Authorization issue in query

Hi,
We have created a autharization object for sales org and restricted with few values.
I tried to execute the query one id (Say A) but it is showing no authorization.
I executed the same query with ID say B and it was executed sucessfully.
I created a test query for the same multicube and executed with id 'A' and it was
executed sucessfully.I dont know why it is happening. Can some body help me.
Any way of analysis is also welcomed.

Hi Fazil,
just now i faced the same problem and i resolved.very lucky that i got the same question.go to RSSM and give the particular object and check the authorizations there and you can set the otherizations for your self if you have the rights.otherwise contact your admin(PM or TL)  rights provided guy and get the authorizations .
assign points if it helps....
Thanks & regards,
ashok.
null
j

Similar Messages

  • Sap bi authorizations issue with query designer..

    i am using bw 3.x and bi 7 query designer with different kind of probs?...
    i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
    and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
    please suggest if any authorizations should be added or not

    hi suman chakravar,
    thanks for replying,
    can u be little bit clear about the steps.
    i went to tcode su01 and entered profile 0bi_all..it doesnt work.
    and executed tcode su56.there i can find list of BI related authorization profiles
    i added s_rs_all profile to my user. even then i face the same problem.
    i can see only queries in query designer of bi 7 format and i can not view info providers.
    i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
    Edited by: satishchow on Dec 14, 2011 3:23 PM

  • Authorization issue to execute query via analyzer

    Dear,
    We are experiencing an authorization issue that we can not solve...
    We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
    When we test in RESCEADMIN, everything is fine. We can execute the query.
    When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
    "There is no variable in the workbook, which allows user input"
    Does anybody have a direction to help us to orientate our investigation?
    Many thanks,
    Rodolphe

    Hello,
    What is the basic settings you have in the Query Properties basic setting tab
    Try making it mandatory
    Regards
    Nitin Bhatia

  • Authorization issue regarding Bex Query

    Hi All,
    User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .
    Back ground work:
    I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.
    Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.
    Autho_Objet
    Role
    UserID
    ZTEST_MAIN (which includes all - 23 compny codes)
    ZMain_Role
    All users have to access this role
    ZTEST_1111 (which includes only CC- 1111
    Z1111_Role
    Test1111
    ZTEST_2222 (Which Includes only CC - 2222)
    Z2222_Role
    Test2222
    ZTEST_3333 (Which Includes only CC - 3333)
    Z3333_Role
    Test3333
    ZTEST_4444 (Which Includes only CC - 4444)
    Z4444_Role
    Test4444
    To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.
        The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!
    BR
    Venkat...

    In the role ZTEST_MAIN,
    You need to remove all company codes as this is overriding the rest
    Then add aggregate authorization, ie "0COMP_CODE" = ":"
    This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.
    The rest of your design is fine.
    You should then use RSECADMIN to check any authorization issue you have.

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Authorization issue "No authorization"

    Dears gurus,
    I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
    Please let me know what is missing.
    Best regards,
    Pilar Infantas.

    Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
    goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
    Check box -->with Log option
    select RSRT option
    hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
    if not
    again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
    Hope it Helps
    Chetan
    @CP

  • Authorization issue in BI system.

    Hi,
    Having a authorization issue in BI system.
    user trying to run a query in and attempt to drill down by customer, he gets customer details but some of the customers are missing...
    Does the authorization granted in BI system based on customers? Is it a security issue?
    pls help...
    Thanks...

    Hi,
    Please execute the query with your id(developer id who will be having access to all data) first. Check if you are able to see all the customer data. If you are able to see all the data then the user is restricted with some authorizations. ( usually the authorizations are done on sales organization, company codes, plant..etc.. please check how it is in your project...)
    If you are not able to see all the customer data, then check in the infoprovider on which the query is built and do your analysis.
    Check in the roles assigned to the user.
    Hope it helps.
    Edited by: Maddy on Apr 21, 2011 6:42 AM

  • Regarding BI Authorization Issue

    Dear Friends,
    can anyone help me to solve this issue..
    I have a Authorization Issue, u201CNO Authorization u201C
    Error : EYE 007 ( Insufficient Authorizations )
    I have follow this stepsu2026
    Steps 1 :-
    Define Authorization-Relevant Characteristics ( ZCUSTOMER )
    Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
    Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
    Eg: 0TCAACTVT
    0TCAIPROV
    0TCAVALID
    0TCAKYFNM
    ZCUSTOMER
    Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
    For example : ZAUTH In That I have taken
    ZCUSTOMERrestricted with value C100.
    0TCAACTVT with 3 ( Display )
    0TCAIPROV with * ( Astric )
    0TCAVALID with *
    0TCAKYFNM with *
    Steps 4 :-
    Assign Authorizations to Roles
    Use authorization object S_RS_AUTH for the assignment of
    authorizations to roles.
    Maintain the authorizations as values for field BIAUTH
    Ex: ZTESTA1
    S_RS_AUTH
    Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
    S_RS_COMP
    Activity Create or generate, Change, Display, Delete, Execute <...>
    InfoArea : ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
    S_RS_COMP
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo :ZTEST_Q0001
    Type of a reporting component :Query
    S_RS_COMP1
    Activity Display, Execute
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component :All values
    Owner (Person Responsible) for *
    S_RS_COMP1
    Activity Change, Display, Delete, Execute, Enter, Include, Assign
    Name (ID) of a reporting compo ZTEST_Q0001
    Type of a reporting component All values
    Owner (Person Responsible) for :*
    S_RS_ICUBE
    Activity Create or generate
    Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    S_RS_IOBC
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    Infoarea Catalog : zioc_test, Zkf_test
    S_RS_IOBJ
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
    Steps 5 :-
    AND Assign this Role to User.
    Steps 6 :- ERROR
    When I execute the Report it is showing u201CNO Authorization u201C
    u201C Insufficient Authorization u201C
    EYE 007.
    Regards
    Siva

    Hi,
    In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
    Hope that helps.
    Regards
    Mr Kapadia

  • Authorization issue for a DSO

    There is a DSO in our system.
    It contains characteristics 0ORGUNIT and 0USERNAME which are each flagged as Authorisation Relevant
    The report than runs off this ODS doesnu2019t actually use them.  However, the authorisation process still makes checks when checking at Infoprovider level (Paul has run a trace to show this)
    What I plan to do is to unflag the characteristics and transport them up.
    i)      I can do that without it having any impact on the ODS itself , yes?
    ii)     Can you think of a reason why I shouldnu2019t do this?   We donu2019t need these 2 characteristics to be auth objects.
    Thanks,
    Nitika

    What I plan to do is to unflag the characteristics and transport them up. => this plan will solve all your issues but mind it they are SAP standard chars
    i) I can do that without it having any impact on the ODS itself , yes? => yes , there will be no impact on ODS due to these changes
    ii) Can you think of a reason why I shouldnu2019t do this? We donu2019t need these 2 characteristics to be auth objects. =>  if authorization check is there then it means it could be used for authorization purpose while query execution but in yr case if authorization is not needed then just deflag those checks and go ahead if it is creating a trouble

  • Authorization Issue to Upload file in Integrated Planning

    Hi All
      I have included the planning role for the user...which is the same as mine..I can execute and upload  the file..when I login with the user iD, it says you are not authorize to upload zFILE_SEQ/...in my role..there is Z* values also..
    No idea how to rectify as I dont see any problem??
    pppls help..

    Hi,
    Could you please look into the authorizations that restrict data selection for the user, say if he control one or two costcenters and you have access to all costcenters. Also you need to have that object in the Aggregation level that allow the user selection. You need to include that info object restriction based on authorization value in the aggregation level and in the upload file.
    Also try to execute the input ready query from RSECADMIN T-CODE . Use the 3rd tab and choose the user id and choose with log .Then on the next screen will be RSRT and choose your input ready query and execute. Then choose back button and the pervious screen choose display log, which will give you detail log on the authorization issue ...
    hope it helps...
    cheers,
    Balaji
    Edited by: Balaji NS on Jun 4, 2011 1:47 AM

  • Authorization issue after technical upgrade

    We just completed an uprade to BI 7.0 SP 15.  We only want to complete a technical upgrade and use the old security model.
    We have found that when users run queries against multi-providers they aren't authorized.  BEX states that the user doesnt have access.
    Should our old authorizations work with the old model against multi-providers?

    In theory yes ..
    Some Analysis ..
    from the S_RS_COMP
    goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
    Check box -->with Log option
    select RSRT option
    hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
    if not
    again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
    Hope it Helps
    Chetan
    @CP

  • Authorization issues in Bex Analyzer

    Hello,
    Can somebody help me with an authorization challenge I’m working on? For certain reports a user should me authorized to see key figures for a certain area and this area is divided into several units. This is the high level report authorization. But when they want to see more detail in the report (the can drill down the person responsible or the customer for example) the user is only allowed to see the key figures of his own unit. To make this possible we have created two authorization roles:
    Role 1
    Area                          *     
    Unit                          11
    Person Responsible          *
    Customer               *
    Role 2
    Area                    *
    Unit                    *
    Person Responsible          :
    Customer               :
    When executing the query with the characteristics ‘area’ and ‘unit’ in the rows and ‘person responsible’ and ‘Customer’ in the free characteristics there are no authorization issues. But when in the query result the user wants to drill down ‘person responsible’ the error message “You do not have authorization to read object XXX”. I expected that the details would only be shown for unit 11. To be able to show the details the user must now first remove the drill down, filter the unit they have authorization for and then drill down the ‘person responsible’ again. This is considered a workaround but not desirable. Is there a different way to solve this issue?
    Kind Regards,
    Petra van Noort

    Hi,
    Have you tried to include a authorization variable on your report that filters 'Unit'?
    I'm not sure of what will happen if you use it (maybe you'll always filter your report on '11' unit, or maybe you get different filter values depending on your drill down status, which is what you want).
    It's just a thought...
    Regards,
    David.

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

Maybe you are looking for

  • Itunes keeps closing itself

    It sais it has encountered an error and needs to be closed everytime I have it running and are attemtping to sync and edit music files

  • Inbound message pickup

    We are trying an R/3 --> XI --> HTTP/SOAP scenario to send and receive xml messages. The external receiver is a secured web server. Is it advisable to use a HTTP or a SOAP adapter? Also during inbound, will XI be able to pick up messages from the sam

  • How  to retrieve one row from the number of records in a table

    i want to retrieve the rows from the number of records in a table without using the perticular column name.

  • How to access dynamic movie clips in a loaded swf

    Hello, I have a main movie file that loads a swf through loadclip. There are several dynamic movie clips in the library of the loaded swf (all set to export in first frame). I'm trying to create a popup window (using the Window component) by using co

  • Organizing Cover Flow

    I was wondering if it is possible to organize the order in which Cover Flow is organized. if it is possible, then any links or explanations would be great! The main reason i want to organize cover flow is because for some of the CD's that i imported