Restrict authorization for saving BI query bookmark on BEx Portfolio
Hi experts,
I would like to find a way to control the saving query bookmark functionality on BEx Portfolio. The problem is that every BI user can save in the BEx Portfolio which is observable to every user at global level. Is there a functionality to restrict the authorization so that only Power users are allowed to save bookmarks under BEx portofolio and where as non power user are allowed to access them
Thanks
Hi All,
i'm also having same requirement, please reply with solution if any one did it,
http://scn.sap.com/message/13836154
Thanks
Naga
Similar Messages
-
BASIS--to restrict authorization for a PO document type & 122 movement type
Dear All,
Plz guide me how to restrict authorization for a PO document type & for a movement type 122 i.e. for eg. if a user has authorization for PO document type IC then he should not be able to rum movement type 122 for any T-code he runs.
Thanks in advance
Arpit
BasisHi,
Your request was not too clear to me.. As per my unde
Here is some details of Authorization object related to Purchase Order:
Document Type in Purchase Order( M_BEST_BSA )
Purchasing Group in Purchase Order (M_BEST_EKG )
Purchasing Organization in Purchase Order (M_BEST_EKO)
Plant in Purchase Order (M_BEST_WRK )
Document Type in Outline Agreement (M_RAHM_BSA )
Purchasing Group in Outline Agreement (M_RAHM_EKG )
Purchasing Organization in Outline Agreement ( M_RAHM_EKO )
Plant in Outline Agreement ( M_RAHM_WRK )
This can be helpfull to you to restrict authorization to PO..
In Organization Level, it can be restricted by Purchasing group, Purchasing organization and plant..
Regards,
Sandip -
How to restrict authorization for OBC4
Dear all
How to restrict authorization for obc4( field status) for user id wise
Regards
nasaHi Nasa
You try to use the S_TABU_LIN object. With this object you can control access to tables (called from maintenance views, SM30 etc) based on the database key for the table.
And as far as I cant see, the OBC4 transaction is just a couple of maintenance views for V_T004V andf V_T004F.
You can find a small how-to [here|http://www.mhn-consulting.com/s_tabu_lin.html]
Regards
Morten Nielsen -
To restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Hi,
We have a requirement where we need to restrict authorization for tcode MEK1,MEK2,MEK3,MEK4 at plant level.
Presently we can restrict authorization at Purchasing organization level but not at Plant level.
Any pointer please!
Regards,
ChetanFirst of all, this is not the right forum to post such a question. Coming to the requirement, this can be achieved by creating a role in PFCG where you can restrict plant and assign this role to each user id. Your basis team can do this.
thanks
G. Lakshmipathi -
No authorization for the component (query name)!
Hello all,
when i am publishing the query in web, the following error message is displayed!
"No authorization for the component (query name)!"
i had installed and configured everything here, so the person responsible for authorization is none other than me. what i shud do now? shud i add any other authorization profile to the username created? or still any configuartion is required?
please let me know!
Thanks,
RaviHi ARK,
thanks for the info.
i had assigned SAP_ALL and SAP_NEW profiles to the user.
let me say clearly that when i am executing the Query in the designer it is working fine,no issues in Bex browser too. but when i want to publish safely exexuted query in web (clicking the button publish the query in web) i am getting the above mentioned error!
do suggest me what is the authorization profile that is needed to serve my purpose?
hope this time i am clear!
Ravi -
Restrict authorizations for payment item transaction
Hi All,
This is regarding authorizations for a banking system.
The requirement is the users need to be restricted for the following transaction based on the Bank Posting Area or the contract managing unit.
BCA_PAYMITEM_CREATE
When the user goes to create payment item the user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM. The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area
BCA_PAYMITEM_MAINTN
The user should be allowed to enter an account which has been created with the contract managing Unit ZSUM007 or Bank Posting area ZSUM .The user should not be allowed to go in for any other values of contract managing unit and Bank Posting Area.
I checked the transactions in SU24 and found only authorization object S_TCODE associated with the transcations BCA_PAYMITEM_CREATE and BCA_PAYMITEM_MAINTN.
Can someone please suggest a way to acheive this.
Regards,
Thamarai.Hi Shiva,
I tried assigning the org unit using PFCG ORGFIELD CREATE.
Now the org unit in pfcg shows Org. level Contract-Managing Organizational Unit (Encrypted) but there is no coresponding field in the authorization objects in the role.
Can you please help since the project is very critical.
Regards,
Thamarai. -
How to restrict authorization for MMBE
Hi,
I need to restrict the authorization for t-code MMBE according to plant wise. Can anybody tell me about the procedure and authorization object used.
RegardsM_MATE_WRK Material Master: Plants is the object that is used to control teh display of data at plant level in tcode MMBE
-
Restricting Authorization for a specific Info-object
Dear All,
I have a scenario where I have to restrict the account managers by specific channels.
I have 2 info-objects, Sold-to party and Sales Channel. Sales Channel is defined as attribute of the the Sold-To Part info-object.
I was exploring the BI authorizations concept in SCM 2007.
I created a authorization called "Test" and assigned the info-object Sales Channel in the authorization and restricted it for one value. This authorization along with 0BI_ALL I have added to the role under BI authorizations.
However in interactive demand planning, I cannot restrict by the sales channel. It allows me to load data for all the channels.
If I remove 0BI_ALL object, then I cannot load anything in interactive planning.
Does anyone have a step by step proceedure for using the BI authorization concept?
Regards,
KedarYes, 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) have to be made authorization relevant. For the info objects you want to use to control security, also make them authorization relevant in RSD1, imagine the object you want relevant is ZZ_VKORG (sales organization).
Then use RSCEADMIN transcation and 0BI_ALL will include the objects from above, copy 0BI_ALL into a object such as Z_1000 and then change the value for the specific info object that you want to control, imagine that you want sales org 1000 only to be allowed within Z_1000.
Now, you have 2 choices: You can use the normal security maintenance (SU01, PFCG) and you can asssign RSRS_AUTHBIAUTH and set BIAUTH requal to Z_1000 or you can use user maintenance directly within RSCEDAMIN and assign Z_1000 to the user. Either way, it becomes part of the authorization of the user.
You may find that you need to introduce colon authorization concept ( for mixed levels of data and that is just a matter of adding a second line to the allowable values and setting it like "EQ :".
Things to consider:
1. This authorization concept is water tight and will do everything you need, but will do at the expense that if you don't model it first, you will kill yourself trying to make it right. This becomes evident when you trace a security issue (via RSCEADMIN) because the way BI7.0 works is that it will build a minimized superset of authorizations, so it is best to know where you want to get to, rather than starting off by where you know you need to go.
2. To control change or display mode, you will need to influence 0TCAACTVT, even though you might think to use C_APO_SEL3 for ACTVT, the BI7.0 concept works within the BI space and 0TCAACTVT doesn't impact it.
3. If you activate more info objects, 0BI_ALL will get updated automatically but your custom authorization objecst will not. So, it is best to activate them all at the same time so that you don't have to manually change them.
4. Do the work in development and transport it to the TEST/QA/PROD environments, there are transprt tools within the RSCEADMIN.
This is probably enough to get you going, reply back if you have specific questions or issues.
I've been thru this in a painful way, sometimes the best things learned are learned the hard way -
Restrict authorizations for loads from HR to BW for certain data
Hi,
our customer wants protect some data in the HR productive system. This data are defined/restricted by certain personal areas.
It is not enough to use reporting authorizations in BW to restrict presentation in queries or use filters in infopackets during load to avoid this data.
The requirement is to make load of such data from HR to BW absolutely impossible, even BW administrator cannot see them and must not be able to load them.
We will probably have to somehow limit ALEREMOTE users authorizations in BW. I do not know how and I even doubt, that extractors in HR source system perform authorizations checks for fields.
Is there any way to do this?
Thank you very much,
PetrHi Petr,
Create a general enhancement program (restricted authorization) with generic name, which should be called dynamically for every datasource.
Refer-
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2d99121a-0e01-0010-e78c-b1ae566a2413?overridelayout=true
Not personally tested but check following.
In that program, you may try applying following logic:
1) You may need to use TYPE ANY field symbols
2) In While Loop until all fields of C_T_DATA checked, may be a counter based on total number of fields.
DELETE C_T_DATA where <TYPE_ANY1> EQ (OR use IN) specific value(s) of Personnel Area
DELETE C_T_DATA where <TYPE_ANY1> CS (Contains, check pattern) specific value(s) of Personnel Area
ENDWHILE.
Optionally: For Standard Daatsources in the same program you can add logic based on standard field only "WERKS".
Note: You may need to research on dynamic pointing using field symbols for every field.
Thanks
Arun Purohit -
How to customize the Save as dialog Box for saving Web Query???
Hello,
we are usnging SAP NW Portal and BI 7.0 (SP14).
We have published BI web queries in the Portal and it works just fine, now when the User select the Button "Save As" in the Context Menu of any web query, this will open a new Dialog Box name "Save As Dialog Box", so from this dialog box the user can select where to save the query, he/she have 3 options* to save qureies: My Favorites, Bex Portfolio and MyPortfolio, this also works fine.
My Quetsion is: How can i customize the View of this "Save As" dialog box, so at the end the User can only select 2 Options: My Favorites + MyPortfolio. So how to hide the Tab: Bex Portfolio in the Dialog Box.
Points for any good answer.
Many Thanks and Regards,
Nazih
Edited by: Nazih Kayyali on Feb 3, 2009 4:04 AMIn what you have posted, there is no reason it shouldn't work the same way in Acrobat 9. I would recommend that you submit your complete application to developer support.
-
Authorization for Create a Query
hi all!
I need that the users can have access to create queries but I don't have the authorization for this, could you tell me which object i need?
Thanks!Hi Carlo,
adding to Venkat, there is an other object called:
<b>S_RS_FOLD</b>
Display authorization for folder. This object is new in SAP BW 3.0.
With this the reporting user should only be able to see their Favorites folder and their assigned roles. They cannot look at other InfoAreas to which they have not been granted access.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh -
# sign gets saved in query bookmark
I have a query that has a plant (0plant) variable and i leave it blank when i execute it and I get data. I then do a save-as and a bookmark gets created.
When I execute the bookmark the variable screen comes up and there is a # sign in the plant variable field. Why is this happening? If I execute the query witht eh # sign I get no data.
Something is happening to put the # sign in the bookmark when it is saved. Anyone see this before?
MikeI have a variant in this query. The infoObject 0plant and the variant os_plant. All of the variants in this query are producing the # signs.
When I save-as and create a bookmark, then execute the bookmark I get # signs in the variable screen for all the variants in the variable screen.
I have another query that has 0plant in it with a variant mp_plant and it does not produce the # sign when I save the bookmark.
So I must have blanks in the plant field in the cube. That being said you are saying that I need to create a specific variant that only has the plant data that I want ... replacement path?
Only problem I'm wondering about is when I get rid of the blanks does the next value get populated in the bookmark? The bookmark should be saving the variable values that were selected and if NONE were selected then I should see nothing there.
Thanks for all your help.
Mike -
Authorization for a particular Query
Hi,
I have a query say "X".I want that query to be executed by an user say "Y".Now I want to restrict user "Y" to that particular query only.User Y should not be able to access/execute any othr queries except query "Y".
Could you provide me the detailed approch for this.
Thanks,
NeetuHi neetu,
are you using which system BW 3.5 or BI 7.0?
first create the role for with required authorization object then same to user.
RSD1 - maintain the authorization
PFCG- to create and maintain roles
RSECADMIN -To maintain analysis authorization and role assignment to user.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0b7acf2-6121-2e10-5591-eaec182d9315?quicklink=index&…
Authorization in BI 7 - Part 1
Thanks,
Phani. -
Restricting Authorizations for GL Account
Hi
We have created 2 profit centers in our company code (Profit Center 1000 and profit center 2000). User for both the profit centers are different. User1 is responsible for profit center 1000 and user2 is responsible for profit center 2000.
There are 5 bank accounts and we create separate GL accounts for the all 5 bank accounts. (1 main bank account and 2 sub accounts).
Out of 5 bank accounts, 3 bank accounts pertains to profit center 1000 and 2 bank accounts pertains to profit center 2000.
But by mistake user2 posts in bank of profit center 1. So i want to restrict the access of GL accounts of profit center 1000 to user2 and vice a versa. Please tell me how we can restrict the authorizations.
I tried with some field as "authorization group" in GL master data - FS00. But i am unable to use it properly. Please help me and let me know how to use "authorization group" in GL master data - FS00.Hello,
If it is a matter of authorization. the Atif's answer is right.
If it is a mater of validation.
To restrict G/L Account(s) with Profit center(s)
You need to use GGB0 Validation in Accounting Documents.
then you need to activate it through this path:
SAP Customizing Implementation Guide - Financial Accounting (New) - Financial Accounting Global Settings (New) - Tools -Validation/Substitution - Validation in Accounting Documents.
Note event is very important you can make it on line item level
Regards,
Edited by: Tarek Elkiki on Dec 11, 2011 10:51 AM -
Authorizations for Publishing a Query in a Role
Gurus,
I have S_USER_AGR (activity as: 01, 02, 03 06, 78) and S_RS_TOOLS as webpublish and Themes...but my users are not able to Publish a Query to a Role from Query Designer in a Edit mode, but they were able to add the Query to a Role using "Enter in Role" button from BEx pop up screen...what Authorizations I am missing in my role?
And also in QA and Production how can the Power Users can publish a Query or a Wrk book to a Role without editing a Query or Work book?
Can some one share their thoughts..
Thanks,
KKHi,
I also facing same issue in Query designer. Unable to publish the roles in query designer. It is showing no roles assigned to you error mesg. I have added this object and given the * values. Then the problem is solved.
Please user s_user_agr object with activity * and values *. They will get access to publish to roles, portals and broadcasting in query designer.
Regards
anil.
Maybe you are looking for
-
To find highest occurecnce of word in a any text file
hi i have to submit this program to tomarrow morning in a company.this is part of technical round.so pls give suggestions how to write.if possible send code ok
-
New iMac on the way - need reassurance!
Wow! I just found this forum and I'm dumbfounded. I finally decided to go with an Apple product after reading all of the glowing reviews and references to "life beyond the PC". I have a new iMac 24 on the way and holy c**p, I'm freaked. I read throug
-
My iPhone 5 is stolen, but luckily I had Find My iPhone enabled on iOS 7. The device is currently online(cellular is on) but location services are off. Is there any way to track its location. Furthermore, if I turn on the lost mode and the thief turn
-
hi everyone, i've send 2 messages to someone who whas not one of my contacts on skype,didnt knew he couldnt read them. now he send me a friendrequest. Now my question is:If i accept him, can he then read those messages, wish are still on our chatbox.
-
Ok, I'm nearly 60 years old so I guess my learning abilities are decreasing. I'm trying to learn both FinalCut and Motion and am in my first project for a client. Part of it involves moving four images across the screen (school report cards) at diffe