Authorizations for Hierarchies in BW-BEx

Hello, Experts!
I am having some problems in order to give specific access for specific nodes on the hierarchy on the profiles creation. For example, we need to give permission to the profile "Profile_one" (that can be viewed on the PFCG transaction) to access only the node "Node_one" of our hierarchy ("E_ERP01" - object 0city_code) and we need to give this authorization to a range of users.
We have studied some options like the one suggested on RSSM transaction and we have already tried creating an authorization object named "ZHIER". But the problem found on this transaction is that we have to create a profile authorization for EACH user that is mentioned on the range of authorization and then we need to link it on the transaction PFCG. But the users assigned on PFCG transaction don't receive all the same profile authorization (ZHIER), only the one that was mentioned on RSSM transaction.
Could you please help us to find a way to assign specific nodes of a hierarchy to a specific range of users? We have already searched and studied some notes without success.
Many thanks for your help.
Best regards,
Isabela.

If the account type keep changing every month , you must have to maintain that field out side the cube though.
I guess you can use the hierarchies (or) add the flag as an attribute to the GL account master data,then you can filter on this field in reports.
But hierarchies gives more visibility on data/navigation.
Hope this helps.
cheers
Martin

Similar Messages

  • Authorization for Web Application Designer

    Hello,
    I'm trying to grant authorizations for the WAD without having to grant SAP_ALL and SAP_NEW. What authorizationobjects do i have to use?
    We're working on a BW7.0 (SP12) system.
    Kind regards.
    Joost Kruk

    hi Joost,
    take a look
    http://help.sap.com/saphelp_nw70/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
    Business Explorer - BEx Web Templates (NW 7.0+)/S_RS_BTMP
    Authorizations for working with BEx Web templates
    Business Explorer – BEx reusable Web items (NW 7.0+)/S_RS_BITM
    Authorizations for working with BEx Web items
    BEx Broadcasting authorization for scheduling/S_RS_BCS
    Authorization for registering broadcast settings for execution.
    Business Explorer – BEx texts (maintenance)/S_RS_BEXTX
    Authorizations for the maintenance of BEx texts
    hope this helps.

  • How to do authorizations on unassigned nodes for hierarchies

    Hi,
    Is there a white paper from SAP that shows how to do authorizations for unassigned nodes for the hierarchies? Or has anyone completed this challenge and would be willing to share their approach and strategy?
    Thanks
    Will

    Hi Ashwin,
    The characteristics are 0COSTCENTER and ZDEPT. The Hierarchy structure should be
    -Test Hierarchy
    --Cost center 1
    ---Dept1
    ---Dept2
    ---Dept3
    --Cost center 2
    ---Dept4
    ---Dept5
    ---Dept6
    --Cost center 3
    ---Dept7
    ---Dept8
    ---Dept9
    Etc.
    We have transaction data where a certain Cost center doesn't have the department and when displaying the hierarchy there would be some unassigned nodes for the BW report.
    What would happen if the following hierarchy is in place and I am trying to do authorizations for the 0COSTCENTER and ZDEPT:
    -Test Hierarchy
    --Cost center 1
    ---Dept1
    ---Dept2
    ---Dept3
    --Cost center 2
    ---Dept4
    ---Dept5
    ---Dept6
    --Cost center 3
    Where cost center 3 has no department for it?
    Thanks and regards
    Will

  • Authorization for BEX Query

    Hi all,
          I badly need your help.i need to give authorization for a particular query.As of now when i execute that query it gives me "No Authorization" message. what authorization object i need to include in that role? Am sure that there should be some business content authorization object for the current situation.
    Thanks in Advance

    Hi Nanda,
    you need:
    s_rs_comp    -- for querries
    s_rs_comp1   -- for querries including the username, this is usefull if you would like to allow a user to change and create only his/her querries
    s_rs_hier    -- if hierarchies used in the querrie
    s_rs_icube   -- if autorization is switched on for the Cube
    s_tcode for rrmx of course
    s_gui and s_rfc for workbooks
    you can check the authorization process for a user with su53 and rssm
    Regards
    Pierre

  • How to set authorization for BW Workspace in backend and Portal ?

    Hello Expert,
                         I have developed one BW Workspace in development environment . I have some query regarding BW workspace authorization for access in portal . Some of the queries are as  follows:
    1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
    2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
    3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
    4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
    5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider ?
    Expecting and appreciating your guidence and suggestion asap .
    Thanks & Regards,
    Surajit Pal

    Hello Expert,
                     Do you have any idea regarding below questionaries about BW Workspace ?
    1) How many composite provider we can build up inside of one workspace that we can go by Tcode ---RSWSPW ?
    2) After activating the workspace it shows in RSWSPW ,but this workspace/composite provider will be available in Info Area(in RSA1) or some area else from where we can see this ?
    3) Now our requirement is like that -- we have to provide some workspace for SD power user ,Finace Power user & Marketing Power users, in this situation how can we put authorization in bw workspace like SD power user should not see the FI Power user's & Marketing Power user's Workspace rather than his own workspace ?
    4) In our requirement, we are going to produce some bex query on top of bw worksapce composite provider . For creating this query ,we searched provider by puting provider name directly in serach option , but is there any option to search the bw worksapce related composite provider by putting info area name in query search ?
    5) In another senerio, we gone to create BO AA OLAP report on top of bw workspace composite provider but in source option we cant see the provider ,infact we could not search the composite provider in search option in source selection ----   do i need to navigate any step in compostie provider to make it enable for BO AA OLAP creation on top of composite provider .
    Appreciating your early responds and thanks in advance .
    Regards,
    Surajit

  • BW authorizations for standard development

    For a training workshop, I need to define some authorizations for the trainees. They shouldn't be allowed to do whatever they want on the BW and R/3 systems. So I can't give them the SAP_ALL profile!
    On the source system, the users would be allowed to do something like the following:
    - Activate DataSources as <u>local</u> objects (in the package $TMP or in test packages T*);
    - Edit the DataSource's active version;
    - Edit the function EXIT for the LO DataSources (can the EXIT be a <u>local</u> object?)
    On the BW side:
    - Replicate the DataSources;
    - Create DataSources for the FILE source system;
    - Create export DataSources for the <i>myself</i> source system;
    - Develop data models and flows;
    - Start InfoPackages;
    - Develop and run BEx queries.
    All these BW objects would be <u>local</u> (yes, this is the default behaviour in BW -- but how can I be absolutely sure a user is prevented altogether from putting an object in a productive package by mistake?)
    I'm not a security expert.. Can you give me some good advice and send me some links to useful docs on this topic?
    Thanks, <a href="https://wiki.sdn.sap.com/wiki/display/profile/Davide+Cavallari">Davide</a>

    Hello David,
    using BI Authorizations in BW and then adding data level security in the Universe on top of that will only lead to situations like you have now.
    Data Level security goes into BW alone or into the Universe alone, mixing both will lead to issues and remember that the Universe has far less capabilities in this area.
    0BI_ALL is only related to data level security, so the fact that you see the request for 0BI_ALL in the trace clearly shows that your defined data level security entries contradict each other somehow and that BW then requires 0BI_ALL for the user to give the data that was requested.
    like I said above, not a good idea to mix those data level security concepts. all data level security should be in BW already.
    Also - why even use the Universe inbetween ?
    regards
    Ingo Hilgefort, SAP

  • No authorization for the component (query name)!

    Hello all,
    when i am publishing the query in web, the following error message is displayed!
    "No authorization for the component (query name)!"
    i had installed and configured everything here, so the person responsible for authorization is none other than me. what i shud do now? shud i add any other authorization profile to the username created? or still any configuartion is required?
    please let me know!
    Thanks,
    Ravi

    Hi ARK,
    thanks for the info.
    i had assigned SAP_ALL and SAP_NEW profiles to the user.
    let me say clearly that when i am executing the Query in the designer it is working fine,no issues in Bex browser too. but when i want to publish safely exexuted query in web (clicking the button publish the query in web) i am getting the above mentioned error!
    do suggest me what is the authorization profile that is needed to serve my purpose?
    hope this time i am clear!
    Ravi

  • Query: no authorization for multicube

    Hello,
    my issue: a user wants to start a query via RRMX and gets the error message: u201CYou donu2019t have the authorization for multicube xyu201D.
    I have checked the roles for the user and found the authorization object S_RS_COMP (field RSINFOCUBE, value *). That is, the authorization was defined. When the user starts another query (based on another infocube u2013 no multicube) there is no problem.
    In the SAP help documentation I have found how to get a protocol from the authorization check (SAP easy access -> BIW -> authorization -> reporting authorization). But I donu2019t have the menu SAP easy access -> BIW -> authorization.
    We have BI 7.0 (SAPKW70017), but we still use the u201Coldu201D authorizations.
    Can anybody help? Which authorization object is missed?
    Thanks in advance!

    Hi Anton,
    I had checked the ST01 before. There where no results. A colleague mentioned that ST01 is not working correctly sometimes if you donu2019t restrict the user. That was the problem. Now I have the missed authorization object, it is S_RS_MPRO.
    But I think the explanation in SAP-help is not correctly. It is an authorization object for the administration workbench, but in reality it is used in BEx. Furthermore it is mentioned that you CAN use this authorization object additional to S_RS_ICUBE. But in reality it is not a CAN it is a MUST obviously.
    Thanks!

  • Data Authorization for info-objects

    Dear Experts,
    We have designed a query in costing displaying the plan and actual costs by cost center. Our requirement is that that users shoul be able to see only those cost centers in the query which are relevant to them? How can I acheive this without creating multiple queries?. Is there any authorizatin abject that I can use for this purpose? 
    Regards
    Suneeth

    Hi,
    Pls check the below
    Data Warehousing Workbench u2013 objects/S_RS_ADMWB
    Authorizations for working with individual objects of the Data Warehousing Workbench. In detail, these are: source system, InfoObject, monitor, application component, InfoArea, Data Warehousing Workbench, settings, metadata, InfoPackage, InfoPackage group, Reporting Agent settings, Reporting Agent package, documents (for metadata, master data, hierarchies, transaction data), document store administration, (Customer) Content system administration, broadcast settings.
    Data Warehousing Workbench u2013 InfoObject/S_RS_IOBJ
    Authorizations for working with individual InfoObjects and their subobjects.
    Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
    Regards,
    Marasa.

  • Authorizations for Information Braoadcastin not adequat

    Hello,
    we got the following Problem:
    If a user have authorizations for the BEx Analyzer he could plan and start Information Broadcasting settings by himself. As an answer of an OSS-Call we should create authorization of the Iview for Information Broadcasting. In our opinion it is to late when the user gets the information the he must'nt start the Information Broadcasting when he had started it already.
    Is there any other solution ?
    Kind regards
    Frank

    Hi Frank,
    unfortunately I don't have a question to your answer. But as I saw your thread I just wanted to say hello and send some greetings to you and the rest of the team as far as they are still on board. Have fun,
    kind regards
    Siggi

  • Roles & Authorizations for Web Reports...

    Hello Experts,
    We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
    We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
    I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
    And also how to call a function from web applications.
    This is a kind of urgent issue any quick ideas would be greatly appreciated.

    I apologize for the difficulty in reading this  I will repost.
    We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
    With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
    The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
    Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
    To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
    Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
    <Font ID="UserID",,,textelement....</Font>
    Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
    [<SCRIPT language = "JAVASCRIPT">                       
      function fnRepOnLoad()
        var user_ID=document.getElementById("UserID").innerHTML;
        if (user_ID=='USER123')
          document.all["HEADTMPLT1"].style.visibility = 'hidden';
          document.all["HEADTMPLT1"].style.position = 'absolute';
        else         
          document.all["HEADTMPLT2"].style.visibility = 'hidden';
          document.all["HEADTMPLT2"].style.position = 'absolute';
    </script>
    The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
    We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
    As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
    Var User_template=document.getElementById("UserTmplt").innerHTML;
    If UserTmplt = HeaderTemplate1
    -->  make all header templates other than HeaderTemplate1 invisible
    else
    -->  make all header templates other than HeaderTemplate2 invisible
    etc...
    I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
    Best Regards,
    Larry

  • Authorization for query

    Dear Experts,
    If i do not have access to S_RS_COMP for activity 16 (Execute) but i have full authorization for S_RS_BCS for broadcasting can I broadcast queries.
    Thanks,
    Mihir

    Authorization for a query fully depends on these BEx related authorization objects.
    S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE.
    you have to mention your info area and info cubes, where your query was built on.
    if you are not having access to S_RS_COMP with activity 16(execute), or if the auth object S_RS_COMP1 is missing. you cannot execute queries at all.
    Even broadcasting depends on this authorization. i think you cannot execute or broadcast queries.
    Please raise a ticket to your BASIS team and request them to give display and execute access to you.
    Hope this would help you more.

  • "No write authorization for personal portfolio of user" from BW

    Hi, we are working on connection from BW 3.5 InfoBroadcaster into EP 6.
    When I try to publish BW webtemplate to EP to my personal portfolio I got follwoing messages:
    "<i>Settings were started from the BEx Broadcaster  
      Processing for user AC3339, language EN  
       Processing setting  
        No write authorization for personal portfolio of user AC3339 
        File 'ZM_P2P_SCORECARD_ORG_HIER_STAT' Was Successfully Created in the Portal</i>"
    Unfortunatelly, after this I cannot find this report in EP. Can anyone help us with this error?
    Thank you
    Vitaliy

    Did you setup authorizations as described:
    On BW side: You need special authorizations to be able to use information broadcasting. System administrators need authorization object S_RS_ADMWB with the field RSADMWBOBJ = BR_SETTING. Users that precalculate business intelligence content and would like to schedule things require the authorization object S_RS_BCS. To be able to schedule broadcaster jobs in background the authorization to run batch jobs should be granted on BW side. The authorization object is S_BTCH_JOB "Background Processing: Operations on Background Jobs"
    From my own experience:
    On portal side: The users, to which personal folders it is necessary to publish, should exist both in EP and BW (have the same name), be active and have “Business Explorer” role assigned in EP (i.e. "Personal BEx documents" folder in KM should exist for them)

  • Authorizations for Broadcasting

    Hi,
    When I click on the Send button in BI web, in Bex Broadcaster window, a message is displayed "You do not have authorization for Display" "No authorization for Query". The "Create New Setting" button is also disabled.
    Please can anyone let me know what authorization is required to broadcast the reports.
    Regards,
    Nisha

    Hi Nisha,
    You would need the authorization to the query or web template or any BEx object that you are trying to broadcast.
    Check this by running that object. ie running the query in BEx analyzer (You should not get an authorization error here)
    To create a broadcast setting you need authorization to object S_RS_BCS
    Filed name - Activity - Full authorization  ( Create or generate & Delete )
    To schedule broadcast setting S_RS_BCS filed RS_EVTTYPE. Again give yourself full auuthorizaton.
    Fianlly, you need the authorization for authorization object S_RS_ADMWB for field RSADMWBOB BR_SETTING and Activity - Full authorization.
    Hope it helps,
    Best regards,
    Sunmit.

  • How to create authorization for WAD in bw 3.5??

    Hi all,
    I would like to create a authorization for the WAD(web templates in bw 3.5) i cant find any authorization object for the WEb templates.
    I have included the Wad in the menus in the PFCG but still it is of no use.
    Can any one guide me how to carry out authorisation for WAD in bw 3.5 ?
    Thanks
    Pooja

    Please refer to below thread:
    BEx Web Application Designer Tool  with OLD Version 3.5
    I am sure for 7.0 and above S_RS_TOOLS object can provide the restriction.

Maybe you are looking for

  • Moved music to external Hard Drive.  Now Itunes cant find Music

    Moved my Itunes to an external hard drive and went through preferences in Itunes with the location. However, when I click on the music, Itunes cannot play and I have to manually link the library to the song to the new location. I have over 300 songs

  • Select cell in MS-Word table

    How can I select a cell in the MS-Word through LabView when I'm using active-X? There should be a way to use the invoke and/or property node to select a cell in a word table directly. Which active-X class I have to use? Followed by..? Attached I have

  • Anyone order from Store 1094?

    This store not only told me I was 20th in line but called and gave me an apt for 6:30 on the 24th and that time was given to me last week......so... not sure how valid that is as BB is not supposed to make appts until they receive their inventory.  N

  • Required Routine for 0DEB_CRED

    HI, I want to write routine for 0DEB_CRED ,to populate data from 0DOC_CATG. I am not good at routine. I have gone through http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80cede83-350f-2d10-9e97-be196122ce29?QuickLink=index&override

  • Newly installed font but document still says 'missing font'

    Hi! When I opened a Pages template that was sent to me for work, it said the font Dakota was missing. So I proceeded to download the font and it is now in my Font Book. However, when I tried opening the document again, it still said the font is missi


HashFlare