Hierarchy Authorisation
Hi,
I created a hierarchy manually for Sales Rep and authorised it for a user with object S_RS_HIER...But it gives error "Your Master record is not sufficiently maintained for Object test Authorisation"
When I check in /su53 it says authorisation successfull....
Any suggestions would be helpful...
Hello,
Make sure you are adding the 0TCTAUTHH to the authorization object
Similar Messages
-
Problem in hierarchy authorisation
Dear all, I have two questions now regarding as the hierarchy authorisation:
1, As you know the infoObject 0TCTAUTHH should be actived and allowed to be authorised? How do I know that is already activated?
And how to activated it?
2, When I define the authorisation for the hierarchy, in the option "Type of authorisation". I don't understand the use of "2". Can anybody explain it to me?
Thanks!Hi,
I tried ur sugesstion but the same problem persists.i tried it in other way by giving the unit price at the item master level itself.in such case the unit price field in the PO displays the value.But the TAB pointer jumps to the next row directly instead of moving to the Tax Code Field in the PO.it means it doesn't allow me to enter the tax code.I think the problem is due to mistake in setting user authorisation.Could u clear me.
Regards,
Badri. -
Hierarchy Analysis Authorisation
Hi All
We are trying to limit the output of a HR Sickness report depending on the user's position in the Org Structure hierarchy. We can't use structural authorisation as its not maintained in ECC.
We have the org struct in BI and we want to setup dynamic Analysis Authorisation (AA). So we want to create AA with hierarchy restriction on 0orgunit based on a variable. Then at runtime the variable is populated by ABAP with the user's org unit. The report then shows the data for the user's org unit (and all other org units below in the org structure).
In RSECADMIN I can create a new authorisation object and add 0orgunit to it. On the Hierarchy Authorisations tab I hit the create button and select orgeh hierarchy . Then I press the 'select variable' button and I get the error message 'No variable of type Customer/SAP exit for characteristic 0ORGUNIT exists'.
What am I doing wrong? Where do I specify a variable for 0ORGUNIT so that it can be available in the selection screen?
Thanx
Asifhttps://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/ded59342-0a01-0010-da92-f6b72d98f144&overridelayout=true
Go through these links. Hope this would help you. -
Authorisation on 0ORGUNIT Hierarchy
Hi Everyone,
I have a requirement wherein I need to assign authorisation to each employee as per his/her ORGUNIT. We have a hierarchy on ORGUNIT and the authorisation should be such that the employee should be able to see the data from his ORGUNIT and all the from all the ORGUNITs which are below his node in the hierarchy.
ORGUNIT is an attribute of EMPLOYEE. I've created an authorisation object on ORGUNIT and created a hierarchy authorisation structure. Now I'd like this Authorisation object to pickup the ORGUNIT values from the EMPLOYEE master data when I assign the Authorisation object to a certain EMPLOYEE instead of me creating an Auth. object for each ORGUNIT node in the hierarchy and assigning it to each EMPLOYEE manually.
I'd like to automate it so that the ORGUNIT is picked up from the EMPLOYEE master data. Any ideas how I can achieve this?
Thanks,
Ram
Edited by: Ram Pandey on Jul 23, 2009 6:06 PMAlright Ram,
There are standard DSO that do this for you. Look at the following:
http://help.sap.com/saphelp_nw2004s/helpdata/en/01/a7fb3a72a05546e10000000a114084/frameset.htm
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/business-intelligence/a-c/bw_hr%20authorization%20-%20asap%20for%20bw%20accelerator
cheers,
Nick -
Dear Gurus,
I have the turned two navigation attributes as auth. relevant,
global cost center: this is based on hierarchy authorisation
local cost center: this is based on value authorisation.
There is one-to-one mapping between glocal cost center and local center. Users would request authorisation on either of them but they can ask for authorisation for more than one role with different combination.
I have created three analysis authorisation for the below scenarios:
1: Role_1 has Auth_1 with the below values
global cost center: X (node)
local cost center: * (as users have no knowledge about the mapping)
This works fine.
2: Role_2 has Auth_2 with the below values
global cost center: * (as users don't know the mapping)
local cost center: A
This works fine as well.
3: Role_3 has auth_1 and auth_2.
This doesn't work. It throws authrisation error.
Can you please suggest how can scenario 3 work.
Thanks in advance
RegardsHi Max,
Unlike ECC Auth Objects, Analysis Auths always work on the concept of Intersection. Which means when you run query for a particular input selection and you have multiple analysis auth assigned, then queries will only be executed if input selection falls within the intersected region for the characteristics in two analysis auths.
Therefore effectively when you assign auth_1 and auth_2 to an user, user gets the following access:
global cost center: Node
local cost center: A
Can you confirm if the user is selecting the above values while executing queries and still getting authorization error?
I didn't understand the requirement of Role_3 = Auth_1+Auth_2 though, but if you can explain the requirement, I can try to suggest some solution.
Thanks,
Deb -
Authorisation Check during CO-Retraction
Hi,
I am retracting CO-Data (CCA and OPA) from BW-BPS to CO. All went well until hierarchy-authorisations for InfoObject 0COSTCENTER have been activated on the planning-cube.
In the planning level/package the selection for InfoObject 0COSTCENTER is 1-ZZZZZZZZZZ.
This value will be delivered for authorisation check during CO-retraction.
When checking hierarchy-authorisations, the explicite value ':' for 0COSTCENTER is expected. So I changed the selection in the planning area to 1-9999999999, ':' and A-ZZZZZZZZZZ.
But the value ':' will be deletet during the preparation for the value check (RSSB_AUTHORITY_VAR_CHECK). So the hierarchy-check does not work properly.
Please give me any advise, how to make authorisation check possible.
Greetings AndreasHello Andreas,
as always the BPS selection needs to be a subset of your authorizations. You seem to select all cost centers so a hierarchy authorization is not enough.
- Do an authorization trace in RSSM and check the log
- Adapt the BPS selections or use a BPS authorization variable
Regards,
Marc
SAP NetWeaver RIG -
Hi,
How do you assign Hierarchy node to a paticular role in BW system.
How can we find out a query executed by whom..?
thanx in adv
raviHi Ravi,
Authorisation on a hierarchy is implemented with the Info Object 0TCTAUTHH of the technical content(Infoobject catalogue 0BWTCT_CHA01).
Below steps
1.You need to transfer this Infoobject 0TCTAUTHH first from the content and then activate it.
2.Create the reporting object by using 0TCTAUTHH and leaf Infoobject in transaction RSSM
3.Define a description of a hierarchy authorization
4.Create an authorization of the new authorization object. Enter the technical name of the description of a hierarchy authorization as value for field 0TCTAUTHH.
5.You need to maintain the authorisation values of hierarchi Infoobject and 0TCTAUTHH in PFCG.
SDN link given below provides detailed screenshots of working with BW Hierarchy Authorisations.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90323a2c-fe1c-2a10-d89b-d79342061b3d
Regards,
Nagendran -
Analysis Authorization Mass Load got wrong
Hi,
First:
I accidently made a rubbish CSV massupload via a 0TCA_DS04 formatted DSO and than a
RSEC_GENERATE_AUTHORIZATIONS for Assignment of authorization to users.
Second:
I want to clear up this rubbish completely out again.
Third:
Loading a one line one field CSV File like this:
0TCTUSERNAME - D_E_L_E_T_E
;0TCTAUTH - <BLANK>
;0TCTADTO - <BLANK>
;0TCTOBJNM - <BLANK>
;0TCTSIGN - <BLANK>
;0TCTOPTION - <BLANK>
;0TCTLOW - <BLANK>
;0TCTHIGH - <BLANK>
;0TCTOBJVERS - <BLANK>
;0TCTADFROM - <BLANK>
via a 0TCA_DS01 formatted DSO
and RSEC_GENERATE_AUTHORIZATIONS
does not seem to work.
Fourth;
The rubbish Assignment of authorization to users still exist.
Fivth:
Something else to do ? The doc ,Generation of Analysis Authorizations - Business Intelligence - SAP Library,
isn't to clear to this.
Something more to do ?
CSV wrongly formatted ?
Assitant is appreciated.
Thanks
MartinHi Petra,
the message is only thrown when one of the named DataStore Objects is really empty.
Could it be:
1.) That you have a typo in your DataStore Object name
2.) The message should also name a DataStore Object. Which one is it (for which authorisation generation)
3.) Are you on a Support Package Stack level lower than 14, and try to generate hierarchy authorisation. If so, please check OSS note # 1041515.
If none of the above is solving your issue, you might have to open a customer message.
Cheers
SAP NetWeaver BI Organisation -
BI7 Analysis Authorisations - relationship between value & hierarchy auths
Hi all
Does anybody know how we can set up the new analysis authorisations to allow a user to use a Query selection for cost centre based upon a hierarchy and yet restrict the cost centre data they can display by value authorisations?SDN is the place to discuss technical problems..
Please avoid such weird post.
G@urav. -
DB error with Authorisation on Hierarchy
Hi,
In both web reporting and BeX I get an error that says:
"An exception with the type CX_SY_FILE_AUTHORITY occurred, but was neither
handled locally, nor declared in a RAISING clause
Message no. RS_EXCEPTION000"
It occurs when expending a hierarchy node in one hierarchy, when a (authorisation) filter is set on a node in another hierarchy.
Problem does not occur when using profile sap_all / sap_new
When going to system logs I see the error in the DB occuring:
BY2 Database error -471 at EXE
BY0 > DSNT408I SQLCODE = -471, ERROR: INVOCATION OF FUNCTION OR
BY0 > PROCEDURE SYSPROC .DSNUTILS FAILED DUE TO REASON
BY0 > 00E7900C DSNT418I SQLSTATE
BY0 > 55023 SQLSTATE RETURN CODE
BY0 > DSNT415I SQLERRP = DSNX9WCA SQL PROCEDURE DETECTING ERROR
BY0 > DSNT416I SQLERRD = 0 0 0 -1 0 0 SQ
BY0 > DIAGNOSTIC INFORMATION DSNT416I SQLERRD =
BY0 > X'00000000' X'00000000' X'00000000' X'FFFFFFFF'
Any ideas how this can be resolved?
thanks,Hi,
A PROCOBJ is a procedural object. There are objects in a database the can't be exported in a normal way so there are annonymous pl/sql blocks written that the datapump code calls. These anonymous blocks will generate the infromation that the datapump needs to export and then import these types of objects. It looks like this anonymous block has an error in it.
I would talk to Oracle customer support and tell them what is happening.
You could always restart the job
impdp user/password attach=user.jobname
The user.jobname is the information it gave you at the beginning of the job. If you didn't specify job_name, then it would be something like:
SYS_IMPORT_SCHEMA_01
SYS_IMPORT_FULL_01
etc. When you get to the impdp prompt do this:
start=skip_current
It will continue the job, but skip the current object being worked on.
Hope this helps
Dean -
No authorisation for displaying hierarchy
Hello all,
some user mentioned that there can not activate hierarchy for an InfoObject within an web application. When I do this, the hierarchy is displayed correct. Also within the simulation for those users in TA RSSMQ the hierarchy can be displayed.
However: The user gets the message: No authorisation for reporting hierarchy.
Where can I allow the user to see the hierarchy?
The BW release is 3.5. Any ideas would be great.
best Regards,
Stefan from Munich/GermanyHi Stefanos.
Please check the authorizations for the user. Make sure that he has the S_RS_HIER object specified correct.
Hope it helps.
BR
Stefan -
Authorisation in Hierarchy node variable type
Hi,
Is it possible to have a Hierrachy Node variable that is processed by Authorisations ?
Regards,
Saurabh Diwakarhttps://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
Create BEX variable for authorization
1. Right click on the IO -> choose 'Restrict'
2. Choose 'Selection' = 'Single Value' and 'from Hierarchy' = 'flat list'
If a hierarchy exists, select the hierarchy for the IO
3. Go on the variables tab -> Right click -> 'New variable'
4. For a restriction without hierarchy, the type of variable is 'Characteristic Value' and if you have choose a hierarchy, the type of variable is 'Hierarchy node'
5. Select a variable name & a description
6. Choose 'Processing by': = 'Authorization' then check the characteristic and click 'next'
7. Choose the display area for the variable -> Variable represents: = 'Single Value' or 'Selection Option'
8. Choose if the variable entry is Optional or mandatory,
9. Don't select 'Ready for input' and 'Can be changed in query navigation
10. Next to the end
Hope this would help you ... -
Hierarchy Objects - Authorisation in Roles
Hi I have created a role which is causing me few problems. The role is reporting role and the queries associated to it have 0MAST_CCTR & 0ORGUNIT in them. when I run the queries I got a error message:
No authority for the node from characteristic 0MAST_CCTR, hierarchy SYMBCONTROL (00000000,)
Message no. BRAIN819
Diagnosis
The system determined the authorized areas (nodes) for the characteristic 0MAST_CCTR and the hierarchy PATCONTROL (00000000, ). In doing so, it was determined that you do not have authorization for any area.
System response
If this situation occured when filling a variable, then the query cannot be executed or the hierarchy cannot be displayed.
Procedure
For the characteristic 0MAST_CCTR and the hierarchy SYMBCONTROL (00000000,), you have to have authorization for at least one node or leaf for something to be displayed.
I have given * for hierarchy name in S_RS_COMP in the role for the infoObject 0MAST_CCTR. Still the role is failing and I am not able to run the query. Where is the problem? Help is appreciated.
Thanks in advance,
-Ravi.Ravi,
Just checking. Did you create a authorization variable and added it in the query for that characteristic?
Gova -
Authorisation Error - Hierarchy Node
Hi All,
I have the following error when I try to run a report, there are madatory fields on the variable screen for Cost Centre Hierachy & Cost Element Hierarchy. When using BEx Analyser I can enter passed this error message & the report will display results, however when I use the Portal, a different error message appears.
I need this report to run successfully in the Portal, please can you help
BEx ANALYSER ERROR MESSAGE
Diagnosis
The system has determined the authorized areas (nodes) for the characteristic and the hierarchy (,). It also determined that you do not have authorization for any of these areas.
System Response
If this situation was determined while a variable was being filled, the query cannot be executed or the hierarchy is not displayed.
Procedure
You have to have authorization for at least one node or leaf for the characteristic and the hierarchy (,) so that something can be displayed.
If the selection only comprises end nodes ("leaves") and all of these leaves are covered by value authorizations, a query result is still displayed.
Procedure for System Administration
PORTAL ERROR MESSAGE
WARNING EYE (019): No authority for the node from characteristic ASCH407D, hierarchy YIR BI-KPIGRP (00000000,)
MSGV1: ASCH407D
MSGV2: YIR BI-KPIGRP
MSGV3: 00000000
ABEND RSBOLAP (000): Program error in class SAPMSSY1 method : UNCAUGHT_EXCEPTION
MSGV1: SAPMSSY1
MSGV3: UNCAUGHT_EXCEPTION
& it will not display resultsHi,
Using the T-code SU01 check what are the authorization do you have. Identify the authorization which is related to cost center/cost element. In the T-code PFCG check if that authorization includes that cost center/cost element hierarchy node or not?
In order that query should run in Portal, relevant authorization must be transported to portal.
Hope it helps.
Regards,
Prakash -
In our organisation SAP BW and BO XIR3 (3.1) has been installed. And SSO being implemented between both the system . User accounts are created at BW level which were used for BO even.
We have maintained authorisation by hierarchy at BW side and wanted to make use of these same authorisation at BO side ..but we were popped with error "No Data to retrieve" (even though data exists ..
Scenario:
(1) WEBI report on BW Query (through universe connection has SSO)
(2) user created "XYZ at BW level
(3) Hierarchy level: Region (NORTH , SOUTH , WEST , EAST) maintained at BW level
For user "XYZ" authorisation has been maintained at region level (Ex: AUTH_NORTH)
Now , "XYZ"user has to restricted to view only NORTH region data ..at this case we were
prompted with specified error "No data to retrive" at BO side ..and when same user access the same Query in BW ..he is able view only NORTH region data
But when we provide REGION_ALL authorisation to user XYZ at BW level ..now user able to view data in BO for all regions ..without any error ..
Can you please help us ...in maintaining authorisation for a single REGION (ex: AUTH_NORTH)
Help will be really appreciated ....
Regards,
KamalHi,
any data level authorization should get done in the BI Authorizations and with the usage of a authorization variable in the BEx query.
regards
Ingo
Maybe you are looking for
-
NVidia Settings for Two Different Graphics Cards?
I just built a new system for video editing with Adobe CC 2014 including both the Quadro K4000 AND the GeForce GTX780 DirectCU II OC graphics cards. I was wondering what are the best settings in the NVidia control panel for apps such as Premiere Pro,
-
Problem with fonts changing on acrobat reader
I'm exporting a document from Pages to PDF and have received a report from one viewer that the fonts are changing sizes erratically when viewed on a PC. no other complaints but want the document to look nice for all viewers. Advice?
-
Missing Thumbnails in CS5 bridge
I just got Photoshop CS5 and for the first time decided to use Bridge that comes with Photoshop. My problem is that Bridge doesn't show thumbnails for all my files. Some folders of images have a few thumbnails missing, other folders have a lot of thu
-
Is the OnPlus interface supposed to save when a view is customized? Please see this thread. https://supportforums.cisco.com/message/3925799#3925799 I thought I had this issue resolved but it appears that after a certain period of time not being logge
-
Java script needed for premier elements 13
Which version of java script is needed for Adobe premier elements 13 and for photoshop elements 13 on mac with OS X YOSEMITE? And do I have to uninstall previous version of Java script? Any help Appreciated. Thank You.