Roles and authorisations in SEM BW

Hi All,
Our SAP SEM lies in BW, Business Planning and Simulation. I have configured everything, but now i want to create roles and authorisations which point to specific planning folders. How do I do that? I understand we do not use the standard transaction PFCG to create roles in BW SEM, what transaction do I need to use? May I get a little bit of detail from the transaction to the point at which i specify a certain role for a specific planning function or planning folder.
I will really appreciate your help.
Regards,
Tatenda.

Hi,
please use the search function and read the great number of threads regarding this topic.
The SEM-part of SAP has a lot of role-stuff for authorsation (via PFCG) but also BW-authorisation which is done via "rsecadmin". Actually, forget pfcg because you can click on pfcg in the rsecadmin, so you never have to go back to pfcg anyway.
The BW-authorisation is created via rsecadmin, as i said, and included to a role via pfcg in the object S_RS_AUTH.
For example someone needs the reporting-auth for one company. You create via rsecadmin a BW-auth-object, call it "comp_01". Include there the infoobject 0COMPANY (if you use that one) and include the special infoobjects (there is a button on the top). Then go in rsecadmin to the tab User and switch there to PFCG.  Select/create a role, put the S_RS_AUTH in there (and maybe if needed the BEx-Query stuff) and then type in that BW-auth-object "comp_01". That's it.
btw: Roles are only for the application, the BW-Auth is for infocubes, infoareas, infoobjects and so on...
Best Regards

Similar Messages

  • Profiles , roles and authorisations

    hello all sap greats,
                                i have a problem in understanding about the hierarchy of profiles roles and authorisations
    PROFILES(as it constitutes of roles)
          I
          I
    ROLES(as it contitues of authorisations
          I
          I
    AUTHORISATIONS

    Hi ashish,
    Check this link
    http://help.sap.com/erp2005_ehp_03/helpdata/EN/52/671285439b11d1896f0000e8322d00/content.htm
    Regards
    Ashok

  • Roles and authorisations in SAP BI...

    CAN ANY ONE EXPLAIN ME THE ROLES AND AUTHORISATIONS IN SAP BI /BW...???
    THANKS IN ADVANCE...

    Hi Anand,
    Refer these links from help.sap.
    BI Authorisations
    http://help.sap.com/saphelp_nw2004s/helpdata/en/be/076f3b6c980c3be10000000a11402f/frameset.htm
    BI Analysis Authorisation
    http://help.sap.com/saphelp_nw2004s/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm
    Regards,
    Hari

  • Regarding Role And Authorisation

    Hello Experts,
    I have got a request today from my help desk asking for , they are having some problem when they use some SD t.codes, they don't ahve authorization, so basis team is asking me to give the objects they can access and they are allowed to change or delete like this, for exp when they want o modify material  they want are not able to see for some pants.
    how can i achive this, how can i make sure the roles of two peopel are same i mean able to access same objects.? pls help urgent
    thanks
    Sundu

    hi,
    u can do this with the use of Tcode su53.
    when the user uses any tcode n he gets an message tht he is not authorised then u go to tcode su 53 immediately after tht transaction, then an Authorisation object appears in tht screen just give the same to ur basis person n tell him to give authorisation of that object to tht user id with the necessary permissions.
    Regds,
    Laxmikant

  • Roles and Authorisations

    Hi Freinds,
    I have a question
    For example
    A) I have company code with several company codes and under one company code several Profitc centers and under one profit center many Gl Accounts.
    My question is...
    I know that we can restrict users on company code , i want certain users to give company code and particular profit centere and further drill down particula Gl account.is it possible.
    do we need create many roles for this...can any one give me an idea about this
    Thanks in advance
    Reg
    Ram

    Hi,
    You can do this...but will have to carefull design your reports later on for that so that this kind of authorization work can be supported.
    For these you will have to define all these objects as authorization relevant.
    Try to create different authorization objects in RSECADMIM with the values for each char which you want.
    In the end you will have as many roles for every combination set which you want to create
    Assign users accordingly to each role.
    So 1 comany code -> 2 profit centers->10 GL accounts =1 authorization object.
    asign it to one role.
    Now if you want various combination to go together then you can assign the different authorization object to one role.
    Thanks
    Ajeet

  • Table whihc contains the roles and its authorisations

    i have to view all the authorisations and the roles in which they are present .
    Please let me know the table for the Same

    Hi,
    From table AGR_USERS , you can see the roles corresponding to any user.
    From table AGR_TCODES, you will get the tcodes corresponding to any role.
    Hope this solves your problem
    Well this will tell you the roles with respect to the users.
    Also you can into transaction PFCG and search the roles, go to change mode for that particular role and there under authorizations see the objects clicking on change authorization objects.
    reward with points.

  • Implementing roles and rules based authorisation with Azure AD

    Hi all,
    I would greatly appreciate some input on feasibility and patterns I should look at for a complex technical requirement that I am currently tasked with designing.
    We have a system that comprises a web and mobile app. In the past we have implemented session based authentication through ADAM and authorisation through custom business rules contained within the applications. The authentication mechanism is in the process
    of being migrated to Azure AD and authorisation is planned to be moved to Azure AD for our next release.
    Existing authorisation within our web application is already complex. We have users that belong to different groups with a range of permissions such as read, write or admin. Additionally each user is granted access to N customers and also N locations within
    each customer. We have a requirement that any number of combinations of customers and locations be supported. Users also need to have different permissions for each entity, i.e. read access to customer 1 location 2, write access to customer 4 and administer
    customer 7. Currently these privileges are maintained within a relational database and enforced as part of each PageLoad(). Essentially this is a combination of roles and rules based authorisation.
    We are struggling to represent this complex matrix structure within Azure AD and efficiently implement the authorisation decision in Azure AD. The driver for this technical requirement is to provide re-usability of the authorisation component to other (as
    yet unidentified) applications.
    Currently the best option we have come up with is implementing custom attributes for each class of permissions and storing within this 2048 bit field a bitmask that represents whether this permission is granted for a given location (which has a many to one
    relationship with customer).
    Any help or comment would be gratefully received,
    Phil

    Hi
    When "Advance routing" is used for Task assignment; the task service asserts the folllowing fact types : Task, PreviousOutcome and TaskAction to the rules engine. These facts gives all the reqd info about the task (like outcome of the participant, task stage .. etc)
    Now in the defined ruleset; we can have rules as per our requirement that can extract info from the asserted fact types and assign task to the required/next participant.
    Also note that we write the advance rules for exception cases only.
    For example; let's say all participants have 2 possible Outcomes [COMPLETE, RECHECK]. We have defined the ideal task routing flow as :
    Participant A -> Participant B -> Participant C. This is the flow when all participant selects "COMPLETE"
    Now suppose B selects outcome as "RECHECK" then the task shld move back to A. So for this case only we need to write a advance rule.
    Pls refer to the code sample at : http://download.oracle.com/technology/sample_code/hwf/workflow-106-IterativeDesign.zip
    Also dev guide : refer to section 28.3.7.2 http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10224/bp_hwfmodel.htm#BABBFEJJ
    Thanks
    Edited by: Kania on May 19, 2010 2:41 AM

  • How to create SCATT to Create and generate Role with Authorisation Data.

    Helo Guru's
    Please advice ..How to generate Roles using SCAT sript.
    I created scat script to create Role and add tcodes ..But not able to generate Profles using SUPC...
    Is it possible to create Authorisation Data using scat scripts ....or we need to do it Manually
    Thanks

    Hi,
    You can't use CATT scripts to create roles and populate authorization data, since the organization values/authorization objects/ and field values differs from one to the other role.
    However, you may use CATT scripts till creating the role, and adding the transaction codes, but every role should be maintained individually.
    Hope this clarifies!
    Regards,
    Raghu

  • Role based authorisations in the Integration Directory

    We have built a new PI landscape (Pi 7.11) and worked with our security teams to perfect the various roles. I am now attempting to implement role based authorisations in the ESR & ID so that objects in our QAS and PRD environments can be configured but not deleted or created.I have implemented role based authorsations as per the SAP standard process performing the following actions
    Exchange profile com.sap.aii.ib.util.server.auth.activation was set to true and the Java Stack Restarted.
    I created a role in the ID that allowed editing of any object.
    I assigned the role to my userid in NWA useradmin
    I am unable to edit ANY object in the ID
    When I set the Exchange profile parameter to false I found I was able to edit any object in the ID.
    So its obvious that the Exchange Profile Parameter does make a difference. However, it doesn't appear as if the role I created is being referenced, even though I assigned it to my account in NWA user admin. I looks like I may be missing some exchange profile parameters. I have the following exchange profiles set:
    IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.util.server.auth.activation (string) = true
    IntegrationBuilder.IntegrationBuilder.Repository com.sap.aii.ib.server.acl.enable (boolean) true
    IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.util.server.auth.activation (string) = true
    IntegrationBuilder.IntegrationBuilder.Directory com.sap.aii.ib.server.acl.enable (boolean) true
    Any advice you can offer would be appreciated

    Resolved this issue.
    The documentation is confusing but finally found the answer by referring to the SAP XI 3.0 documentation.

  • RFC Sender - Logon User - What Roles and Authorizations?

    Hi,
    Scenario: RFC Sender --> XI --> JDBC
    What necessary Roles and Authorizations has to be given for Logon User (in Sender RFC Communication Channel).
    It has to be moved to production soon. My Client wants to give only Roles and Authorization that are necessary for the Logon User.
    With Regards,
    Manikandan R

    Hi ,
    U need to give ECC Authorisation
    Application server : ECC Server
    Sytsem no : ECC system number
    Logoon User : ECC any username
    password : password for above user
    clientr : ECC client ( From which client u are sending to RFC adapter)
    Regards,
    Jayasimha jangam

  • Diff.between BW and R/3 roles and authorizations

    Hi Experts,
    Please any one let me know is there any difference for creating roles and assigning authorizations in BW and R/3 systems.
    Please let me know the BW related T-codes
    Regards,
    Reedy V.

    What version of BW? Are you using BI7 analysis authorisations.
    BI7 - go [here|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce]
    If using BW 3.5 or another similar version then build your roles in PFCG and assign to users in SU01
    There is more to it which you can find [here|https://service.sap.com/SECURITY] (sorry for the poor link Bernhard ) under category SAP Business Information Warehouse Security Guides
    Edited by: Julius Bussche on Jul 8, 2008 12:34 PM
    Formatting and link corrected
    Thanks Julius!
    Edited by: Alex Ayers on Jul 8, 2008 2:10 PM

  • Compliance Calibrator Design - Roles and Profiles

    Hi guys,as you know SAP's authorization concept involves generation of Roles into Profile before it can be assigned to a User. In CC, i wonder why is there a need to segregate Roles and Profiles into 2 seperate functions. Isnt it already sufficient to analyse roles instead of profiles? Profile are names which is too technical which i feel should be omitted unless really necessary.
    Well, unless it is to cater for indirect assignment where profiles are granted to position/org unit etc... I will also be trying out whether there is a difference when you only batch analyse a Role and intentionally excluding the 'profile' whenever a new role is created. Will the system work fine when i do a role analysis?
    Cheers!

    I agree that profiles are old fashioned and should be phased out.  The system has to stop people from being able to maintain profiles directly and assign them directly before they do this though.  SAP_ALL etc can be converted and assigned as a role.  It would make the whole authorisation concept just that little bit easier.  We are talking about a German company though!
    Also, you don't need profiles for indirect assignment.  You can relate roles to the position using PFCG!  Click on the organisational management button on the user-tab, next to the user comparison button.
    Using profiles (ie, maintaining directly and assignment) is highly recommended against.

  • Roles and Workbooks

    Hi,
    How to create a Role and make it available for the end-users so that they can share the workbooks among themselves. Right they are allowed to save only under favourites, which are not visible for all.
    What kind of security or authorisations or setting, that should be done in order for the role to be seen in the query/workbook save window.
    Any help would be appriciated
    Thanks
    Ace

    Hi Ace,
    The roles created for users to save workbooks into are dummy or empty roles. The way this is managed is that workboosk relevant for a group of users are stored under this role, and then the role is assigned to different users accordingly. Usually all users are not given the ability to save into a role. All are allowed to save to favourites and a few can create workbooks and save them to roles.
    As an otion for users not allowed to save workbooks ot roles, yet needing to share them, the workbook can be saved as an Excel file and emailed. The receiver can then log into BW and refresh the data.
    Hoep this helps...

  • Roles and Authorizations

    Hi Gurus,
    How can i find that which role to added to one's profile to give him the access of Document Parking(FV50)?
    Please let me know the procedure of finding the roles, so that it can be assigned to user's profile to give the access.
    Thank You
    Regards,
    Mohit Verma

    Hi Verma,
    In SUIM transaction you can find the standard roles related to particular t code.
    User information system --> Roles --> By Authorisation values
    give S_TCODE in object1 field and press enter.Under transaction code, value field give FV50 and press F8. you can find all the roles related to FV50.
    These roles must be assigned to the users using PFCG transaction.
    In PFCG transaction, give the role name in the Role field and click change. Under user tab assign the user for which you want to give access to FV50.
    Normally basis consultants will derive Zroles from standard roles, and these standard roles are assigned to the users using PFCG transaction code.
    Please take the help of Basis Consultants, before assigning these roles to concerned users.
    Assign marks, if found useful.
    Hope this helps you...
    Regards,
    Praisty

  • BW Roles and profiles Tables

    I would like to download a list of all users and what roles and profiles each has.  I did it once before but now I can't remember the table names.  Can anyone help?

    Hi,
    Roles:
    SAP_BW_DEVELOPER
    Profile:
    SAP_ALL
    S_BW_D____
    S_BW_D____1
    Authorizations are
    S_Rs_Admwb_a
    S_rs_adw_a
    S_rs_exp_a
    S_rs_wb_all
    Links for user roles:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/6714b6439b11d1896f0000e8322d00/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/42/271d24d86211d2961a0000e82de14a/content.htm
    http://help.sap.com/saphelp_nw2004s/helpdata/en/e4/15e48efd6c11d296430000e82de14a/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/d3/559a4271c80a31e10000000a1550b0/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/4e/52b74065448431e10000000a1550b0/frameset.htm
    For profiles and authorisations:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/52/67151e439b11d1896f0000e8322d00/frameset.htm
    http://help.sap.com/saphelp_erp2005vp/helpdata/en/20/efcbfed8a511d397110000e82de14a/frameset.htm
    Also chk this link..
    http://www.bwexpertonline.com/archive/Volume_04_(2006)/Issue_10_(Nov_and_Dec)/V4I10A2.cfm?session=
    screenshots..
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    Hope this helps,
    regards
    CSM reddy

Maybe you are looking for

  • Vista Home Premium SP1 x64 & Photoshop Elements ?

    Hi all, Does any one know if there are any plans in the works to make Photoshop Elements compatible, and take full advntage of 64 bit technology both in Vista and XP? Sure would be nice to take advantage of that 8GB of memory I have. Thanks, John

  • Mail Service is strangely interrupted

    Hello everybody, since the Upgrade from 10.7 to 10.8 the mailservice isn't working like it used to. After the Upgrade Mail-Application on the Apple-Laptops show a green dot when verifying connectivity but the users can't send mails any more Some inte

  • Problem using XSLFO

    I am trying to use a java servlet that uses XSLFO to produce a PDF file. I am getting closer but am having a problem still. I no longer get any transformation errors in my java servlet so I think I am creating the transformation correctly. I am getti

  • Safari can't re-install

    When I try to re-install Safari it says I need mac osx 10.5.2 or later. In this picture it shows I have 10.5.4. Can someone help? http://i213.photobucket.com/albums/cc170/higher43/Picture1.png

  • MM_openBrWindow - using variable in path

    Hello, If I have done this: <script language="javascript"> var large="/graphics/00000001/main.jpg"; </script> How would I write the MM_openBrWindow to use that variable? So normally it is like this: <a href="javascript:;" onClick="MM_openBrWindow ('i