Regarding Role And Authorisation

Similar Messages

• Roles and authorisations in SEM BW

  Hi All,
  Our SAP SEM lies in BW, Business Planning and Simulation. I have configured everything, but now i want to create roles and authorisations which point to specific planning folders. How do I do that? I understand we do not use the standard transaction PFCG to create roles in BW SEM, what transaction do I need to use? May I get a little bit of detail from the transaction to the point at which i specify a certain role for a specific planning function or planning folder.
  I will really appreciate your help.
  Regards,
  Tatenda.

  Hi,
  please use the search function and read the great number of threads regarding this topic.
  The SEM-part of SAP has a lot of role-stuff for authorsation (via PFCG) but also BW-authorisation which is done via "rsecadmin". Actually, forget pfcg because you can click on pfcg in the rsecadmin, so you never have to go back to pfcg anyway.
  The BW-authorisation is created via rsecadmin, as i said, and included to a role via pfcg in the object S_RS_AUTH.
  For example someone needs the reporting-auth for one company. You create via rsecadmin a BW-auth-object, call it "comp_01". Include there the infoobject 0COMPANY (if you use that one) and include the special infoobjects (there is a button on the top). Then go in rsecadmin to the tab User and switch there to PFCG.  Select/create a role, put the S_RS_AUTH in there (and maybe if needed the BEx-Query stuff) and then type in that BW-auth-object "comp_01". That's it.
  btw: Roles are only for the application, the BW-Auth is for infocubes, infoareas, infoobjects and so on...
  Best Regards

• Profiles , roles and authorisations

  hello all sap greats,
                              i have a problem in understanding about the hierarchy of profiles roles and authorisations
  PROFILES(as it constitutes of roles)
        I
        I
  ROLES(as it contitues of authorisations
        I
        I
  AUTHORISATIONS

  Hi ashish,
  Check this link
  http://help.sap.com/erp2005_ehp_03/helpdata/EN/52/671285439b11d1896f0000e8322d00/content.htm
  Regards
  Ashok

• Roles and authorisations in SAP BI...

  CAN ANY ONE EXPLAIN ME THE ROLES AND AUTHORISATIONS IN SAP BI /BW...???
  THANKS IN ADVANCE...

  Hi Anand,
  Refer these links from help.sap.
  BI Authorisations
  http://help.sap.com/saphelp_nw2004s/helpdata/en/be/076f3b6c980c3be10000000a11402f/frameset.htm
  BI Analysis Authorisation
  http://help.sap.com/saphelp_nw2004s/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm
  Regards,
  Hari

• Regarding Profile and Authorisations

  Hi All,
  I have task on role management , i have a profile assigned to like 20 users , but one of the user is asking me to have special authorization on particular Z Table he want to have modify rights.
  in order to give the rights to this guy fro that table , i have to make this profile modified so that it will apply for all of them, so i wan to have this rights to this particular user with the same profile , does any body ahs idea how to achieve this??
  Or can any one suggest me where can i put this question in the forums??
  Thanks in advance
  Regards,
  Sundar

  If you dont want to alter the existing profile.. You can create a new profile and put the require authorizations into it and you assign this new profile only to him.... this way all those who are assigned to the old profile wont get the new authorization and you can give the new authorizations to this person only.....
  The right forum for this is ->     Security

• Regarding roles and worksets ??

  hi
  is it possible ??
  i  have made 2 roles nd 6 worksets ..in 1 role made the entry point no and made the entry point yes for there worksets....these are shown in tabs ...
        now i want to use the same worksets for a new role  but want to make the role entry point 'yes'..
    and doest not want to show the worksets shown in tab  for 2 nd role ..want that 2nd role will be shown in tabs

  Hi Arpit,
  If I understand you correctly you have a role with worksets inside the role which are entry points (meaning you see them in the 1st level in the TLN).
  Now you have a 2nd role which you want to see in the 1st level TLN, and want the
  2nd level TLN for this role to have the same worksets you used in the other (1st) role.
  In order to do that, just create delta links for the worksets, and add them to the 1st and to 2nd role.
  These will actually be the same worksets. when you make changes to the original worksets, you'll see the changes in both roles.
  Regards,
  Tal.

• Roles and Authorisations

  Hi Freinds,
  I have a question
  For example
  A) I have company code with several company codes and under one company code several Profitc centers and under one profit center many Gl Accounts.
  My question is...
  I know that we can restrict users on company code , i want certain users to give company code and particular profit centere and further drill down particula Gl account.is it possible.
  do we need create many roles for this...can any one give me an idea about this
  Thanks in advance
  Reg
  Ram

  Hi,
  You can do this...but will have to carefull design your reports later on for that so that this kind of authorization work can be supported.
  For these you will have to define all these objects as authorization relevant.
  Try to create different authorization objects in RSECADMIM with the values for each char which you want.
  In the end you will have as many roles for every combination set which you want to create
  Assign users accordingly to each role.
  So 1 comany code -> 2 profit centers->10 GL accounts =1 authorization object.
  asign it to one role.
  Now if you want various combination to go together then you can assign the different authorization object to one role.
  Thanks
  Ajeet

• How to create SCATT to Create and generate Role with Authorisation Data.

  Helo Guru's
  Please advice ..How to generate Roles using SCAT sript.
  I created scat script to create Role and add tcodes ..But not able to generate Profles using SUPC...
  Is it possible to create Authorisation Data using scat scripts ....or we need to do it Manually
  Thanks

  Hi,
  You can't use CATT scripts to create roles and populate authorization data, since the organization values/authorization objects/ and field values differs from one to the other role.
  However, you may use CATT scripts till creating the role, and adding the transaction codes, but every role should be maintained individually.
  Hope this clarifies!
  Regards,
  Raghu

• Table whihc contains the roles and its authorisations

  i have to view all the authorisations and the roles in which they are present .
  Please let me know the table for the Same

  Hi,
  From table AGR_USERS , you can see the roles corresponding to any user.
  From table AGR_TCODES, you will get the tcodes corresponding to any role.
  Hope this solves your problem
  Well this will tell you the roles with respect to the users.
  Also you can into transaction PFCG and search the roles, go to change mode for that particular role and there under authorizations see the objects clicking on change authorization objects.
  reward with points.

• Implementing roles and rules based authorisation with Azure AD

  Hi all,
  I would greatly appreciate some input on feasibility and patterns I should look at for a complex technical requirement that I am currently tasked with designing.
  We have a system that comprises a web and mobile app. In the past we have implemented session based authentication through ADAM and authorisation through custom business rules contained within the applications. The authentication mechanism is in the process
  of being migrated to Azure AD and authorisation is planned to be moved to Azure AD for our next release.
  Existing authorisation within our web application is already complex. We have users that belong to different groups with a range of permissions such as read, write or admin. Additionally each user is granted access to N customers and also N locations within
  each customer. We have a requirement that any number of combinations of customers and locations be supported. Users also need to have different permissions for each entity, i.e. read access to customer 1 location 2, write access to customer 4 and administer
  customer 7. Currently these privileges are maintained within a relational database and enforced as part of each PageLoad(). Essentially this is a combination of roles and rules based authorisation.
  We are struggling to represent this complex matrix structure within Azure AD and efficiently implement the authorisation decision in Azure AD. The driver for this technical requirement is to provide re-usability of the authorisation component to other (as
  yet unidentified) applications.
  Currently the best option we have come up with is implementing custom attributes for each class of permissions and storing within this 2048 bit field a bitmask that represents whether this permission is granted for a given location (which has a many to one
  relationship with customer).
  Any help or comment would be gratefully received,
  Phil

  Hi
  When "Advance routing" is used for Task assignment; the task service asserts the folllowing fact types : Task, PreviousOutcome and TaskAction to the rules engine. These facts gives all the reqd info about the task (like outcome of the participant, task stage .. etc)
  Now in the defined ruleset; we can have rules as per our requirement that can extract info from the asserted fact types and assign task to the required/next participant.
  Also note that we write the advance rules for exception cases only.
  For example; let's say all participants have 2 possible Outcomes [COMPLETE, RECHECK]. We have defined the ideal task routing flow as :
  Participant A -> Participant B -> Participant C. This is the flow when all participant selects "COMPLETE"
  Now suppose B selects outcome as "RECHECK" then the task shld move back to A. So for this case only we need to write a advance rule.
  Pls refer to the code sample at : http://download.oracle.com/technology/sample_code/hwf/workflow-106-IterativeDesign.zip
  Also dev guide : refer to section 28.3.7.2 http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10224/bp_hwfmodel.htm#BABBFEJJ
  Thanks
  Edited by: Kania on May 19, 2010 2:41 AM

• Regarding user and role batch input

  hi freinds:
      Our Portl project are the final stage, we are going to batch input roles and Users,could
  you please tell me the professional way to do it? I searched on google and SDN, it seems UME
  is the solution, I am not sure about this, to be cautious, I have to put a thrad here, 
  could you please give provide a solution and its detailed steps?
  thank you very much

  Hi,
  You can use import feature in useradmin to create mulitple users along with the roles.
  Create an excel with the following headers
  uid
  last_name
  country
  role
  and fill in with the values you need.
  Open your microsoft word Go to Tools-->Letters and mailings --> Mail merge.
  Choose the following .
  Letters --> Next >Next>Use an existing list>Next>Choose the excel you created > Choose the sheet> ok -->
  Next(Write your letter)--> Type uid= > then on the right hand side click on 'More items'> Database fields> choose 'uid'> Click on 'Insert'--> Click on close.
  In the same way do for last_name,country,role. It should be like this.
  uid = «uid»
  last_name=«last_name»
  country=«country»
  role=«role»
  Click on 'Next'> Click on Next(Complete the merge)> click on 'Edit Individual letters'> Choose 'All'>One record will be created in one page. Delete the spaces and copy the text.
  go to http://:/useradmin
  login and click on 'Import'
  Paste your text over there.Click on 'upload'.
  Then you can create users.
  Export one user to see how to maintain the data in the excel.
  Hope this helps.
  Best Wishes'
  Idhaya R

• RFC Sender - Logon User - What Roles and Authorizations?

  Hi,
  Scenario: RFC Sender --> XI --> JDBC
  What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
  It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
  With Regards,
  Manikandan R

  Hi ,
  U need to give ECC Authorisation
  Application server : ECC Server
  Sytsem no : ECC system number
  Logoon User : ECC any username
  password : password for above user
  clientr : ECC client ( From which client u are sending to RFC adapter)
  Regards,
  Jayasimha jangam

• Diff.between BW and R/3 roles and authorizations

  Hi Experts,
  Please any one let me know is there any difference for creating roles and assigning authorizations in BW and R/3 systems.
  Please let me know the BW related T-codes
  Regards,
  Reedy V.

  What version of BW? Are you using BI7 analysis authorisations.
  BI7 - go [here|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce]
  If using BW 3.5 or another similar version then build your roles in PFCG and assign to users in SU01
  There is more to it which you can find [here|https://service.sap.com/SECURITY] (sorry for the poor link Bernhard ) under category SAP Business Information Warehouse Security Guides
  Edited by: Julius Bussche on Jul 8, 2008 12:34 PM
  Formatting and link corrected
  Thanks Julius!
  Edited by: Alex Ayers on Jul 8, 2008 2:10 PM

• Roles and Authorizations

  Hi Gurus,
  How can i find that which role to added to one's profile to give him the access of Document Parking(FV50)?
  Please let me know the procedure of finding the roles, so that it can be assigned to user's profile to give the access.
  Thank You
  Regards,
  Mohit Verma

  Hi Verma,
  In SUIM transaction you can find the standard roles related to particular t code.
  User information system --> Roles --> By Authorisation values
  give S_TCODE in object1 field and press enter.Under transaction code, value field give FV50 and press F8. you can find all the roles related to FV50.
  These roles must be assigned to the users using PFCG transaction.
  In PFCG transaction, give the role name in the Role field and click change. Under user tab assign the user for which you want to give access to FV50.
  Normally basis consultants will derive Zroles from standard roles, and these standard roles are assigned to the users using PFCG transaction code.
  Please take the help of Basis Consultants, before assigning these roles to concerned users.
  Assign marks, if found useful.
  Hope this helps you...
  Regards,
  Praisty

• BW Roles and profiles Tables

  I would like to download a list of all users and what roles and profiles each has.  I did it once before but now I can't remember the table names.  Can anyone help?

  Hi,
  Roles:
  SAP_BW_DEVELOPER
  Profile:
  SAP_ALL
  S_BW_D____
  S_BW_D____1
  Authorizations are
  S_Rs_Admwb_a
  S_rs_adw_a
  S_rs_exp_a
  S_rs_wb_all
  Links for user roles:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
  For profiles and authorisations:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
  http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
  Also chk this link..
  http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
  screenshots..
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
  Hope this helps,
  regards
  CSM reddy