Authorization for specific report

Similar Messages

• Report S_ALR_87013105 : no authorization for the report/ table 7KU6_001

  Hi Gurus,
  While executing the program S_ALR_87013105 (Detailed Reports 
  For Sales Order : Plan/Actual Comparison ) system showing the selection log.
  "Have no authorization for the report/table  7KU6_001 and 7KU6_002".
  But for the user the authorization check through SU53 was successful.
  Pl can any one suggest on this issue.
  Thanks in advance,
  Vijay

  Hi,
  Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
  Regards,
  Sankar

• Authorization for specific business scenario or business step in solar01

  Dear all,
  we have an issue regarding solution manager blueprinting management restricting an access to specific nodes. Our goar is to have several substructures devided by modules like: FI, SD, PS and etc. And each team member according his position in a company should have an access only to his substructure and all the related documentation below that. Saying an access means a change mode not a display access.
  Please find the steps have been performed during the configuration of project below:
  All the configuration around system landscape has been done properly.
  A new project for solution was created in solar_project_admin.
  A correct logical componens has been assigned.
  All the required users have assigned as a team members of a project.
  At the projec. team member tab a box has been checked in for: restrict changes to nodes in project to assigned team members.
  A proposed structure of nodes has been created within Tx solar02.
  The right team members have assigned to specific node. So that only they suppose to have a change permission within that nodes. All others read only access.
  Every user has sap_solar01_all role assigned to him. We have tryed assigning varios roles according to  http://help.sap.com/saphelp_sm310/helpdata/en/db/a1033b2a98f46ae10000000a11402f/content.htm
  However as a result we are having a change permission allowed for every node within the structure. Like FI responsible member can access to any node from a tree. And he can make a change for SD related documentation.
  Please assist regarding this issue.
  Kind regards,
  P.S.
  I found a thread with a similar problem which was solved by activating a checkbox which is already activated in our system and actually doesn't solve that problem for us.
  Authorization for specific business scenarios in Solar01/02
  Edited by: Artjoms Nikulins on Mar 11, 2010 3:37 PM

  Hi
  As far my knowldege goes this is not possible to do within same project or making the same.
  You can have project specific access given to member but you cannot go module wise authorization.
  Ofcourse there satellite system authorization will be different but not in solman.
  In addition check this security guide
  https://websmp104.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000075728&_OBJECT=011000358700007187872005E
  Hope it ans ur query.
  Regards
  Prakhar
  Edited by: Prakhar Saxena on Mar 12, 2010 3:22 AM

• Authorization for the report

  Hi
  I have made one report,  I needed to check the authorization for the report, how to do it.
  Eg.  One employee is executing the report, he only needed to select his transaction
  If somebody from one sales organisation, they only needed to take the data belongs to the sales office.
  SELECT-OPTIONS: p_vkorg  FOR tvkot-vkorg.
  SELECT-OPTIONS: p_pernr FOR pa0001-pernr
  for example two selection parameter is displaying. if my employee no is 100, while trying to enter execute the report for 200 employee no. no data should show. like that vkorg filed also should work.
  Please let me know how it possible.
  Regards
  Sebastian John

  Hi,
  You can change the code below
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZFNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  This code does an authorization check at company code level and removes all the company codes that user has entered but is not authorized to look for. After that we pass the filtered list of company codes for which user is authorized to in the select query and fetch the results. You can first select all the records from database for PERNR and VKORG. Then filter them and prepare new list of VKORG and PERNR after performing authorization check and pass it further to select queries in your program.
  KR Jaideep,

• Roles & Authorizations for Web Reports...

  Hello Experts,
  We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
  We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
  I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
  And also how to call a function from web applications.
  This is a kind of urgent issue any quick ideas would be greatly appreciated.

  I apologize for the difficulty in reading this  I will repost.
  We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
  With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
  The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
  Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
  To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
  Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
  <Font ID="UserID",,,textelement....</Font>
  Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
  [<SCRIPT language = "JAVASCRIPT">                       
    function fnRepOnLoad()
      var user_ID=document.getElementById("UserID").innerHTML;
      if (user_ID=='USER123')
        document.all["HEADTMPLT1"].style.visibility = 'hidden';
        document.all["HEADTMPLT1"].style.position = 'absolute';
      else         
        document.all["HEADTMPLT2"].style.visibility = 'hidden';
        document.all["HEADTMPLT2"].style.position = 'absolute';
  </script>
  The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
  We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
  As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
  Var User_template=document.getElementById("UserTmplt").innerHTML;
  If UserTmplt = HeaderTemplate1
  -->  make all header templates other than HeaderTemplate1 invisible
  else
  -->  make all header templates other than HeaderTemplate2 invisible
  etc...
  I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
  Best Regards,
  Larry

• Define read-only authorization for specific field(s) on a form for 11.5.9

  Dear all,
  Can you pls let me know how is it possible to define read-only authorization access for specific field(s) per responsibility / user on a form in 11.5.9?
  For example I want to protect the item master file by assigning for example to users with responsibility buyer authorization to modify the buyer information but to have read-only only authorization on other sensitive fields such as make/buy flag, expense accounts, etc
  Through UI Modeller I have only managed to make specific fields on specific forms invisible, or whole tabs invisible, to specific responsibilities but this does not cover my needs as I want them to be able to view the data of the fields but to not be able to update them

  Arun,
  Almost but not quite.. The example you've given has the person VO at the top level which includes all the id's (City, State etc). My use case is slightly different.
  query 1
       select org_id, OrgName from x;
  query 2
       select emp_id, emp_name from y where org_id = x.org_id
  query 3
       multi-table join (approx 9 tables) to retrieve depts associated to employee
       where org_id = x.org_id
       and emp_id = y.emp_id
  Rather than using LOV's would it be better to create VO's and pass in the bind parameters at run time?

• How can I set default copies for specific report?

  I'm trying to set a default of one copy on a specific concurrent request. In this particular case, the NACHA request that produces the NACHA magnetic file. I have a dummy custom printer driver, style, etc. setup and attached to the NACHA concurrent program so that when it executes (as long as the user remembers to put 1 in the Copies field on the concurrent request screen) it will execute the Unix shell script (it grabs the file and FTP's it somewhere).
  The problem is, if the user forgets to put 1 in Copies, the Unix shell script won't execute. I'd like to make it so this one request comes up with a default of 1 in Copies. The only way I know of to set copies is in the site profile, application profile (like HR, AP, etc.) or user profile. I really don't want any of these because then the default will be set for all reports within those respective profiles. I was hoping there was a way to set the number of copies in the printer control file, but thus far I can't find any current documentation that shows the syntax of the available commands for the printer control file. Found something on the Internet, but it looked like it was for Oracle 7, perhaps. We're on 11i. On that page, I saw nothing about setting copies, so I don't know if it was just missed, isn't possible or is possible in the new version.

  Looks like I may have found my answer.
  Create a report set
  Add the concurrent program to the report set
  set copies in the options zone of the report set to 1
  Run the report set instead of the concurrent program itself and the copies will always be defaulted to 1.

• Authorization for Web report

  Hello Experts,
  One of my user wants to see a report in the web and wants an authorization for the same. When he is trying to execute the query in the WEB he is facing the follwoing error.
  User SCANESIN has no RFC authorization for function group SDIFRUNTIME.
  What steps do i need to follow to resolve this issue.
  Regards,

  Hi,
  You can solve this problem with the help of your basis person.
  Go to the role of that use using RSECADMIN. Find the authorisation object S_RFC. Include SDIFRUNTIME in
  'Name of RFC to be protected' field. Activate the role.
  Regards
  Githen

• Delete authorization for specific Company Code

  All,
  For a specific transactions, our users may only run the transaction for a specific company code. Transaction is TPM55A
  What authorization object do I need to add to my role, so the users have only authorization for let's say Company code range 1000 - 1050.
  Many thanx for help
  kr,
  Stef

  Hi Stef,
  Please try to add this authorisation object manually F_BKPF_BUK- Authorisation object for company code.
  In the filed BUKRS you can maintain the company code as you required for the users.
  I hope this may help you in resolving the issue.
  Thanks
  Karthick

• Information Broadcasting for specific reports on1st, 2nd, 3rd, 4th of month

  Hi
  I have a multiprover which contains 10 reports .
  Out of 10 reports, four reports have the broadcast settings .
  But i want to broadcast only two specific reports on 1st, 2nd, 3rd, 4th of each month by using the process chain automatically .
  So how can i broadcast those two reports automatically by using the process chain  on 1st, 2nd, 3rd, 4th of each month .
  Please let me know
  Regards
  Mubeen

  You can use RSRD_BROADCAST_FOR_TIMEPOINT or RSRD_BROADCAST_STARTER program for scheduling the broadcast settings.
  You can create variants for the broadcast settings using program RSRD_BROADCAST_STARTER and use ABAP type in process chain for progran and variant.
  create a event using SM64 tcode and use this event to schedule the process chain. You can create a small program to trigger this event as per your date requirement. You can use function module BP_EVENT_RAISE in the program for triggering the event.
  Pravender

• Authorization for BI Reports

  Hi All,
  I am new to BI Authorizations. In my Project there are 150 Users are there.So for each user,Authorization Object
  is created in RSECADMIN and Roles are created in PFCG Tcode.
  Initially we have created 9 Reports and it is running in BI PRD. In all 9 reports we are using the Info Object
  "0CRM_PRCTYP - Business Transaction Type" and Authorization Relvent is Unchecked in this Case.
  Now the Client wants some more reports and need to provide Authorization for this Field "0CRM_PRCTYP - Business
  Transaction Type".And these new reports will be used by "New Users".
  So i have Checked the Authorization Relvent for the Info Object "0CRM_PRCTYP - Business Transaction Type" and
  Created Authorization Variable in Reporting Level.After doing this, I have executed the report by logging with new
  Users and it is working fine for new reports.
  Then i have checked the Old reports (9 Reports) ion RSRT and found that the error "NO AUTHORIZATION" for all 150
  users.
  Can you please help me how to rectify this error.
  Thanks,
  Jelina.

  Hello Jelina,
  First, try to check the reports by running them with the user account in transaction RSECADMIN -> tab Analysis -> Execute as user.
  If this will return an error please go with transaction SU53 and check what role/authorisation has generated the error. Afterwards, launch PFCG, go to Authorisation tabs, Display authorisation and add the reports BOTH under -> Business Warehouse-> Business Explorer Components  and ->Business Warehouse -> Business Explorer Components - Enhancement to the Owner.
  After this press the Generate button (looking like nuclear hazard but in red&white) and SAVE. Go to the TAB Users in PFCG and press the button USER COMPARISON and afterwards SAVE.
  Now it should work. Let us know if you still have problems.
  br,
  Dan

• Authorizations for WEBI report based on BPC data model

  Hi All,
  We are strugelling with setting up authorisations for the reporting on BPC data model.
  We created Bex query on top of Multiprovider that consists of BPC cube. The Bex query is source for WEBI output. The authorisations has been set up on BPC data model (cube) in BPC application but they are not passed nor to Bex query nor to Webi. Example: The query is build on top of OPEX BPC data model, this data model is restricted based on Oranizational Unit. My test user is allowed to see only Org Unit = 'Australia' in the OPEX BPC data model, however when I'm running the report I can see absolutely everything.
  We are not connecting/using any BI cubes itself for this reporting. We are intrested only in the WEBI report based on BPC data models.
  We were trying to use BPC data model (without any extra settings) as the source for BEx report, we were also trying to use virtual BPC data model as the source for Bex transient query - but non of these have helped.
  Can you please advise how the authorisations should be set up for WEBI reporting on BPC data models?
  Kasia

  Anybody can help with this issue please?

• How set authorizations for sales reports and other reports in SAPB1

  Hi, I'm currently working in SAP Business One Version 8.82
  The issue I'm facing is that I want to set it up so that certain users cannot see other users' sales information.  I know that I can turn on or off the Sales Analysis Report for various users for instance, but what I really want specifically is this.  Suppose we have 3 different teams: Team A consists of (Angie, Angela, and Anita the manager), Team B consists of (Bob, Barbara, and Ben the manager), Team C consists of (Cat, Charlie, and Courtney the manager).  I would like to make it so that everyone can view the individual sales order documents of everyone else (in case a customer calls and needs information, but the salesperson who created that document isn't there); however, Angie should only see her own orders when she does a Sales Analysis while Anita, the manager of Team A, should see the the orders of Angie, Angela, and herself of course.
  To summarize, I'd like to see the following
  1.  Each salesperson can lookup and view any sales order.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders.
  What's the best way to approach this?  Is it best if I create my own report?  I haven't created any reports from scratch yet, so I'm not sure exactly how that works.  I'd like to be able to group the salespeople up by location if possible.  The sales analysis report doesn't really do that, but it is useful.  I just don't want everyone to be able to see the numbers on their peers.
  Thank you I appreciate any help or advice.

  Hi,
  1.  Each salesperson can lookup and view any sales order.
  Answer:
  Create own report by using query and save under query manager and the assign for all group. So that all sales person can run this query  and can get sales order detail.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  Answer:
  Create individual query ( add condition in where clause slpname = 'XXX') for each sales person and save it under query manager and assign to particular user group
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  Answer:
  Create query for only particular team (  condition is slpname = XXX OR YYY OR ZZZ) and save under query manager. Make schedule report on this and send it to only particular manger
  Same way create for another manager and schedule report.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders
  Answer.
  Create query for all sales person and schedule report to big boss.
  Hope you can get an idea.
  Let me know if you need sales report ( advice required field)
  Thanks & Regards,
  Nagarajan

• Authorization for excuting reports

  Hi,
  some users can execute ABAP reports through BSP pages that I created (Submit ... exporting list to memory) and some others cannot. After some investigation we came to the conclusion that it´s a matter of authorization. Users with no development authorization may not call transaction SA38 due to auditory matters (who knows what the auditors smoke or drink for such an idea), therefore the process is cancelled ("500 SAP internal server error" because I´m not trapping the exception).
  Does any one have an idea on what to do or has had a similar case ?? Could CALL TRANSACTION 'Zxxx' in this case help ??
  Thanks a lot

  Hi,
  In the BSP, before the SUBMIT, you can explicitly check for the SA38 Authorization:
  AUTHORITY-CHECK OBJECT 'S_TCODE'
           ID 'TCD' FIELD 'SA38'.
  If SY-SUBRC fails, you can create the Audit messages as needed.
  That should help.
  Bhanu

• OB52 - Authorization for specific population

  Hello,
  Here is the context:
  At this moment in our client there are 2 group of populations: normal population and specific population (which has to be able to post some days during the month M).
  We are managing posting periods through OB52 where normal population is managed through the interval 2 of OB52 and the specific population is managed through the interval 1 and has assigned  authorization group (AG1).
  Also we have created different variants assigned to different company codes as each company code has different users as specific population.
  The issue is that we need a 3rd group of population (for migration purposes only) to be able to post when the two other periods are already closed.
  Do you have any idea how to deal with a 3rd group of population in OB52?
  Thank you
  Cristina

  Hi Cristina,
  I believe you will have to assign the authorization object F_BKPF_BUP to the authorization group for the 3rd population in user roles in order to perform postings in a closed period.
  Check with your basis team for this.
  Thanks,
  Sagar