV4 | XUCODEVERS | CHAR | 000001 | Password Code Vers. | |
| OCOD5 | XUCODE | RAW | 000008 | Initial password | |
| BCDA5 | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| CODV5 | XUCODEVERS | CHAR | 000001 | Password Code Vers. | |
| VERSN | XUVERSION | CHAR | 000003 | ||
| CODVN | XUCODEVER2 | CHAR | 000001 | Password Code Vers. | |
| TZONE | TZNZONE | CHAR | 000006 | TTZZ | Time Zone |
| PASSCODE | PWD_SHA1 | RAW | 000020 | Password Hash Val.(SAH1, 160 Bit) | |
| PWDCHGDATE | XUBCDAT | DATS | 000008 | Date of Last Password Change | |
| PWDHISTORY | XUPWDHIST | INT1 | 000003 | External Password History(USRPWDHISTORY) | |
| PWDLGNDATE | XULPDAT | DATS | 000008 | Date of Last Password Logon | |
| PWDSETDATE | XUSPDAT | DATS | 000008 | Date: Password Reset by Administrator | |
| PWDINITIAL | XUPWDINIT | INT1 | 000003 | Indicator: Password Is Initial | |
| PWDLOCKDATE | XUPLDAT | DATS | 000008 | Date: Password Lock | |
| PWDSALTEDHASH | PWD_HASH_STRING | CHAR | 000255 | Password Hash Value |
Monday, July 21, 2014
SAP GUI Logon Pad Backup and Restore.
Backing and Restoring SAP Logon Pad entries from one system to another system.
The paths for Windows XP/Vista/7 are as follows:
- Windows XP: C:\Documents and Settings\<username>\Application Data\SAP\Common
- Windows Vista/7: C:\Users\<username>\AppData\Roaming\SAP\Common
- If you install SAP GUI for Windows ≥ 7.20 the first time on a client:
- After having installed SAP GUI, you start SAP Logon for the first time. The saplogon.ini file will be automatically created in the Common directory mentioned above. Use SAP Logon to create the necessary entries. Your configuration will be saved in the corresponding newly created configuration file(s).
- If you upgrade an existing SAP GUI for Windows to release ≥ 7.20:
- After having upgraded the SAP GUI, you start SAP Logon for the first time. SAP Logon will now search for the default saplogon.ini and sapshortcut.ini files used in the former SAP Logon release in the known locations: the SAP GUI installation or the Windows directory.
- SAP Logon will then copy the existing saplogon.ini and sapshortcut.ini files to the Common folder, so that the former configuration details can be used again with the upgraded SAP GUI. The old versions of the *.ini files used with previous SAP GUI releases will remain in the former locations to allow going back to older SAP GUI releases, if this should ever be required. However, note that entries you added in SAP Logon as of SAP GUI for Windows 7.20 will not be added to the *.ini files in the old locations.
Saturday, July 19, 2014
Standard Background Jobs in SAP
In SAP, a few
jobs are scheduled to run periodically , to make system stable.
Following is
the list of some important SAP background jobs which has to run periodically.
|
Job Name
|
Program
|
Frequency
|
|
SAP_COLLECTOR_FOR_PERFMONITOR
|
RSCOLL00
|
Hourly
|
|
SAP_REORG_JOBS_<CLIENT>
|
RSBTCDEL
|
Daily
|
|
SAP_REORG_SPOOL_<CLIENT>
|
RSPO0041
|
Daily
|
|
SAP_REORG_BATCHINPUTL_<CLIENT>
|
RSBDCREO
|
Daily
|
|
SAP_REORG_ABAPDUMPS
|
RSSNAPDL
|
Daily
|
|
SAP_COLLECTOR_FOR_JOBSTATISTIC
|
RSBPCOLL
|
Daily
|
|
SAP_REORG_TEMSE_CHECK_<CLIENT>
|
RSTSOO20
|
Weekly
|
|
SAP_REORG_JOBSTATISTIC
|
RSBPSTDE
|
Monthly
|
|
SAP_REORG_IDOC_<CLIENT>
|
RBDCPCLR
|
Monthly
|
|
DBA_CHECKOPT..*
|
RSDBAJOB
|
Weekly
|
|
DBA_ANALYZETAB..*
|
RSDBAJOB
|
Weekly
|
Subscribe to:
Posts (Atom)