cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

end users get blank result from VC model calling an R/3 BAPI.

Go to solution
Former Member

on ‎10-10-2007 8:03 PM

0 Kudos

Hello everyone.

We have build a VC model calling a Z*BAPI that we built in the R/3 backend. Everything works fine through DEV and QAS. However in our production environment when an end user attempts to run the VC application and search for a record they get a blank table result. However if one of our core support team users runs the application it returns the search result successfully.

There are no authorizations on the BAPI itself.

I have tried to trap a security trace (ST01) in PRD but have not been able to capture a security trace for a failed attempt. There is no dump (ST22) and nothing in the sys log to indicate a problem (SM21).

Can someone tell me or point me to where I can determine all the authorizations an end user needs in order to run a VC model using a R/3 BAPI?

We are running on EP 7.0 and ECC 6.0.

Thanks,

-Jon

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-11-2007 1:13 PM
0 Kudos

Hi Jon,

This usually has to do with the system permission in the portal.

Look at a user (user1) that can use the system and write down the groups he belongs to. Do the same for a user (user2) who can't use the system.

In system administration -> system configuration find your system and open it to permissions (right-click and choose open> permissions).

Compare your notes. If one of the groups of user1 is in the list and none of the groups of user2 than this is the problem.

Create a new group for it or add everyone with the right settings (just copy from the group that works).

Hope it helps,

Shay

Show replies
Show replies
Former Member
‎10-11-2007 1:40 PM
0 Kudos

Hi Shay,

That's been the tactic I've been using to try and figure out why users can't seem to use the model.

As it turns out, if I assign the standard Content Administration role to the user who cannot run the model, then they can run the model. Unfortunately, it is unacceptable to give Content Admin to all end users. At this point, I'm trying to identify a definitive list of the pcd folders, security zones and other ACL permissions an end user needs to execute a VC model. It either has to do with some PCD object/folder that content admin has authorization to but other users do not and/or it is due to the fact that content admin is a system principal and bypasses certain ACLs.

I'm awarding some points as your message was useful, but doesn't entirely answer the problem. Does anyone have a complete list of all authorizations an end user needs in the portal to run a VC model?

Thanks,

-Jon

Answers (2)

Answers (2)

Former Member
‎10-13-2007 9:47 PM
0 Kudos

Hi Jon,

That's not what I meant.

Navigate to system administration -> system configuration and find your system.

right-click and choose open > permission in the context menu.

On the right pane there is a list. Add the simple user to that list, set the same configuratio administrator group has for this system and try the application with that user.

Shay

Show replies
Show replies
Former Member
‎10-18-2007 6:06 PM
0 Kudos

Hi Shay,

I've given you more points for helping to point me in the right direction. Turns out that visual composer applications (at least those that are calling R/3 backend BAPIs) need slightly different authorizations to the system reference than all the other apps (BSP iviews, etc.).

In our case we had a R3System reference configured. We had assigned the Everyone group "none" "end-user" access to the R3System. All of our standard apps work find (BSP based iViews run with no problem). However, the only way to get Visual Composer to work was to grant the Everyone group "Read" "end-user" access to the system reference. I don't know why BSP pages only need end-user access but Visual Composer apps need at least "read" or greater access, but that is the case.

Thanks for your help.

-Jon

Former Member
‎10-11-2007 2:04 PM
0 Kudos

Hi Jon,

Have you tried adding the user to the permission list?

If this works you don't need to look further, just create a new group for all the people who are going to work with the application and add the group to the permission list.

Good luck,

Shay

Show replies
Show replies
Former Member
‎10-11-2007 2:48 PM
0 Kudos

Hi Shay,

When you ask "Have you tried adding the user to the permission list?". Can you be more specific.

Are you talking about the medium level security zone permissions in System Administration -> Permissions -> Portal Permissions -> sap.com/NetWeaver.Portal/medium_safety

For the following objects in the medium_safety folder, assign End User permissions:

com.sap.vc.mmcompiler

com.sap.visualcomposer

com.sap.visualcomposer.portalconnector

?

If so we have set the permissions to the Authenticated User Group to be "none" and "end-user".

We have also assigned end user rights to the Everyone group to the following PCD folders...

Assign End User permissions to VC Role for the following content:

pcd:portal_content/templates/pages/portalpagetemplate

pcd:portal_content/templates/pages/wdProxyPage

pcd:portal_content/templates/layouts/fullWidth

pcd:portal_content/templates/iviews/wdProxyiView

It still does not work unless the person has content admin assigned. Is there any other permissions (ACLs, PCDs, security zones, etc.) that a person needs in order to use a VC model?

-Jon

Ask a Question