cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PPM: 403 Access Denied Error when Opening PPM Item

Go to solution
former_member195427
Active Contributor

on ‎04-26-2016 4:53 PM

0 Kudos

Dear Experts,

We recently upgraded PPM from 5.0 to PPM 6.1 . We are getting a weird error when we are trying to open a PPM item:

Kindly suggest what went wrong and how can we fix it.

Best regards

Saurabh

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

silvia_kreuzhuber
Active Participant
‎04-27-2016 10:28 AM
0 Kudos

Hi Saurabh,

can you please test if this error only comes up for items having the word 'script' in their name? Also, can you test the creation of a new item with 'Script' in its name? Do you get any error? Can you open this new item?

Regards,

Silvia

Show replies
Show replies
former_member195427
Active Contributor
‎04-27-2016 12:02 PM
0 Kudos

Hi Silvia,

Thanks for your response.

You are right . Actually I created an item with description 'Script' in it and it error out as shown here:

Next, when I refreshed screen I got a success message "Item saved successfully'

When I tried to created another item then still the same (previous) window opened with 'Item saved successfully' of this previous item.

Kindly suggest what is wrong here and what can be done to fix it.

BR

Saurabh

silvia_kreuzhuber
Active Participant
‎04-27-2016 12:46 PM
0 Kudos

Hi Saurabh,

one last test: please create a new item with Script in its name but with quotation marks, e.g. Test item "Script"

Do you still get the 403 error?

And the items, for which the error was raised during creation, can be opened without problems?

Regards,

Silvia

former_member195427
Active Contributor
‎04-27-2016 2:56 PM
0 Kudos

Hi Silvia.

Oh Yes!! You are right. I put script as "script" and it worked well. I changed it back to script and it error out. That's great!

I am curious to know now what is going wrong and how can it be controlled? Putting (") is the only way?

BR Saurabh

silvia_kreuzhuber
Active Participant
‎04-28-2016 8:32 AM
0 Kudos

Hi Saurabh,

it looks like that this is related to the Internet Communication Manager (ICM) and its changed content filter to protect against cross-site scripting (XSS). As a security mechanism the content filter is sensitive to the string ‘script’. It is not recommended to make the filter less restrictive for security reasons.

Therefore, in order to prevent the error, use quotation marks or include a space before the colon (e.g. 'Test item script :' rather than 'Test item script:') , or some other method of breaking up the string 'script:'.

Regards,

Silvia

former_member195427
Active Contributor
‎04-28-2016 5:58 PM
0 Kudos

Hi Silvia,

Could you please provide some more detailed info. on that?

Like, from where it is controlled and how? Also, how risky it can be if not controlled this way?

I am curious to know more on that.

Any SAP help will be appreciated.

Best Regards

Saurabh

silvia_kreuzhuber
Active Participant
‎04-29-2016 9:41 AM
0 Kudos

Hi Saurabh,

please check SAP note 2090692 and your incident.

Regards,

Silvia

former_member195427
Active Contributor
‎04-29-2016 12:04 PM
0 Kudos

Thanks Silvia.

It was very helpful.

I have forwarded the same to our internal Security team also.

Best Regards

Saurabh

Answers (1)

Answers (1)

former_member195427
Active Contributor
‎04-27-2016 9:25 AM
0 Kudos

Hi Experts,

I am waiting for your replies.

BR

Saurabh

Show replies
Show replies
Ask a Question