Creation of Authorization is RSECADMIN

Similar Messages

• BAPI for creation of Authorization Objects in BI 7.0

  Hi BW Gurus,
  Greetings!!!
  Is there any BAPI Available for creation of Authorization Objects in BI 7.0.
  The data will be transferred through flatfiles.
  Kindly provide me the info as earliest as possible.
  Best Regards,
  Priya

  Got the Workaround...
  Priya

• Creation of Authorization group

  Hello All,
  I have a requirement from FI consultant for creation of new authorization group. This auth. group we want to use in FI objects like F_BKPF_BEK. so that for few end users they should not change any vendor data in FK02.
  I have gone through several posts, but not able to get / understand clear steps for creation of auth group and assignment.
  One of the post i found is below:
  [How to create Authorization group;
  i tried to do few steps but not in right direction. Request you some one please suggest me the steps for cration.
  Rgds,
  Durga.

  Julius,
  Thanks for the update. As suggested by you i have inserted one entry of auth group in TBRG table against FI object with SE16.
  Now how do we maintain the view of V_TBRG. Is it from SE11?, if yes then i should do this step from ABAP login.
  But what i heard is, this activity is purely involved by Basis people.
  Please suggest.
  Rgds,
  Durga.

• Role creation and authorization objects in sap

  Hi
  i want to know the full relationship between  creation of roles , authorization objects ,authorizations in web as abap
  Please explain the process in detail the use of PFCG and all its options and how to create Z roles

  Although, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
  - Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
  - The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
  For e.g. If a user wants to create a PO we can restrict him on:
  u2022     Activity : Create/Change/Display
  u2022     Org elements like Company Code, Plant, Purchase Organization etc
  u2022     Document type etc.
  - Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
  - Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
  - An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
  - Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
  - Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
  Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM

• Mass Add authorizations using RSECADMIN for user tab

  Hi All,
  I sent the following to ask SAP if there is a way to do this and they told me they could not help unless I wanted to pay the consulting fees so I am now curious if they have a way to do this.  I have reviewed the help documents and OSS notes and could not find anything .  They pro-offered adding the authorization S_RS_AUTH to the role but I do not want to do that.  I want to do it by user instead of creating many multiple roles.  Below is the question.  Does anyone know how to do a mass add to authorizations to users using RSECADMIN.
  We want to be able to add multiple users to an authorization created
  through RSECADMIN rather than add them one by one to each user. Is
  there a mass user add with RSECADMIN. I looked and cannot find this
  feature. Thanks, Mary

  Hi,
  There are two different methods of assigning authorisations.
  Direct
  1. From the RSECADMIN transaction select 'Users', enter the name and select 'Change'. Use the value help to selct the authorisation in question and for a single value select 'Insert'. If you select the 'Nodes' option it is possible to select nodes of hierarchies on characteristic 0TCATUTH (a single ‘H’; not to be confused with 0TCAUTHH!). This char offers automatically all BI authorizations as virtual master data. These master data can be organized in hierarchies, a property that offers the possibility to group authorizations by meaning or application field. Press "Save" to save the assignment to database.
  Assignment via Roles and Profiles
  2. It is also possible to assign using roles or more specifically, profiles of roles. Use PFCG and instead of entering manually created object use S_RS_AUTH which gives you the BI Auth field to enter the appropriate authorisations.
  Hope this helps

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• User creations and authorizations in ECC 6

  Hi,
       how to create users and authorizations? is it necessary to give authorization of SAP_NEW  to  new users?
  regards,
  suresh

  SAP_NEW automatically assigns relevant authorizations to a user in cases where there have been changes to authorizations brought in by support packages or upgrades.  This enables users to carry out their tasks as before even though there may be additional authorization checks required to perform the same task.  SAP_NEW only allows users to execute functions which are permitted by their assigned roles and/or authorization profiles.
  To create users and roles and assign roles to users (or users to roles) you can use transaction codes:
  SU01 - Create / Maintain users
  SU10 - Mass user maintenance
  PFCG - Create roles (which themselves can consist of other roles or authorization profiles)
  Keep in mind that SAP systems are based on a "Positive Authorization Principle" meaning that a user can only perform a certain task if he is specifically assigned that authorization.
  Edited by: Yiannis Petevis on Jan 27, 2009 11:24 PM

• Client creation and  authorization

  How to create our own client in sap like client 800 & 810 ....
  and how get authorization for created client
  regards,
  surya.

  hi,
  goto sale -> declare a client and assign client no
  u can login in that client.
  or while loggin in use user id - DDIC
                                 password - 19920706
  and click on change password to create  a new client
  if helpful reward some points.
  with regards,
  Suresh Aluri.

• SOCO, when PO creation "No authorization to access document BBP_PD_PO"

  Hello,
  I am in SOCO transaction trying to creta a PO from two SC.
  I have this error "No authorization to access document BBP_PD_PO"
  Someone know who to resolve it?
  Cheers,
  Marta

  Hi
  Seems like Z roles created in the PFCG transaction by BASIS team is having problems.
  For time being, to verify this, Try giving SAP_ALL access to the user to confirm the same. Ask BASIS guys to help you out.
  In Transaction SU53 -> you can get the detailed Authorization object missing in the user's profile.
  Try executing the same transaction in SRM GUI and then you will be able to get to know that which Authorization object is missing.
  Regards
  - Atul
  After attaching the missing object in the user's profile, the problem will be solved.

• Making 0PROFIT_CTR Authorization Relevant (RSECADMIN)

  I am in need on restricting certain queires to run, based on specific Company Codes and Profit Centers.
  I have made so far, only Company Code (0COMP_CODE) authorization relevant.
  If I make Profict Center (0PROFIT_CTR) authorization relevant, should the existing queries be affected ?
  In other words, when a user runs existing queries (which require to pass a Company Code), could it be
  asked to provide the Profit Center as well  [I won't insert the Profit Center (characteristic 0PROFIT_CTR) in the authorization ] ?
  Best regards,
  Tom

  If you are on BW3.5 authorization concept, all the queries should not be impacted if those are on different multiproviders (as in BW3.5 concept you can select which object is to be authorization relevant for a multiprovider). If you need profit center to be authorization relevant for one query, all other queries on the same multiprovider will be impacted and if you do not want to add profit center characteristic in all the queries, you will need to create a role with : (colon) access and assign it to the users.
  In 7.0 authorization concept, a authorization relevant info object will impact all the queries on all multiproviders. If you dont want to use profit center as auth relevant for some multiproviders, you will have to take care of it with functional role for that multiprovider or you can use : (colon) data access role.
  Regards,
  Gaurav

• Procedure of creation of Authorization Object through SU21

  Hi All,
  Please tell me how can i creta object class and object for Authorization Object by SU21.
  I want to know this step by step.
  Please Help me.
  Thanks.

  Use this SAP documentation (or close the thread if already solved) : [Programming Authorization Checks|http://help.sap.com/saphelp_nw04/helpdata/EN/52/6712ac439b11d1896f0000e8322d00/frameset.htm] with links  to SU20 [Creating Authorization Fields|http://help.sap.com/saphelp_nw04/helpdata/EN/52/67168c439b11d1896f0000e8322d00/frameset.htm] and SU21 [Assigning an Authorization Object to an Object Class|http://help.sap.com/saphelp_nw04/helpdata/EN/52/6716a6439b11d1896f0000e8322d00/frameset.htm]
  For SE16 and SM30 check [Authorization Object S_TABU_DIS (Table Maintenance)|http://help.sap.com/saphelp_nw04/helpdata/en/1e/e867408cd59b0ae10000000a155106/frameset.htm]
  Regards,
  Raymond

• How to maitain user creation and authorization in Portal from CUA

  Hi ,
  I want to create portal users in CUA i.e. instead of creating users in portal I want to maintain user administration from CUA and also want to assign the required portal roles from CUA
  what configuration I need to perform.
  Please help.
  Sandip

  Hi Sandip,
  Please refer to User Information System  for CUA
  http://help.sap.com/saphelp_nw04/helpdata/en/52/671261439b11d1896f0000e8322d00/frameset.htm
  Hope it helps
  Regards
  Arun

• BI 7.0 Analysis authorization creation issue

  Hi,
  We are prototyping the new analysis authorization concept have a question regarding the build.
  We've had the BI execute the pre-implementation tasks (activate the business related content and OTCT* and OTCTA* infocbues and and OCTA* infoCubes).
  There aren't any custom reporting objects to carry over since the queries were previously just secured by the S_RS_ICUBE Administrator Workbench - InfoCube with specific values for the Infocube. Since this object is no longer checked in query processing, is it a correct statement that the characteristic 0TCAIPROV (InfoProvider) should be populated with whatever values were listed in the S_RS_ICUBE object for the InfoCube field?
  We built an anslysis authorization via RSECADMIN per the requirements below and executed it with a test user ID assigned the regular reporting roles (with access to the queries).
  0TCAIPROV     InfoProvider     EQ          "Value 1"     
  0TCAACTVT     Activity                     EQ     03
  0TCAVALID     Validty Date          
  0TCAIFAREA     InfoArea          *
  However, when executing the query as this test user, we received a "you are not authorized messsage".  The trace didn't show detailed information, so we executed the same query with another user ID that was assigned 0b1_all and obviously could execute successfully.
  Is it correct assume that all the characteristics that were checked in the trace are authorization relevant for the query? we added the characteristics with full authorization and still couldn't execute. In addition, when checking these characteristics via RSD1, they weren't makred as authorization relevant, yet they still appeared in the trace.
  Is there something else that is misisng in the analysis authorization? I checked the characterics for variables and none were defined.
  Any troubleshooting tips would be appreciated.
  Thanks in advance

  Hi Julie,
  0TCAIPROV should have values of infoprovidors ( infocubes) that you want the user to have access. If you dont want to restrict it by infoprovidors then you can give a  ' * ' for 0TCAIPROV  CP value ' * '.
  Also make sure when you run the query it is not looking for any other infoobjects which have been made Auth relevant.
  You can actually see the error log for queries
  Go to RSECADMIN --> Analysis tab  --> click error logs --> click configure log recording --> enter the test id and save. Now you do the test using the test id for query. Then come back and see the log for the test user and it will tell you what went wrong. Please let me know if you have any questions.
  Thanks,
  Karthik Kiran

• [CUA] Compatibility with Analysis Authorizations (RSECADMIN)

  Hello,
  I have two questions for you, BI experts :
  1) Could someone please confirm that it is not possible to centrally maintain Analysis Authorizations (trx RSECADMIN) from the CUA ?
  2) Does it make sense to start a CUA project now with the Identity Management solution coming soon ? What are the pros & cons of each ?
  Thanks in advance.
  Best regards,
  Guillaume

  Hi,
  I had a look at the Roles and Profiles tables used by CUA.
  I found that it uses special tables such as :
  USRSYSACT     CUA: Roles in Distributed Systems
  USRSYSACTT     CUA: Roles in Distributed Systems
  USRSYSPRF     CUA: Profiles in Distributed Systems
  USRSYSPRFT     CUA: Profile Text in Distributed Systems
  USLA04          CUA: Assignment of Users to Local  Roles
  USL04          CUA: Assignment of Users to Local Profiles
  There is no analogous table for RSECADMIN tables such as :
  RSECAUTHGENERATD     BI AS Authorization Reporting: Generated Authorizations
  RSECLOG               Storage for Authorizations Logs xml
  RSECTXT               Authorization Texts
  RSECUSERAUTH          BI AS Authorizations: Assignment of User Auth
  RSECVAL               Authorization Value Status
  This, I conclude that it is not possible to maintain BI analysis authorizations from the CUA central system.
  This kind of authorizations has to be performed in the child system directly.
  Unless, SAP has something to draw out of its pocket soon... 
  I indeed read that some development was done on the CUA, parallel to the SAP NW Identity Management solution.
  Best regards,
  Guillaume

• Authorization for MRP contoller level for PR creation...

  HI ..,
           Can anybody suggest me How to control the PR creation through authorization level for MRP controller.
  Regards
  sam

  Hi,
  Maintain the activity "Purchasing Group in Purchase Requisition", this is M_BANF_EKG. Set activity to:
  01     Create or generate
  02     Change
  03     Display
  06     Delete
  08     Display change documents
  Then maintain the purchasing group EKGRP and entered desired purchasing group.
  If you add this to a role, or create a new one say "Purchase Requisitioner", then assign the users. If each user should have different access rights to purchasing group, you would need to maintain this seperately per role. Perhaps create a unique per purchasing group.
  Use SUIM>Roles>By Auth Object and enter one above. This will show all roles which this current object and you can check which users have the role. Again through SUIM or AGR_USERS table.
  Thanks.