Documentation on Crystal-specific authorizations

Does anyone have any additional documentation on how best to configure the various authorizations that are required for using Crystal Reports in an SAP environment. I have found the documentation/directions in the Install and Config guide to be vague and not helpful in trying to understand which authorizations are absolutely necessary for various functions.
For instance, is the "Crystal Consumer" or viewer role necessary for someone who is only going to view scheduled instances and not view reports on demand? What specific authorization is needed to allow for on-demand viewing? Any help or tips on how to configure authorizations would be appreciated. Thanks!
Edited by: Mike Garrett on Jan 21, 2009 6:13 PM

Hi Mike,
The Install and Admin guide for the Integration for SAP solutions has a section describing what authorizations are required for different connectivity tasks.
However in the case where the user is viewing an instance, no authorizations are required because this is a report with saved data thus no connection to the database is required.
In case you are thinking of the publications, I will elaborate further on how this feature works.  When a publication is created for multiple users, the database is hit once per added user to retrieve the record set of that user based on his/her authorizations.  Once this is completed, a report instance is created for each one of these users which only that user has access to.  We describe this type of publication as multipass bursting where data is requested from the database per recipient.
thanks
Mike

Similar Messages

  • Issue with context specific authorization object P_ORGINCON.

    Hello Experts,
    The context specific authorization object doesn't evaluate the
    structural profile it is assigned to when more than one structural
    authorization is assigned to a user.
    Please read the below scenario for issue description as follows:
    User ZHR_ACT13 is assigned two roles namely ZHR_HRD and ZHR_DEPT_HEAD.
    He is the manager for employee ID 167 and is not the manager of employee ID 17.
    Role ZHR_HRD has no read/write authorization for Infotype 6. ZHR_HRD is also assigned to structural authorization ALL which is meant for viewing all the objects with no restriction of any relationship.
    Role ZHR_DEPT_HEAD has read authorization for infotypes 6 for only the subordinates i.e. the structural authorization ZDEPT_HEAD of viewing only the subordinates data is assigned to this role. Also this structural authorization ZDEPT_HEAD is assigned to infotype 6 using
    authorization object P_ORGINCON.
    But now the manager ZHR_ACT13 is able to read infotype 6 data for employee ID 17 who is not his subordinate even though only structural authorization ZDEPT_HEAD is assigned to infotype 6 using P_ORGINCON. We
    expect that user ZHR_ACT13 must be able to read infotype 6 data only for employee ID 167 and not for employee ID 17.
    Please kindly help resolve this issue.
    Thanks & Regards,
    Roshan.

    This has been resolved.

  • Project Specific Authorization

    Hi Everyone,
    My requirement is to implement Project specific Authorization means I want to restrict users to access other projects running in the same plant..Suppose there are four projects A, B, C and D..now there will be four project managers and four teams as well. Now our Client wants that the member of one project could not access the things of other projects...now SAP has given standards only for transaction authorization one can be restricted to access a particular transac but how to restricts at project level.....suppose project manager of project A having a access of CJ2B now he can open any  of the project so we need to configure the users in such a way that he can only able to open his project..the moment he tries to open some other project to which he not assigned the system should give him error message like " you are not authorized to access this project."
    hope I am able to clarify the requirement please give your feedback and solution for this...
    thanks in advance

    same as Restrict project's access on PS
    cheers
    thorsten

  • HTML LINK on documentation in a Specific Program in se38

    Hello all,
    I have a problem for create an HTML link in a documentation of my specific program in se38.
    For do my documentation of my specific program i go se38>select documentation and do modify. I wan't to know how can i do for make a HTML Link for example (www.google.fr) ...
    Thanks a lot.
    Edited by: Emilien P. on Mar 19, 2010 4:11 PM

    The only way I know of is to use a JavaScript action with a link/button that uses the app.launcURL method where bNewFrame is set to true: http://livedocs.adobe.com/acrobat_sdk/9.1/Acrobat9_1_HTMLHelp/JS_API_AcroJS.88.150.html

  • User List for a specific Authorization Object

    Hi all,
    i am looking for a way to get a list of all users assigned to a specific Authorization Object with specific values. The FM 'authority_check' is the other way arround and not that what i need. Do someone have an idea.
    Many thanks in advance.
    Ali

    Hi,
    Try this FM
    SUSR_USER_AUTH_FOR_OBJ_GET
    Check this FM
    AUTHORIZATION_DATA_READ_SELOBJ
    Rgds,
    Prakash
    Message was edited by: Prakashsingh Mehra

  • Querying roles containing specific Authorization Object

    Hello!
    We're using BI7 with new considerations about security. I want to get all roles that contains a specific Authorization Object, I've tried using TX SUIM, but had no success.
    Is there any report, transaction or something else where to find this info?
    I hope you can help!
    Regards!
    Bernardo

    Bernardo,
    If "new security model authorization objects" means analysis authorizations (SAP's official naming for objects mantained by RSECAUTH), those used in roles can be retrieved again using tcode SE16: just query AGR_1251 but this time providing S_RS_AUTH for field OBJECT. The result set shows roles that contain analysis authorizations. If you want only the roles which have specífic analysis authorization, just provide its name for field LOW. Be sure to fill in this field with all capital letters.
    On the other hand table RSECVAL keeps the values defined for analysis authorizations.
    Hope this helps.
    Regards,
    Fernando

  • Error for customer specific Authorization check (User Exit)

    Dear Experts,
    I am facing a problem in PM.
    I have created a maintenace plan for calibration via t code IP42 and mentioned the order type PM05. Scheduling is done for the order. I got the order number.
    I have released the order and got the inspection lot number.
    While entering the results recording through t code QE17, the reluts are out of the specified range, i have given the valuation Rejected, immediately system is giving an error message as below:
    "Error for customer specific Authorization check (User Exit)"
    Though there is no user exit activated in the system, this message is coming and not allowing the result recoring for rejection.
    If I'm entering the result recording within the specified range, then valuation is Accepted and its allowing to save.
    I have checked the following user exits:
    QQMA0002: QM: Authorization Check for Entry into Notif. Transaction
    QQMA0026: PM/SM: Auth. check when accessing notification transaction.
    The above 2 User Exits are not active.
    I have also checked a note 429066. But it says incase of any dump for that user exit only its applicable and more over the current version of the system is ECC 6.0 packae 15, where as that note is applicable upto 4.6C.
    Please some one help me on this issue.
    Thanks and Regards,
    Praveen.

    Dear Pete,
    I have cheked with my technical team, There is no hotpacks updated recently. This is the implementaion project I'm in, so performing the cycle for the first time.
    Any how I got it solved, in T code QE17, after entering the Inspection lot in next screen goto menu path Settings - User settings - Defects recording mention the reprt type and tick on Reprt type Changable.
    At the time of result recording if the valuation is Rejected then it ask for defects recording close that window if not rwequired then save, the error message no longer apperaing now.
    Regards,
    Praveen

  • The scope of the customer-specific authorization object

    Dears,
    Could someone please feedback about the scope of the customer-specific authorization object; e.g. if we are to create a customer-specific authorization object to replace authorization object P_ORGIN in the HR module, to be able to add an extra authorization field to the newly created authorization object, the scope of the newly create authorization object (which will have a new validation code generated by report RPUACG00) will be the whole ERP system ? 
    The worry is caused by the fact that P_ORGIN is already used in several authorization roles granted to users in the different ERP modules (i.e. FI, SD, MM, CS), so the replacement would affect these modules.
    Thanks.
    Reda

    Hello Reddy,
    We are about to implement the HCM module (We are now in the testing
    phase), on the same client as that of our SAP ERP implementation.
    We need to authorize on the personnel number grouped by 'Payroll Area'
    in transactions PA30, PA40
    In authorization object P_ORGIN, the field VDSK1 is already used to
    authorize on an attribute : cost center (organizational key) for each
    organizational unit, so we can't configure it to authorize on other
    fields from info type 0001 (e.g. Payroll Area).
    We need to continue using the conventional / general authorization and
    not the structural authorization, to stay in compliance with our
    authorization schema already implemented in our FI, MM, SD & CS modules.
    ( Also, as per thread : Steps for creating structural authorization profile using trans. OOSP
    the structural authorization cannot be used to authorize on Payroll Area.)
    We need to go through the HR module implementation without any changes
    in the ABAP code.
    So, the last way out is the custom-specific authorization object, and as I mentioned before, the authorization object P_ORGIN was already used in other ERP modules; e.g. FI, MM, SD & CS,
    ( Note : I haven't started yet implementing this solution.)
    Thanks.
    Reda

  • Track-specific Authorization

    Hi,
    I set up Track-Specific Authorization in NetWeaver 7.0.
    UME user "test_a" has NWDI.Administrator role, and the CMS Track Authority of user "test_a" is set as =>
    ====================================
    Track A => select all Authorities
    Track B => select only "Display" Authorities
    ====================================
    I turn on Track Authority State without error.
    When I practice the scenario that login as user "test_a", then modify Track B  by adding runtime system.
    User "test_a" is able to add runtime system on Track B.
    The expected resuld should be "test_a" can not modify (ex. add runtime system) on track B.
    Please Help.

    HI Chen,
    test_a has a NWDI.Administrator role assigned to it.
    so test_a can do anything.
    track authertices are set for the users. whom you just assigned
    NWDI.Developer or other roles other than NWDI.Administrator

  • Deleting document specific authorization (ACL in EasyDMS)

    Hi,
    Is there a way to delete document specific authorization assigned using the Authorization tab in EasyDMS? The requirement is to have authorizations based on roles and auth objects (defined in PFCG) to take effect.
    Thanks,
    Lashan

    Hi Lashan,
    some time ago our developement created the following report for deleting ACL entries of a document info record. Maybe this can be useful for you too. Below you find the report coding:
    *& Report  Z_ACL_DLETE_FOR_DIS
    REPORT  Z_ACL_DLETE_FOR_DIS.
    TABLES: draw.
    DATA: lt_draw   TYPE draw  OCCURS 0 with header line.
    WRITE:/1 'LIST OF DIRs WITH ACLs DELETED' COLOR COL_HEADING INTENSIFIED ON,
          /2 '          DIR KEY                   ' COLOR COL_HEADING.
    SELECTION-SCREEN BEGIN OF BLOCK dms_block10 WITH FRAME TITLE text-001.
    SELECT-OPTIONS: s_dokar FOR draw-dokar MEMORY ID cv2,
                    s_doknr FOR draw-doknr,
                    s_doktl FOR draw-doktl,
                    s_dokvr FOR draw-dokvr.
    SELECTION-SCREEN END OF BLOCK dms_block10.
    SELECT * FROM draw INTO TABLE lt_draw
        WHERE dokar IN s_dokar AND
              doknr IN s_doknr AND
              doktl IN s_doktl AND
              dokvr IN s_dokvr.
    LOOP AT lt_draw.
    Delete from DMS_GUID where dokar = lt_draw-dokar and doknr = lt_draw-doknr
    and doktl = lt_draw-doktl and dokvr = lt_draw-dokvr.
    if sy-subrc = 0.
    write:/ lt_draw-doknr,lt_draw-dokar ,lt_draw-dokvr, lt_draw-doktl.
    endif.
    ENDLOOP.
    Best regards,
    Christoph

  • Work Center specific Authorization

    Hi all,
    My specific requirement is we have 7 various plants and each plant having 2 work centers and planner groups like one is for Elect and other is Mech. Now my client wants that particular plant only have the authorization for its particular work center and planner group.
    Means if plant 1 having work center Elect1 and mech1, this plant is not authorize to make notification or order of plant2 work centers say Elect2 and Mech2. Is it possible? What am I suppose to do for that?
    Thanks,
    Anish

    Hi Anish,
    Nothing is required to be done by Functional Consultant. You just need to contact your basis team.
    You have to provide him role/profile for which you want to change authorization for auth object C_AFVG_APL.
    This auth object will have fields as below
    1) Plant
    2) Work center
    3) Action
    The following values are used for the actions:
    01: Create
    02: Change
    03: Display
    41: Assign PS texts
    42: Allocate materials
    43: Assign PRTs
    44: Assign activity elements
    You need to tell him for your role/profile - which plant, which work center and which action should be allowed.
    So accordingly user will have only those limited authorization.

  • Plant Specific Authorization of  VA42,VA02,VF03

    Hi,
    I have to provide authorization for Change or Display of Contract Orders,Sale Orders, Billing docs for the Users of the plant in which they were created and for other Plant users i need to restrict. For example, If a billing doc was created in Plant 1100,then users of the Plant 1100 should only have the authorization for Change or Display of that billing doc. For other Plant Users it should throw an error message 'This billing doc belongs to another Plant'. Please guide how can i do this? What input i have to take from Basis Consultant?
    Regards
    K Srinivas

    Please guide in arriving at solution.
    Regards
    K Srinivas

  • Can I get a list of users who have a specific authorization role?

    Hello,
    I'm wondering if there is a BAPI or FM that takes as input a single authorization role and gives me back a list of all users who have that role?
    Thx.
    Andy Jacobs

    hi,
    please check the below FM
    'PRGN_1001_READ_USER_ASSIGNMENT'
    jaffer ,
    Please reward the helpful answers.

  • Documentation of Crystal Report Template

    We're using several developed Crystal Report (V11) RPT files. Is there a way to document the contents of what is contained in each RPT (Sections, Variables used, SQL used, etc)?

    You can export the report to create a Report Definition.
    Click on the export button and scroll down to Report Definition, you may have to install this export option if it doesn't exist.
    The definition is export to a text file. It will show a lot of info but it will not show information that is stored in conditional formatting formulas.

  • Sales office specific authorization

    Sir,
    My user has multiple sales office , but they doesn't want one sales office has seen another sales office order document,delivery document and billing document , so how I restrict one sale office has not seen another sales office related document?
    Please solve this problem as early as possible.

    The scenario is  as follows ;
    sales organization-zxxxx  (same for all sales office)
    Distribution channel-zx  (same for all sales office)
    Division-zx  (same for all sales office)
    Sales Office-zx1,zx2,zx3.......  (are state wise)
    the client wants users from one sales office will not be able to create /display sales order for other sales office.
    Please help.

Maybe you are looking for

  • Does the server listen in the same port or on a random one....?

    Hi all, As I went through the Java Tutorial in Sun's website I found that though the server is assigned a port to listen, it does the actual communication with the client in another port and keeps the assigned port listening for other clients. Can't

  • HT1386 my iphone says " 33 items could not be synced, see itunes for more information" , where is this information?

    I have been syncing my music from my laptop to iphone, no problem until now, a message says " 33 items could not be synced, see itunes for more information", can't find any information that helps me, so, how do I sync these 33 items?  help

  • Accessing Wifi Hotspots

    Hi there I've done a quick search through and cannot find an answer (unless my eyesight is failing me!!) anywhooooo I've got a 5800 and would like to access BT Openworld hotspots whilst out and about so that I can use my free inclusive mins, however

  • Copy standard BAPi

    Can anybody send me the step by step procedure for copy the standard bapi , i copied the bapi , but its no coping all the incules and function modules , when iam tyring to copy those its error.. pls any help me abt this pls.. Regards, pandu

  • Tags from Elements with full version

    Since 2003, I used Photoshop Album and Photoshop Elements then to place thousands of tags on nearly 15,000 digital photos. I bought Photoshop CS5 few months ago and I find no way to use my information without going through my catalogs Photoshop Eleme