cancel
Showing results for 
Search instead for 
Did you mean: 

Why doesn't the assignment of the BW roles of the SAP aliases to the secWinAD Account?

andreas_huehn
Explorer
0 Kudos
284

Since the 4.2 version, we have been using a JAVA program with which we automatically assign the sap aliases from the BW roles to the appropriate WinAD user by querying the e-mail address.

apparently, something has been changed in the API or in the authorisations with the BI 4.3 version, which means that the SAP aliases are not assigned correctly.

The AddSapAlias job checks whether there are BW users without a WinAD account and then assigns them to the WinAD account via the e-mail comparison. So far so good.

The job is also carried out, but the BW account is not fully assigned and remains as an independent secSAPR3 user.

I also noticed that the SAP roles via whose sync the SAP account is imported are not assigned to the WinAD account. This means that the users do not have their authorisations from the BW roles when they access the BW system via OLAP.

If I assign the SAP aliases manually in the CMC, it works as usual. As a result, additional licences are consumed by the remaining secSAPR3 users. The programme runs via the SIA user account, with full rights on the Windows server.

Why are the BW roles suddenly no longer assigned to the WinAD account in BI4.3? Which authorisations may have changed so that the alias assignment is not complete?

Does anyone know the problem and have a solution?

Many thanks for your support.

View Entire Topic
ayman_salem
Active Contributor
0 Kudos

Starting with patch 6, there are many changes in the JAR files, especially in the cryptographic libraries (sapjce.jar).

Therefore, check that you are using the correct JAR files with your Java program.

andreas_huehn
Explorer
0 Kudos
That sounds interesting. We are currently using SAP BI 4.3 SP03 Patch 6. I'll check that out. Thanks for the tip. I'll get back to you.
andreas_huehn
Explorer
0 Kudos
Hello, replacing the JAR files alone has not led to the desired success. Only the SAP users are still linked to the WinAD account via alias, but the SAP roles are not included. The SAP account still exists as sapUser secSAPR3. Are there perhaps also changes from SP03 Patch 6 that could affect the API commands? Or have access authorizations been adjusted or deleted? Perhaps someone else has a similar problem and has already found a solution? I would be very happy about further support.