https://raw.githubusercontent.com/ajmaradiaga/feeds/main/scmt/topics/Security-qa.xml SAP Community - Security 2024-07-27T14:02:00.818604+00:00 python-feedgen Security Q&A in SAP Community https://community.sap.com/t5/technology-q-a/restriction-of-transaction-code/qaq-p/13645508 Restriction of transaction code 2024-03-21T12:07:52.029000+01:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>We are localizing an authorization and role for support users when functional test the transaction codes there were data's that can view&nbsp; globally.</P><P>We understand that not all transaction code has the restriction for organization level.</P><P>Sample is for tcode OBY6 functional can see data from other countries and we have checked in Su24 there is no auth obj being pulled and one is for SE16 we understand that this can be limit only based on the table auth group.</P><P>Is there a possibility to restrict certain transaction codes on specific country only? These involved mostly with IT Support tcodes?</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-03-21T12:07:52.029000+01:00 https://community.sap.com/t5/human-capital-management-q-a/using-iframe-in-learning-module/qaq-p/13645982 using iFrame in Learning Module 2024-03-21T17:32:46.506000+01:00 acarmanhani1 https://community.sap.com/t5/user/viewprofilepage/user-id/125013 <P><SPAN><SPAN class="">Hello community, </SPAN></SPAN></P><P><SPAN><SPAN class="">Considering the issue of third-party cookie deprecation&nbsp; (<A href="https://d.dam.sap.com/a/s3hKB1L/Third%20Party%20Cookies%20Frequently%20Asked%20Questions.pdf?rc=10" target="_blank" rel="noopener noreferrer">https://d.dam.sap.com/a/s3hKB1L/Third%20Party%20Cookies%20Frequently%20Asked%20Questions.pdf?rc=10</A>) and its impact on SAP SuccessFactors, I'm curious about the repercussions when using UI5 extensions (on BTP) embedded within <STRONG>iframes</STRONG> in the <STRONG>LMS</STRONG>. Would linking to open in a new tab address this problem? Are there any other impacts we should be aware of?</SPAN></SPAN></P><P><SPAN><SPAN class="">Thanks,</SPAN></SPAN></P><P><SPAN><SPAN class="">Anderson</SPAN></SPAN></P> 2024-03-21T17:32:46.506000+01:00 https://community.sap.com/t5/technology-q-a/no-saml2-sso-authentification-among-different-sap-system-with-nwbc/qaq-p/13652992 No SAML2 SSO authentification among different SAP system with NWBC 2024-03-28T23:02:45.405000+01:00 AnthoDKT https://community.sap.com/t5/user/viewprofilepage/user-id/865184 <P data-unlink="true"><SPAN>Hello,</SPAN></P><P data-unlink="true">Please find the description of the issue :<BR /><BR /><SPAN>When I first connect to SAP system SID1 with NWBC, I am going through the SAML2 workflow authentification, then when I am connecting to another system SID2, I am again asked to go through the SAML2 workflow authentification.</SPAN><BR /><BR /><SPAN>When I am reproducing the same in a web browser, connecting first to<EM> https://sapsid1.domain/sap/bc/ui2/nwbc/</EM>&nbsp; &nbsp;with SAML2 workflow authentification, and secondly&nbsp;connecting to&nbsp;</SPAN><EM>https://sapsid2.domain/sap/bc/ui2/nwbc/</EM>&nbsp;<SPAN>, I don't need to authenticate again for SID2 as the MYSAPSSO2 cookie is shared between both (If my understanding is right).</SPAN></P><P data-unlink="true"><BR /><SPAN>Could you please help us understand this difference of behavior between NWBC and a web browser ? How can I have this "unique" authentification in NWBC like the one in the browser ?</SPAN><BR /><BR /><SPAN>Thanks for your help,</SPAN></P><P data-unlink="true"><SPAN>Anthony</SPAN></P> 2024-03-28T23:02:45.405000+01:00 https://community.sap.com/t5/technology-q-a/to-find-out-and-analyze-what-tables-and-programs-user-accessed-past-6/qaq-p/13658637 To find out and analyze what tables and programs user accessed past 6 months using which roles. 2024-04-04T10:56:43.959000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>we are trying to restrict S_PROGRAM with * value&nbsp;</P><P>To find out and analyze what tables and programs user accessed past 6 months.</P><P>1. we have checked the program/table usage via SM20 logs for users but is there any way to check in S/4&nbsp; system for program/table usage of user through which role it is being accessed through any other standard tcode /reports?</P><P><BR />2.If we have any other possible way to get the program/table usage of users and through which role it is being accessed through any GRC standard tcode/report?</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-04-04T10:56:43.959000+02:00 https://community.sap.com/t5/technology-q-a/hey-team-can-i-know-how-to-see-the-security-events-logs-of-sap-hana/qaq-p/13662473 hey team, can i know how to see the security events logs of sap hana.. 2024-04-08T15:11:19.182000+02:00 ruzi https://community.sap.com/t5/user/viewprofilepage/user-id/1429600 <P>I have refered&nbsp;<A href="https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of-the-security-audit-log-sm19-rsau/ba-p/13297094#jive_content_id_List_of_events" target="_self">https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of-the-security-audit-log-sm19-rsau/ba-p/13297094#jive_content_id_List_of_events&nbsp;&nbsp;</A></P><P>but its about 2014, I m receiving different logs.. how can i get information from my new logs.. or is there any updation you have?</P> 2024-04-08T15:11:19.182000+02:00 https://community.sap.com/t5/technology-q-a/format-file-audit/qaq-p/13662707 Format file audit 2024-04-08T17:49:52.007000+02:00 basis_support_pl3_bis https://community.sap.com/t5/user/viewprofilepage/user-id/861815 2024-04-08T17:49:52.007000+02:00 https://community.sap.com/t5/technology-q-a/for-more-clarity/qaq-p/13663815 For more clarity 2024-04-09T12:21:58.206000+02:00 ruzi https://community.sap.com/t5/user/viewprofilepage/user-id/1429600 <P>Hi Sandra,</P><P>Thank u for this deep explanation, I need more clarity on some areas</P><UL><LI>5: Entry type<UL><LI>"q" = DDIC structure RSAUENTR2 version 1 without field SLGLTRM2</LI><LI>"2" = DDIC structure RSAUENTR2 version 2 including field SLGLTRM2</LI><LI>"5" = variable length record</LI></UL></LI><LI>you have mentioned 5 as a variable length.. which length does it holds?? bcoz i m clear with other things like length of user+username</LI></UL><P>what is 0000 - length of ?? + ?? . This u have mentioned.. what is the meaning of that?</P><P>And in this doc,&nbsp;<A href="https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of-the-security-audit-log-sm19-rsau/bc-p/13663225" target="_self">https://community.sap.com/t5/application-development-blog-posts/analysis-and-recommended-settings-of...</A></P><P>every field has a defined length ,but u have here described with variable lengths, does this occurs in the latest version of sap?? Bcoz in this doc,its mentioned as</P><P>variable message has 64 bits,program has 40 like that.. and follows an order.. and here is there any order.. if possible can u provide a table like this.. so that i would be more helpful</P><P><STRONG>Field</STRONG><STRONG>Sub-field</STRONG><STRONG>Length</STRONG><STRONG>Description</STRONG></P><TABLE border="1" cellpadding="4"><TBODY><TR><TD>SLGTYPE</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>SysLog: LIKE structure RSLGETYP</TD></TR><TR><TD>&nbsp;</TD><TD>SLGFTYP</TD><TD>1</TD><TD>Entry type: "q" = version 1 without field<SPAN>&nbsp;</SPAN><SPAN>SLGLTRM2</SPAN>, "2" = version 2 including field<SPAN>&nbsp;</SPAN><SPAN>SLGLTRM2</SPAN></TD></TR><TR><TD>&nbsp;</TD><TD><SPAN>AREA</SPAN></TD><TD>2</TD><TD>Message area</TD></TR><TR><TD>&nbsp;</TD><TD><SPAN>SUBID</SPAN></TD><TD>1</TD><TD>Message name</TD></TR><TR><TD>SLGDATTIM</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>Time stamp (CHAR 16)</TD></TR><TR><TD>&nbsp;</TD><TD>DATE</TD><TD>8</TD><TD>Date in format YYYYMMDD</TD></TR><TR><TD>&nbsp;</TD><TD>TIME</TD><TD>6</TD><TD>Time in format hhmmss</TD></TR><TR><TD>&nbsp;</TD><TD>DUMMY</TD><TD>2</TD><TD>not used</TD></TR><TR><TD>SLGPROC</TD><TD>&nbsp;</TD><TD>&nbsp;</TD><TD>SysLog: LIKE RSLGPID structure</TD></TR><TR><TD>&nbsp;</TD><TD>UNIXPID</TD><TD>5</TD><TD>Process ID</TD></TR><TR><TD>&nbsp;</TD><TD>TASKTNO</TD><TD>5</TD><TD>Task</TD></TR><TR><TD>&nbsp;</TD><TD>SLGTTYP</TD><TD>2</TD><TD>Process type (short form)</TD></TR><TR><TD><SPAN>SLGLTRM</SPAN></TD><TD>&nbsp;</TD><TD>8</TD><TD>Terminal name (truncated)</TD></TR><TR><TD>SLGUSER</TD><TD>&nbsp;</TD><TD>12</TD><TD>User name</TD></TR><TR><TD>SLGTC</TD><TD>&nbsp;</TD><TD>20</TD><TD>Transaction</TD></TR><TR><TD>SLGREPNA</TD><TD>&nbsp;</TD><TD>40</TD><TD>Program</TD></TR><TR><TD>SLGMAND</TD><TD>&nbsp;</TD><TD>3</TD><TD>Client</TD></TR><TR><TD>SLGMODE</TD><TD>&nbsp;</TD><TD>1</TD><TD>External mode of an SAP dialog</TD></TR><TR><TD><SPAN>SLGDATA</SPAN></TD><TD>&nbsp;</TD><TD>64</TD><TD>Variable message data</TD></TR><TR><TD><SPAN>SLGLTRM2</SPAN></TD><TD>&nbsp;</TD><TD>20</TD><TD>Terminal name (continued), only available if SLGFTYP=2</TD></TR></TBODY></TABLE><P>&nbsp;</P> 2024-04-09T12:21:58.206000+02:00 https://community.sap.com/t5/technology-q-a/s-4hana-cloud-public-edition-security/qaq-p/13667172 S/4HANA Cloud Public Edition - Security 2024-04-11T17:00:34.342000+02:00 daan_fessl https://community.sap.com/t5/user/viewprofilepage/user-id/594230 <P>Hi Experts,<BR /><BR />S/4HANA Cloud Public Edition is offered as a SaaS application. This collects that access to S/4HANA Cloud Public Edition is possible from any location and from any device.</P><P>Apart from the discussion about this from a security perspective, I am curious about the technical possibilities to limit this to 'Our Customer' defined “trusted locations” based on conditional access rules such as countries, regions, external IP address of subnet, device, etc.?</P><P>What are the possibilities here?<BR /><BR />Thanks in advance!</P> 2024-04-11T17:00:34.342000+02:00 https://community.sap.com/t5/enterprise-resource-planning-q-a/sap-business-one-10-vulnerabilities/qaq-p/13670480 SAP Business One 10 Vulnerabilities 2024-04-15T08:18:48.701000+02:00 kfumanal https://community.sap.com/t5/user/viewprofilepage/user-id/433929 <P>Dear all,</P><P>One of our customers need to know if it is affected by some vulnerabilities detected during an audit process.</P><P>This are the main points:</P><OL><LI><STRONG>Apache Log4j SEoL (&lt;=1.x)</STRONG> – The plug in provides this finding as proof of vulnerability:<OL><LI><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kfumanal_0-1713161615568.png" style="width: 400px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/96415iEE6A15D7F6D215BF/image-size/medium?v=v2&amp;px=400" role="button" title="kfumanal_0-1713161615568.png" alt="kfumanal_0-1713161615568.png" /></span><P>&nbsp;</P></LI><LI>Questions: Are the servers using SAP Business objects 4.0 and if so can it be upgraded to 4.2 or 4.3 as referenced here:&nbsp;<A href="https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcommunity.sap.com%2Ft5%2Ftechnology-q-a%2Fhow-is-bo-impacted-by-log4j-vulnerability%2Fqaq-p%2F12651273&amp;data=05%7C02%7Csoportesbo%40seidor.com%7C660fecbe99d64c393a1b08dc58648d88%7C654623d615044f22a146b7c72637766a%7C0%7C0%7C638482436589599601%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&amp;sdata=DNQxzgWb%2BnFJgXkokvTEkTO7amzXppDt4YScCOHyZiA%3D&amp;reserved=0" target="_blank" rel="noopener nofollow noreferrer">Solved: How is BO impacted by Log4j vulnerability? - SAP Community</A></LI></OL></LI></OL><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;i.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;If not using this library file, can it be deleted?</P><OL><LI><STRONG>ASP.NET Core SEoL</STRONG> – The plug in has found multiple EOL version of ASP.NET core including 2.0.13103.0, 2.2.8, 3.1.29<OL><LI>Is SAP using these ASP.NET versions?&nbsp; If so can ASP.NET be upgraded independently of any SAP software (BusinessOne or Business Objects Enterprise)?</LI></OL></LI><LI><STRONG>Microsoft.NET Core SEoL</STRONG> - The plug in has found multiple EOL version of .NET core including 10.16.5115, 1.1.13.1809, 2.0.9.26615, 2.2.8.28209, 3.1.29.31617<OL><LI>Is SAP using these ASP.NET versions?&nbsp; If so can .NET be upgraded independently of any SAP software (BusinessOne or Business Objects Enterprise)?</LI></OL></LI><LI><STRONG>Apache 2.4.x &lt; 2.4.58 Multiple Vulnerabilities</STRONG> – The plug in provides this finding as proof of vulnerability:<OL><LI><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="kfumanal_1-1713161615569.png" style="width: 400px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/96414i04DBE1B3237B990B/image-size/medium?v=v2&amp;px=400" role="button" title="kfumanal_1-1713161615569.png" alt="kfumanal_1-1713161615569.png" /></span></LI><LI>Can Apache be upgraded independent of SAP Business One?</LI></OL></LI></OL><P>&nbsp;</P><P>For the first point (Log4j), we have the 3 SAP notes that help us to know the affectation of the vulnerability detected in the following SAP Forum link:</P><P><A href="https://community.sap.com/t5/technology-q-a/how-is-bo-impacted-by-log4j-vulnerability/qaq-p/12651273" target="_blank">https://community.sap.com/t5/technology-q-a/how-is-bo-impacted-by-log4j-vulnerability/qaq-p/12651273</A></P><P>I need to know if there are any specific information regarding points 2, 3 and 4.</P><P>Kind regards,</P> 2024-04-15T08:18:48.701000+02:00 https://community.sap.com/t5/technology-q-a/retire-the-se16-in-production-server/qaq-p/13689109 Retire the SE16 in  Production server 2024-05-02T10:19:22.958000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>There is issue with Tx. SE16. Our management want to disable the use of Tx SE16 in Production environment.</P><P>We already restricted through authorization but remove the possibilities for accidental assignment . Please share the possibilities how should we proceed.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-05-02T10:19:22.958000+02:00 https://community.sap.com/t5/technology-q-a/sap-profile-generation-quot-merge-quot-function/qaq-p/13714987 SAP Profile Generation "Merge" function 2024-05-28T20:09:50.139000+02:00 mhughes2 https://community.sap.com/t5/user/viewprofilepage/user-id/385664 <P>recently I started noticing that in S/4 the Export Mode of the profile generator is behaving differently than it used to in legacy ABAP environments or ever older HANA environments, but am being told my SAP Support that this is perfectly normal behavior in my OSS request.</P><P>If it is then I cannot for the life or me understand how I missed seeing this for the last 20 years and would like some community input.<BR /><BR />Issue:<BR />have a role that has already been built via standard security process adding the Tcode to the role menu and then using the profile generator in export mode to "edit old status and merge with new" option.<BR /><BR />When using that option now I am noticing that it is now taking "Active" standard authorization objects and if they match an inactive standard object it is merging the active ones into the inactive ones thus disabling the object and turning off the access for the user.<BR /><BR />We only started noticing this when users started complaining that they were losing access in our productive environment and we went back to development and compared it to our sandbox system and noticed auth_object numbers were missing in development but were there in sandbox and the missing objects were now combined into one big disabled object.<BR /><BR />so to correct this I used the "add authorization defaults" from the parent tree of the authorization values and added back the auth_objs and values for the Tcodes I wanted active and saved the role to turn them back on.<BR />The tcode started working again with only the authorization objects allowed so that other access was not given inadvertently.<BR /><BR />Then just to see if it was a fluke I used my expert mode again and to my surprise it again merged all of my active objects into inactive objects thus disabling the access again.<BR /><BR />Finally just to see if the whole merge process worked like this i re-added my required objects which made them active, then selected the "merge" option under the authorization parent and ONLY the ACTIVE objects that shared standard activity values merged.&nbsp; (this is what I expected and how it worked in legacy systems)<BR /><BR />I saved the profile and backed out and then went back in and used "expert" mode and it then again combined all of my "Active" standard objects into the "Inactive" object, thus turning off access.<BR /><BR />I tested this in a legacy system and it is not doing this using Expert mode there.<BR /><BR /><BR />I opened up an OSS note and the reply from them was to link the document on how authorization object comparison works with the profile generator as the solution and them pretty much saying this is now working by design.<BR /><BR />If this is now how the merge process works (taking active auths and combining them with inactive auths) then why would we every use the merge process in export mode every again and is there a way to disable/hide expert mode in the profile generator so that new security people do not accidentally disable productive access when it merges into a inactive object for some reason?<BR /><BR />how do we get around the 100 object limitation in a profile if our only 2 options are to activate ALL similar Standard values (thus potentially granting access not required by the user for objects that are shared by the different Tcodes) or leaving the standard objects deactivated and then having to Manually add the ojects (big no no) OR go into SU24 and change SAP Standard values which would increase security work during upgrades and our SU25 process?<BR /><BR /><BR />Thoughts?&nbsp; &nbsp; Anyone else seeing this issue (or in SAP's response) Non-issue?<BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /><BR /></P><P>&nbsp;</P><P>&nbsp;</P> 2024-05-28T20:09:50.139000+02:00 https://community.sap.com/t5/technology-q-a/quality-system-su25-initially-fill-the-customer-table/qaq-p/13723127 Quality system | SU25 - Initially fill the Customer Table 2024-06-06T12:18:22.476000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>Dear Team,</P><P>In our Quality system, we have implemented Fiori and we need to execute 'Initially fill the Customer Tables' in SU25 tcode as part rapid activation --&gt; Is that mandatory to open the client to execute this as part rapid activation or we can make it through TR movement?</P><P>Regards,</P><P>Basis Team.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-06-06T12:18:22.476000+02:00 https://community.sap.com/t5/technology-q-a/how-to-see-visible-entities-as-effective-user/qaq-p/13726010 How to see visible entities as effective user? 2024-06-10T19:07:05.045000+02:00 AmerZavlan https://community.sap.com/t5/user/viewprofilepage/user-id/1469218 <P>Dear all,</P><P>I have a project where my user has highest privilages on API. I would like to call odata API to get a list of entities to simulate what would a certain user see, for example, list of job requisitions that target user would see. I understand there is `checkUserPermissions` which could help me, but i don't know how to use it in my case. Which specific parameters should I send to get list of job requisitions that user X can see?</P><P>I appreciate any help I can get.</P> 2024-06-10T19:07:05.045000+02:00 https://community.sap.com/t5/technology-q-a/hana-design-time-hdi-composite-role/qaq-p/13726787 HANA Design-Time HDI composite role 2024-06-11T13:42:12.804000+02:00 Konstantin_Epanov https://community.sap.com/t5/user/viewprofilepage/user-id/1469865 <P>Hi,</P><P>I want to create a&nbsp;design-time HDI composite role using roles created in other HDI schemas. I use HANA XSA with SP7 and have containers A and B with schema roles, then I create container C with a composite role.</P><OL><LI>Add services in mta for A and B</LI><LI>Grant the roles of A and B via .hdbgrants to #OO of container C</LI><LI>add UPS service in mta and grant system privilege ROLE ADMIN via .hdbgrants to #OO of container C</LI><LI>Create composite role .hdbrole using&nbsp;schema_roles with the same roles of A and B.&nbsp;<SPAN>I can see and select the&nbsp;roles of A and B in the Role Editor.</SPAN>&nbsp;</LI></OL><P>The build of .hdbrole fails with "<SPAN>not authorized to access the referenced object" without a guid. I suspect because of absence "grantable to other" / with_admin_option for the roles in A, B in&nbsp;#OO of C.</SPAN></P><P>#DI.GRANT_CONTAINER_SCHEMA_ROLES doesn't have a form with&nbsp;<SPAN>_WITH_GRANT_OPTION.</SPAN></P><P><SPAN>I don't want to use CATALOG roles because they are not transportable.</SPAN></P><P><SPAN>Does anyone know how to create a composite role right in XSA or HANA Cloud?</SPAN></P><P>&nbsp;</P> 2024-06-11T13:42:12.804000+02:00 https://community.sap.com/t5/technology-q-a/about-ssl-configuration-of-connectivity-between-daa-and-solman-java-system/qaq-p/13735453 About SSL configuration of connectivity between DAA and Solman Java system 2024-06-19T05:05:36.539000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>If the DAA connectivity requires encryption, where can we find the relevant documentation about SSL configuration.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-06-19T05:05:36.539000+02:00 https://community.sap.com/t5/technology-q-a/csp-error-in-ui-api-extension-in-sap-b1-webclient/qaq-p/13738920 CSP Error in UI API Extension in SAP B1 Webclient 2024-06-21T11:52:39.612000+02:00 Michael_L https://community.sap.com/t5/user/viewprofilepage/user-id/1458550 <P>Hello,<BR /><BR />I'm on SAP Business One v10 FP2405 WebClient.<BR />I'm trying to develop an UI API Extension (New framework available from FP2405 !) using the new vscode extension template.</P><P>I try to add an OnChange event on a text field which trigger a fetch request to an external API (<A href="https://api.insee.fr" target="_blank" rel="nofollow noopener noreferrer">https://api.insee.fr</A>)&nbsp; .<BR />When I make the fetch request I got the error form the browser in the console :</P><P><SPAN>Refused to connect to '<A href="https://api.insee.fr/entreprises/sirene/V3.11/siret/68682020000026" target="_blank" rel="nofollow noopener noreferrer">https://api.insee.fr/entreprises/sirene/V3.11/siret/68682020000026</A>' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.</SPAN></P><P>First of all in my manifest.json file I have the lines :</P><DIV><DIV><SPAN>&nbsp; </SPAN><SPAN>"allowedExternalURLs"</SPAN><SPAN>: </SPAN><SPAN>"*"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp; </SPAN><SPAN>"allowedServiceLayerAPIs"</SPAN><SPAN>: </SPAN><SPAN>"*"</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>After analysing the issue, I made multiple attempts to correct it :</SPAN></DIV></DIV><P>1- Add :&nbsp;</P><P>"default-src <A href="https://api.insee.fr" target="_blank" rel="nofollow noopener noreferrer">https://api.insee.fr</A> ; connect-src <A href="https://api.insee.fr;" target="_blank" rel="nofollow noopener noreferrer">https://api.insee.fr;"</A></P><P>&nbsp;to the CSP directives In the general setting in the Webclient</P><P>2- Use a browser extension to disable CSP</P><P>3- Disable web security in chrome with the cmd :&nbsp;</P><P>"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\TmpChromeSession"</P><P><SPAN>4- After digging more, I located the CSP directive in the HTML source code of the WebClient :</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="b1error.png" style="width: 999px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/127005iEDAD9FE3FEC74870/image-size/large?v=v2&amp;px=999" role="button" title="b1error.png" alt="b1error.png" /></span></SPAN></P><P><SPAN>I tried to delete this meta Tag with the chrome developper tools but it didn't work .</SPAN></P><P><SPAN>So how to disable this CSP directive and allow Fetch calls to external API ?</SPAN></P><P><SPAN>Thank in advance.</SPAN></P><P>&nbsp;</P> 2024-06-21T11:52:39.612000+02:00 https://community.sap.com/t5/technology-q-a/production-system-readonly/qaq-p/13740497 Production system readonly 2024-06-24T10:31:32.683000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>Hello Team<BR /><BR />We are planning to migrate to s4/hana, so after migration some users might need to have access to the productive system to check historical data. So is there any possibility to start the database in read-only mode or how can we restrict users to make any changes in the system, they just need to view the data, how can we achieve this, please suggest on this.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-06-24T10:31:32.683000+02:00 https://community.sap.com/t5/technology-q-a/iwsv-service-available-in-system-a-but-missing-in-system-b-in-usobhash/qaq-p/13752341 IWSV service available in 'System A' but missing in 'System B' in USOBHASH table 2024-07-05T09:29:04.353000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>For one of the fiori app, we see both IWSV and IWSG service entries available in USOBHASH table in DEV ('System A') system. However in our UAT system ('System B') entry for IWSV service is missing in USOBHASH table. Please help us with the steps to make it available in 'System B' too or please let us know if there is way to transport it.</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-07-05T09:29:04.353000+02:00 https://community.sap.com/t5/technology-q-a/t-code-remove-from-multiple-roles-in-one-short/qaq-p/13754173 T-code Remove from multiple roles in one short 2024-07-08T12:17:37.244000+02:00 SAPSupport https://community.sap.com/t5/user/viewprofilepage/user-id/121003 <P>Hi Team,</P><P>We want to removed T-code from multiples role in one short please suggest how to remove.</P><P>Regards</P><P>&nbsp;</P><BR />------------------------------------------------------------------------------------------------------------------------------------------------<BR /><B>Learn more about the SAP Support user and program <A target="_blank" href="https://community.sap.com/t5/enterprise-resource-planning-blogs-by-sap/maximizing-the-power-of-sap-community-at-product-support/ba-p/13501276">here</A>.</B> 2024-07-08T12:17:37.244000+02:00 https://community.sap.com/t5/technology-q-a/snc-name-grc-access-request-two-or-more-domains/qaq-p/13762062 SNC name GRC access request - Two or More Domains 2024-07-16T13:24:06.165000+02:00 rajashekar_chandrashekar https://community.sap.com/t5/user/viewprofilepage/user-id/237074 <P>Dear Team,</P><P>Current Set Up: -</P><P>Currently we have an SNC name updated at below location.</P><P>Go to SPRO--&gt;Governance, Risk and Compliance--&gt;Access Control--&gt;User Provisioning--&gt;</P><P>Maintain End User Personalization--&gt;Maintain EUP Fields--&gt;We can customize the settings for SNC field here.</P><P>for example: -</P><P>p:#!#USERID#!#@xxxx.xxxxxx.xxx</P><P><STRONG>New requirement: -</STRONG></P><P>We have new domain added as for example " p:#!#USERID#!#@xxxxxxxxxxx.xxxxxxxxx.xxxxx " for new set of users.</P><P><STRONG>Question A: -</STRONG></P><P>Can this be added at the same location at " Go to SPRO--&gt;Governance, Risk and Compliance--&gt;Access Control--&gt;User Provisioning--&gt;</P><P>Maintain End User Personalization--&gt;Maintain EUP Fields--&gt;We can customize the settings for SNC field here " as: -</P><P>SNC name 1 = p:#!#USERID#!#@xxxx.xxxxxx.xxxx</P><P>SNC name 2 = p:#!#USERID#!#@xxxxxxxxxxx.xxxxxxxxx.xxxxxx</P><P>Is this valid entry ?</P><P><STRONG>Question B: -</STRONG></P><P>Is there a field which can be used to identifier or differentiator between user id's of domain 1 who should be updated with SNC name 1</P><P>And</P><P>Another set of user id's of domain 2 who should be updated with SNC name 2.</P><P><SPAN>Thanks raj</SPAN></P> 2024-07-16T13:24:06.165000+02:00