Authorizations for Hierarchies in BW-BEx
Hello, Experts!
I am having some problems in order to give specific access for specific nodes on the hierarchy on the profiles creation. For example, we need to give permission to the profile "Profile_one" (that can be viewed on the PFCG transaction) to access only the node "Node_one" of our hierarchy ("E_ERP01" - object 0city_code) and we need to give this authorization to a range of users.
We have studied some options like the one suggested on RSSM transaction and we have already tried creating an authorization object named "ZHIER". But the problem found on this transaction is that we have to create a profile authorization for EACH user that is mentioned on the range of authorization and then we need to link it on the transaction PFCG. But the users assigned on PFCG transaction don't receive all the same profile authorization (ZHIER), only the one that was mentioned on RSSM transaction.
Could you please help us to find a way to assign specific nodes of a hierarchy to a specific range of users? We have already searched and studied some notes without success.
Many thanks for your help.
Best regards,
Isabela.
If the account type keep changing every month , you must have to maintain that field out side the cube though.
I guess you can use the hierarchies (or) add the flag as an attribute to the GL account master data,then you can filter on this field in reports.
But hierarchies gives more visibility on data/navigation.
Hope this helps.
cheers
Martin
Similar Messages
-
Authorization for Web Application Designer
Hello,
I'm trying to grant authorizations for the WAD without having to grant SAP_ALL and SAP_NEW. What authorizationobjects do i have to use?
We're working on a BW7.0 (SP12) system.
Kind regards.
Joost Krukhi Joost,
take a look
http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
Business Explorer - BEx Web Templates (NW 7.0+)/S_RS_BTMP
Authorizations for working with BEx Web templates
Business Explorer BEx reusable Web items (NW 7.0+)/S_RS_BITM
Authorizations for working with BEx Web items
BEx Broadcasting authorization for scheduling/S_RS_BCS
Authorization for registering broadcast settings for execution.
Business Explorer BEx texts (maintenance)/S_RS_BEXTX
Authorizations for the maintenance of BEx texts
hope this helps. -
How to do authorizations on unassigned nodes for hierarchies
Hi,
Is there a white paper from SAP that shows how to do authorizations for unassigned nodes for the hierarchies? Or has anyone completed this challenge and would be willing to share their approach and strategy?
Thanks
WillHi Ashwin,
The characteristics are 0COSTCENTER and ZDEPT. The Hierarchy structure should be
-Test Hierarchy
--Cost center 1
---Dept1
---Dept2
---Dept3
--Cost center 2
---Dept4
---Dept5
---Dept6
--Cost center 3
---Dept7
---Dept8
---Dept9
Etc.
We have transaction data where a certain Cost center doesn't have the department and when displaying the hierarchy there would be some unassigned nodes for the BW report.
What would happen if the following hierarchy is in place and I am trying to do authorizations for the 0COSTCENTER and ZDEPT:
-Test Hierarchy
--Cost center 1
---Dept1
---Dept2
---Dept3
--Cost center 2
---Dept4
---Dept5
---Dept6
--Cost center 3
Where cost center 3 has no department for it?
Thanks and regards
Will -
Hi all,
I badly need your help.i need to give authorization for a particular query.As of now when i execute that query it gives me "No Authorization" message. what authorization object i need to include in that role? Am sure that there should be some business content authorization object for the current situation.
Thanks in AdvanceHi Nanda,
you need:
s_rs_comp -- for querries
s_rs_comp1 -- for querries including the username, this is usefull if you would like to allow a user to change and create only his/her querries
s_rs_hier -- if hierarchies used in the querrie
s_rs_icube -- if autorization is switched on for the Cube
s_tcode for rrmx of course
s_gui and s_rfc for workbooks
you can check the authorization process for a user with su53 and rssm
Regards
Pierre -
How to set authorization for BW Workspace in backend and Portal ?
Hello Expert,
I have developed one BW Workspace in development environment . I have some query regarding BW workspace authorization for access in portal . Some of the queries are as follows:
1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ---- do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider ?
Expecting and appreciating your guidence and suggestion asap .
Thanks & Regards,
Surajit PalHello Expert,
Do you have any idea regarding below questionaries about BW Workspace ?
1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ---- do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider .
Appreciating your early responds and thanks in advance .
Regards,
Surajit -
BW authorizations for standard development
For a training workshop, I need to define some authorizations for the trainees. They shouldn't be allowed to do whatever they want on the BW and R/3 systems. So I can't give them the SAP_ALL profile!
On the source system, the users would be allowed to do something like the following:
- Activate DataSources as <u>local</u> objects (in the package $TMP or in test packages T*);
- Edit the DataSource's active version;
- Edit the function EXIT for the LO DataSources (can the EXIT be a <u>local</u> object?)
On the BW side:
- Replicate the DataSources;
- Create DataSources for the FILE source system;
- Create export DataSources for the <i>myself</i> source system;
- Develop data models and flows;
- Start InfoPackages;
- Develop and run BEx queries.
All these BW objects would be <u>local</u> (yes, this is the default behaviour in BW -- but how can I be absolutely sure a user is prevented altogether from putting an object in a productive package by mistake?)
I'm not a security expert.. Can you give me some good advice and send me some links to useful docs on this topic?
Thanks, <a href="https://wiki.sdn.sap.com/wiki/display/profile/Davide+Cavallari">Davide</a>Hello David,
using BI Authorizations in BW and then adding data level security in the Universe on top of that will only lead to situations like you have now.
Data Level security goes into BW alone or into the Universe alone, mixing both will lead to issues and remember that the Universe has far less capabilities in this area.
0BI_ALL is only related to data level security, so the fact that you see the request for 0BI_ALL in the trace clearly shows that your defined data level security entries contradict each other somehow and that BW then requires 0BI_ALL for the user to give the data that was requested.
like I said above, not a good idea to mix those data level security concepts. all data level security should be in BW already.
Also - why even use the Universe inbetween ?
regards
Ingo Hilgefort, SAP -
No authorization for the component (query name)!
Hello all,
when i am publishing the query in web, the following error message is displayed!
"No authorization for the component (query name)!"
i had installed and configured everything here, so the person responsible for authorization is none other than me. what i shud do now? shud i add any other authorization profile to the username created? or still any configuartion is required?
please let me know!
Thanks,
RaviHi ARK,
thanks for the info.
i had assigned SAP_ALL and SAP_NEW profiles to the user.
let me say clearly that when i am executing the Query in the designer it is working fine,no issues in Bex browser too. but when i want to publish safely exexuted query in web (clicking the button publish the query in web) i am getting the above mentioned error!
do suggest me what is the authorization profile that is needed to serve my purpose?
hope this time i am clear!
Ravi -
Query: no authorization for multicube
Hello,
my issue: a user wants to start a query via RRMX and gets the error message: u201CYou donu2019t have the authorization for multicube xyu201D.
I have checked the roles for the user and found the authorization object S_RS_COMP (field RSINFOCUBE, value *). That is, the authorization was defined. When the user starts another query (based on another infocube u2013 no multicube) there is no problem.
In the SAP help documentation I have found how to get a protocol from the authorization check (SAP easy access -> BIW -> authorization -> reporting authorization). But I donu2019t have the menu SAP easy access -> BIW -> authorization.
We have BI 7.0 (SAPKW70017), but we still use the u201Coldu201D authorizations.
Can anybody help? Which authorization object is missed?
Thanks in advance!Hi Anton,
I had checked the ST01 before. There where no results. A colleague mentioned that ST01 is not working correctly sometimes if you donu2019t restrict the user. That was the problem. Now I have the missed authorization object, it is S_RS_MPRO.
But I think the explanation in SAP-help is not correctly. It is an authorization object for the administration workbench, but in reality it is used in BEx. Furthermore it is mentioned that you CAN use this authorization object additional to S_RS_ICUBE. But in reality it is not a CAN it is a MUST obviously.
Thanks! -
Data Authorization for info-objects
Dear Experts,
We have designed a query in costing displaying the plan and actual costs by cost center. Our requirement is that that users shoul be able to see only those cost centers in the query which are relevant to them? How can I acheive this without creating multiple queries?. Is there any authorizatin abject that I can use for this purpose?
Regards
SuneethHi,
Pls check the below
Data Warehousing Workbench u2013 objects/S_RS_ADMWB
Authorizations for working with individual objects of the Data Warehousing Workbench. In detail, these are: source system, InfoObject, monitor, application component, InfoArea, Data Warehousing Workbench, settings, metadata, InfoPackage, InfoPackage group, Reporting Agent settings, Reporting Agent package, documents (for metadata, master data, hierarchies, transaction data), document store administration, (Customer) Content system administration, broadcast settings.
Data Warehousing Workbench u2013 InfoObject/S_RS_IOBJ
Authorizations for working with individual InfoObjects and their subobjects.
Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
Regards,
Marasa. -
Authorizations for Information Braoadcastin not adequat
Hello,
we got the following Problem:
If a user have authorizations for the BEx Analyzer he could plan and start Information Broadcasting settings by himself. As an answer of an OSS-Call we should create authorization of the Iview for Information Broadcasting. In our opinion it is to late when the user gets the information the he must'nt start the Information Broadcasting when he had started it already.
Is there any other solution ?
Kind regards
FrankHi Frank,
unfortunately I don't have a question to your answer. But as I saw your thread I just wanted to say hello and send some greetings to you and the rest of the team as far as they are still on board. Have fun,
kind regards
Siggi -
Roles & Authorizations for Web Reports...
Hello Experts,
We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
And also how to call a function from web applications.
This is a kind of urgent issue any quick ideas would be greatly appreciated.I apologize for the difficulty in reading this I will repost.
We have had no training or received any documenation on WAD. The below was created from internet research. Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
With our dashboard, I have a web template that contains hyperlinks for our reports. I will call this HeaderTemplate1. For each web page I have report templates. These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
Below is how our setup was tested. Keep in mind, this was only for testing basic functionality. If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type. Thus, any report menu changes can be altered quickly without changing the javascript of each report template. Also this will accomodate the few thousand users we have.
To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks. This, HeaderTemplate2, was added to each report template just below HeaderTemplate1. Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
Also, on each report template I added a text element. The 'List of Text Elements'property was set as such; Element Type = General Text Sympol, Element ID = SYUSER. This Text Element was linked to a query or view from BEx via the dataprovider. On the HTML side, I surrounded this Text Element with
<Font ID="UserID",,,textelement....</Font>
Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
[<SCRIPT language = "JAVASCRIPT">
function fnRepOnLoad()
var user_ID=document.getElementById("UserID").innerHTML;
if (user_ID=='USER123')
document.all["HEADTMPLT1"].style.visibility = 'hidden';
document.all["HEADTMPLT1"].style.position = 'absolute';
else
document.all["HEADTMPLT2"].style.visibility = 'hidden';
document.all["HEADTMPLT2"].style.position = 'absolute';
</script>
The function results as this. If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible. Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
As mentioned before, if this method is implemented, I will create a reportable master data table. Create a customer exit variable to retrieve the header template required for the user. This header template variable value will then be pulled by a text element on each report template. The script function will act as follows. If many report headers are necessary I may use a case statement.
Var User_template=document.getElementById("UserTmplt").innerHTML;
If UserTmplt = HeaderTemplate1
--> make all header templates other than HeaderTemplate1 invisible
else
--> make all header templates other than HeaderTemplate2 invisible
etc...
I hope this helps. Please keep me posted with your solution. I am very interested to learn what others are doing.
Best Regards,
Larry -
Dear Experts,
If i do not have access to S_RS_COMP for activity 16 (Execute) but i have full authorization for S_RS_BCS for broadcasting can I broadcast queries.
Thanks,
MihirAuthorization for a query fully depends on these BEx related authorization objects.
S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE.
you have to mention your info area and info cubes, where your query was built on.
if you are not having access to S_RS_COMP with activity 16(execute), or if the auth object S_RS_COMP1 is missing. you cannot execute queries at all.
Even broadcasting depends on this authorization. i think you cannot execute or broadcast queries.
Please raise a ticket to your BASIS team and request them to give display and execute access to you.
Hope this would help you more. -
"No write authorization for personal portfolio of user" from BW
Hi, we are working on connection from BW 3.5 InfoBroadcaster into EP 6.
When I try to publish BW webtemplate to EP to my personal portfolio I got follwoing messages:
"<i>Settings were started from the BEx Broadcaster
Processing for user AC3339, language EN
Processing setting
No write authorization for personal portfolio of user AC3339
File 'ZM_P2P_SCORECARD_ORG_HIER_STAT' Was Successfully Created in the Portal</i>"
Unfortunatelly, after this I cannot find this report in EP. Can anyone help us with this error?
Thank you
VitaliyDid you setup authorizations as described:
On BW side: You need special authorizations to be able to use information broadcasting. System administrators need authorization object S_RS_ADMWB with the field RSADMWBOBJ = BR_SETTING. Users that precalculate business intelligence content and would like to schedule things require the authorization object S_RS_BCS. To be able to schedule broadcaster jobs in background the authorization to run batch jobs should be granted on BW side. The authorization object is S_BTCH_JOB "Background Processing: Operations on Background Jobs"
From my own experience:
On portal side: The users, to which personal folders it is necessary to publish, should exist both in EP and BW (have the same name), be active and have Business Explorer role assigned in EP (i.e. "Personal BEx documents" folder in KM should exist for them) -
Authorizations for Broadcasting
Hi,
When I click on the Send button in BI web, in Bex Broadcaster window, a message is displayed "You do not have authorization for Display" "No authorization for Query". The "Create New Setting" button is also disabled.
Please can anyone let me know what authorization is required to broadcast the reports.
Regards,
NishaHi Nisha,
You would need the authorization to the query or web template or any BEx object that you are trying to broadcast.
Check this by running that object. ie running the query in BEx analyzer (You should not get an authorization error here)
To create a broadcast setting you need authorization to object S_RS_BCS
Filed name - Activity - Full authorization ( Create or generate & Delete )
To schedule broadcast setting S_RS_BCS filed RS_EVTTYPE. Again give yourself full auuthorizaton.
Fianlly, you need the authorization for authorization object S_RS_ADMWB for field RSADMWBOB BR_SETTING and Activity - Full authorization.
Hope it helps,
Best regards,
Sunmit. -
How to create authorization for WAD in bw 3.5??
Hi all,
I would like to create a authorization for the WAD(web templates in bw 3.5) i cant find any authorization object for the WEb templates.
I have included the Wad in the menus in the PFCG but still it is of no use.
Can any one guide me how to carry out authorisation for WAD in bw 3.5 ?
Thanks
PoojaPlease refer to below thread:
BEx Web Application Designer Tool with OLD Version 3.5
I am sure for 7.0 and above S_RS_TOOLS object can provide the restriction.
Maybe you are looking for
-
For a few months now, my phone keeps dying at 20, 30, 40, 50, 60, and today at 70 percent. I don't know why it's been doing this (at first I thought it was from the cold, but it's almost May now and I don't live in a very cold climate). There's been
-
DisplayPort to DVI Freezes Macbook
Hi, I've searched the internet for other people who've noticed this but I can't find anything. The problem is yesterday I got a mini displayport to DVI, and then a DVI to HDMI cable to put in my HD TV. I put the cable into my TV and then my MacBook,
-
Hello all. I am trying to get a scroll pane to work in an application that I have built for school. I am trying to get an amortization table to scroll through for a mortgage calculator. It isn't recognizing my scrollpane and I am not sure why. Could
-
We watched a whole film using Apple TV at the weekend and then I updated it. Since then I have no sound. The same thing has happened at work where I also have to use an Apple TV with an iPad and a MacBook Pro. On the big screen all I get is video, no
-
I downloaded an album recently, but I guess my internet was going in and out the whole time, and now 5 of the 14 songs will cut out after a few seconds. How can I re-download those few songs?