Skip to Content
author's profile photo
Former Member

end users get blank result from VC model calling an R/3 BAPI.

Hello everyone.

We have build a VC model calling a Z*BAPI that we built in the R/3 backend. Everything works fine through DEV and QAS. However in our production environment when an end user attempts to run the VC application and search for a record they get a blank table result. However if one of our core support team users runs the application it returns the search result successfully.

There are no authorizations on the BAPI itself.

I have tried to trap a security trace (ST01) in PRD but have not been able to capture a security trace for a failed attempt. There is no dump (ST22) and nothing in the sys log to indicate a problem (SM21).

Can someone tell me or point me to where I can determine all the authorizations an end user needs in order to run a VC model using a R/3 BAPI?

We are running on EP 7.0 and ECC 6.0.

Thanks,

-Jon

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Best Answer
    author's profile photo
    Former Member
    Oct 11, 2007 at 12:13 PM

    Hi Jon,

    This usually has to do with the system permission in the portal.

    Look at a user (user1) that can use the system and write down the groups he belongs to. Do the same for a user (user2) who can't use the system.

    In system administration -> system configuration find your system and open it to permissions (right-click and choose open> permissions).

    Compare your notes. If one of the groups of user1 is in the list and none of the groups of user2 than this is the problem.

    Create a new group for it or add everyone with the right settings (just copy from the group that works).

    Hope it helps,

    Shay

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Shay,

      That's been the tactic I've been using to try and figure out why users can't seem to use the model.

      As it turns out, if I assign the standard Content Administration role to the user who cannot run the model, then they can run the model. Unfortunately, it is unacceptable to give Content Admin to all end users. At this point, I'm trying to identify a definitive list of the pcd folders, security zones and other ACL permissions an end user needs to execute a VC model. It either has to do with some PCD object/folder that content admin has authorization to but other users do not and/or it is due to the fact that content admin is a system principal and bypasses certain ACLs.

      I'm awarding some points as your message was useful, but doesn't entirely answer the problem. Does anyone have a complete list of all authorizations an end user needs in the portal to run a VC model?

      Thanks,

      -Jon

  • author's profile photo
    Former Member
    Oct 11, 2007 at 01:04 PM

    Hi Jon,

    Have you tried adding the user to the permission list?

    If this works you don't need to look further, just create a new group for all the people who are going to work with the application and add the group to the permission list.

    Good luck,

    Shay

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Shay,

      When you ask "Have you tried adding the user to the permission list?". Can you be more specific.

      Are you talking about the medium level security zone permissions in System Administration -> Permissions -> Portal Permissions -> sap.com/NetWeaver.Portal/medium_safety

      For the following objects in the medium_safety folder, assign End User permissions:

      com.sap.vc.mmcompiler

      com.sap.visualcomposer

      com.sap.visualcomposer.portalconnector

      ?

      If so we have set the permissions to the Authenticated User Group to be "none" and "end-user".

      We have also assigned end user rights to the Everyone group to the following PCD folders...

      Assign End User permissions to VC Role for the following content:

      pcd:portal_content/templates/pages/portalpagetemplate

      pcd:portal_content/templates/pages/wdProxyPage

      pcd:portal_content/templates/layouts/fullWidth

      pcd:portal_content/templates/iviews/wdProxyiView

      It still does not work unless the person has content admin assigned. Is there any other permissions (ACLs, PCDs, security zones, etc.) that a person needs in order to use a VC model?

      -Jon

  • author's profile photo
    Former Member
    Oct 13, 2007 at 08:47 PM

    Hi Jon,

    That's not what I meant.

    Navigate to system administration -> system configuration and find your system.

    right-click and choose open > permission in the context menu.

    On the right pane there is a list. Add the simple user to that list, set the same configuratio administrator group has for this system and try the application with that user.

    Shay

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Shay,

      I've given you more points for helping to point me in the right direction. Turns out that visual composer applications (at least those that are calling R/3 backend BAPIs) need slightly different authorizations to the system reference than all the other apps (BSP iviews, etc.).

      In our case we had a R3System reference configured. We had assigned the Everyone group "none" "end-user" access to the R3System. All of our standard apps work find (BSP based iViews run with no problem). However, the only way to get Visual Composer to work was to grant the Everyone group "Read" "end-user" access to the system reference. I don't know why BSP pages only need end-user access but Visual Composer apps need at least "read" or greater access, but that is the case.

      Thanks for your help.

      -Jon