Transport of Security objects in BPC 7.5NW

As a part of NW BPC transports, changed the entries in table UJT_TRANS_CHG. For the 1st transport (from DEV to QA)wanted to transport ALL objects including Security and Teams. So, selected 'Development' for ALL objects under this table.
After the transport collection via tcode UJBPCTR and importing into QA, found that 'Users', 'Teams'  and 'Task Profiles' did NOT transport. 'Member Access Profiles' did transport to QA.
I expected 'Users', 'Teams'  and 'Task Profiles' also to be transported. We are on SAP BPC 7.5NW, SP4.
Am I missing something here ?
Thanks in Advance.

Hi
we had the same problem and didn't know if Security objects could be transported, but we found the BPC User Mass Management Tool.
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/d0cdbccf-0def-2d10-298d-f4223de9a6ed&overridelayout=true
This could help you to export the security objects in DEV and import the objects in PRD.
The transports you need for the ZUJE_MASS_USER_MGMT   Programm you found on page 46 in the document mentioned above.
Please let me know if we could help you.

Similar Messages

  • Only want to transport security objects in BPC

    Hi,
    I only want to transport Security objects in BPC from DEV to QAS
    Is it possible ?
    I setup the UJT_TRANS_CHG table entries in DEV the following way -
    - Security - Development
    - All others  - Production
    Will that work ? Is it going to mess up anything in QAS system ?
    Do I need to have the same setup in QAS system also ?
    Any help would be highly appreciated.
    thanks
    J

    Basically what it is saying is that you always need to have the following TLOGO objects in the UJT_TRANS_CHG table set to "Development".  This is required by the framework,  If they are not set this way, you run the risk of messing up the objects in the target system.  Also, I bellieve that as of SP7 and above, you don't have to worry about this, as these 4 TLOGO are harded coded in the framework to always be triggered regardless of the setting in the UJT_TRANS_CHG table.
    ASET
    APPM
    DIME
    DIMA
    So again, all you need to do is make sure that these TLOGOs are set to Development, as well as the security ones, and the security data will be transported successfully.  Remember that you must transport your UJT_TRANS_CHG records to the target system before transporting the AppSet.
    Regards,
    Rich Heilman

  • Deactivated objects after transport of Analytics Security Object

    Hello Experts,
    We made a release Upgrade to 7.3. To garantee the access to our reports I implemented a lot new Analytics Security Objects. In our development system they are all activated. After transporting them into the quality system, all of them are deactived and not usable.
    Do you have any ideas?
    kind regards
    Frederike

    Hi Sujai,
    Just check is your ODS object Locked or any process job is running on it.
    Was your transport successful.
    Thanks
    CK

  • Security Objects Migration(UJT_TRANS_CHG)

    Hello All,
    In BPC 7.5NW, during appset migration, does only security objects, Task profiles and member access profiles get migrated? Do teams and users do not get migrated? Also in UJT_TRANS_CHG, if I set TLOGO:SECU to P, will it not transport even the member access profiles & task profiles?
    Is the best practise to maintain them in Prod Environment? I also see that a HTG exists to mass download and upload security information across landscapes. I can probably use that for teams & users.
    Please advise.

    Hi,
    The security profiles overall don't get transported properly. Some of the suggestions could be:
    - You could have the setting in UJT_TRANS_CHG as 'D'
    Like you mentioned about the mass user management guide, if you have all the users, teams and the required profiles ready with you, you could add them in your development system , test them thoroughly and use the tool mentioned in the guide to transport across.
    - There is also some inconsistencies if you want to transport reports & schedules assigned to the team folders. Not everyhting gets transported. You need to check the settings in the config table UJT_TRANS_FIL.
    If you look at this table, this may probably have nothing for 'SECU'. This probably explains to some extent about the security related incosistencies.
    Better option would to maintain them in P if you dont have all the secuirty related things ready now. For testing some task profiles and member access profiles, you could create them in D and can also use the tool to transport.
    Note: Please refer to the latest version of the user management guide.
    Thanks

  • Analyzer Security for SAP BPC 7.5 SP6

    Hi ,
    We have recently installed Analyzer add-in on our excel for Adhoc reporting on SAP BPC 7.5 SP6
    But analyzer is not considering the data security restricted for specific region.
    For eg: If a planner is assinged to EUROPE planning role and when he creates reports using analyzer he is able to see the data for all the regions(NA,EMEA,ASIAPAC).
    Is there anyway we can restrict the planners to see the data relevant to their role in Analyzer.
    we had a look at security in Admin client. Is there anyway to handle this.Thanks much.
    Regards,
    Sanjeev

    Hi,
    You can use Bex analyzer for detailed reporting. Both the analyzer and BPC reports can be connected using the normal excel functionalities (in a single excel workbook) so that BPC CV selection will be fed into Bex as variables and relevant data records are displayed in Bex reports. Performance of Bex analyzer is slow. That is one of the main reason it was replaced with BO reporting tools.
    If you are using BPC 7.5NW, then there is a standard functionality called DRILL THROUGH. Using this functionality you can drill down to detailed data in BW.
    Bex and BPC have different authorizations. You can maintain authorizations in BW roles and try to manually replicate same authorizations in BPC (there is also a how-to doc on automating this synchronization).

  • Using a variable in an allocation routine in SAP BPC 7.5NW

    Below is a very simple BPC allocation routine I wrote.  The data originally sits on a dummy profit center and needs to be allocated to all itu2019s relevant profit centers. These relevant profit centers can be derived from the profit center hierarchy (BPC_ + ID of entity).
    When I hardcode the Profitcenter and the entity, the routine works (as below). But what I really want is that it works variable as in the line that I commented out. Any idea whether this could work (BPC 7.5NW)  ? If not, I am afraid I need to go to ABAP, which is really a pitty
    //ALLOCATION PROCEDURE CONVERSION RATE
    //=====================================
    *RUNALLOCATION
    *FACTOR=1
    *DIM SEBACCOUNT WHAT=CONV_RATE; WHERE=<<<; USING=<<< ; TOTAL=<<<
    //*DIM PROFCENT WHAT=DUMPC; WHERE=BAS(BPC_"%ENTITY_SET%");USING=<<<; TOTAL=<<<
    *DIM PROFCENT WHAT=DUMPC; WHERE=BAS(BPC_OKB);USING=<<<; TOTAL=<<<
    *DIM ENTITY WHAT=OKB; WHERE=<<<; USING=<<< ; TOTAL=<<<
    *ENDALLOCATION
    Thanks
    Nico

    Gersh,
    It works now. I have implemented the below code (ENTITY needed to contain the variable as well). The relationship profitcenter and entity is very important as it derives the relevant profitcenters from the profit center hierarchy (e.g. all profitcenters under the legalentity node).
    //ALLOCATION PROCEDURE CONVERSION RATE
    //=====================================
    *FOR %ENT% = %ENTITY_SET%
    *RUNALLOCATION
    *FACTOR=1
    *DIM SEBACCOUNT WHAT=CONV_RATE; WHERE=<<<; USING=<<< ; TOTAL=<<<
    *DIM PROFCENT WHAT=DUMPC; WHERE=BAS(BPC_%ENT%);USING=<<<; TOTAL=<<<
    *DIM CATEGORY WHAT=FCSTCUR; WHERE=<<<; USING=<<< ; TOTAL=<<<
    *DIM ENTITY WHAT=%ENT%; WHERE=<<<; USING=<<<; TOTAL=<<<
    *ENDALLOCATION
    *NEXT
    Thanks
    Nico

  • BPC 7.5NW Report Issues When Requesting Year To Date Data

    Dynamic reports built with 2 row expansions (Cost Ctr, Account) up to 3 columns (not expansions, set to different categories with excel formulas for variance calculations...Act vs. Bud for example) result in error messages (error retrieving data and another related error messge) when requesting YTD data vs. Periodic data.  The report runs fast and properly with Periodic measure.  When running with the YTD measure, attempts to reduce the report data volume by removing comparative categories and removing formatting (after ranges) still results in YTD data retrieve errors.
    Has anyone else had similar issues with BPC 7.5NW, SP9, and YTD data not pulling into reports?  What are the common causes for issues with YTD data retrieval?  Given the design by SAP of the BPC NW product and promotion of using BPC for both Periodic and YTD data, should I expect this report to work properly, meaning that I can get output with YTD data without long runtimes or errors that result in terminating the report?  Thank you.

    Hi,
    This would do it :SQL> !cat q.sql
    with t (dt, val) as (
         select to_date('2011/01/04','yyyy/mm/dd'), 123 from dual union all
         select to_date('2011/04/09','yyyy/mm/dd'), 234 from dual union all
         select to_date('2011/06/28','yyyy/mm/dd'), 345 from dual union all
         select to_date('2011/10/18','yyyy/mm/dd'), 456 from dual union all
         select to_date('2011/12/23','yyyy/mm/dd'), 567 from dual union all
         select to_date('2012/01/07','yyyy/mm/dd'), 678 from dual union all
         select to_date('2012/05/13','yyyy/mm/dd'), 789 from dual union all
         select to_date('2012/07/19','yyyy/mm/dd'), 890 from dual union all
         select to_date('2012/08/30','yyyy/mm/dd'), 901 from dual union all
         select to_date('2012/09/22','yyyy/mm/dd'), 012 from dual
    ------ end of sample data ------
    select *
    from t
    where dt >= trunc( add_months(trunc( &&dateexec. ,'month'),-1) ,'year')
    and dt < trunc( &&dateexec. ,'month')
    undefine dateexecThe dateexec parameter is just here to "simulate" sysdate of different points in year.
    <i>(your actual query would have sysdate where the dateexec parameter appears)</i>
    SQL> @q
    Enter value for dateexec: sysdate
    DT                         VAL
    07/01/2012 00:00:00        678
    13/05/2012 00:00:00        789
    19/07/2012 00:00:00        890 sysdate does the current year up to previous month.
    SQL> @q
    Enter value for dateexec: to_date('20120122','yyyymmdd')
    DT                         VAL
    04/01/2011 00:00:00        123
    09/04/2011 00:00:00        234
    28/06/2011 00:00:00        345
    18/10/2011 00:00:00        456
    23/12/2011 00:00:00        567when ran in january, it retrieves all the previous year.

  • Error in Transport the info object

    Dear all,
    i am trying to transport  the info object 0CM_CTAR
    during transpot i am getting the error as
    Characteristic 0CM_CTAR: Unit 0UNIT_DIM no allowed in compounding
    but i checked in development i  not got any error but when i am trasport iam getting error.
    Regards,
    siva.

    HEllo,
    Please see these OSS Notes
    1139547 - Transport of InfoObjects RC = 8
    1100575 - InfoObjects: Using units in compounding
    The other way is to use a Z* object referenced to needed unit object  in the compouding,
    Regards,
    Shashank

  • How to create transport request in object transport

    How to create transport request in object transport from server to server
    thanks in advance
    arya

    hi,
    when ever u r creating any object in devlopment and saving it will ask for request.create request and release in se09.
    put mail to basis people to transport ,thy will transport using STMS transaction.

  • Service Entry Sheet in ECC 6.0 shipment costing security object?

    Does anyone know what security object is being checked during service entry sheet creation?  When I run the shipment cost create process in foreground (RV56TRSL) VI04, the program creates and settles the shipment cost, but in background only the shipment cost doc creates the settlement remains open (status A) and I get a message:
    You have no authorization for this transaction with movement type 101
    My assumption is a different object is being called in background versus foreground but my traces are not showing me anything useful. 
    thank you

    Shipment settlement in ECC 6.0 requires the users to have some version of the MIGO object to prefrom the goods movement.  this is a change from 4.7 and prior.

  • HTTPS (Transport Level Security)

    Hi SDNers,
    I have a question regarding securing a SOAP Sender scenario using HTTPS. We are on PI 7.11 and have a SOAP-PI-RFC scenario. I have used a HTTP Sender instead of a SOAP channel to configure the option of 'HTTPS without Client Authentication'. I have generated the WSDL for this and tested successfully using SOAP UI.
    But our client needs a SSL certificate for this. As far as I understand SSL certificates are used only for message level security. But here they are OK with just transport level security. Do we need any certificates in this case? Please clarify.
    Another question I have is, is there any way of using HTTPS (transport level security) using SOAP Sender adapter? The option of 'HTTPS without Client Authentication' is not available anymore from PI 7.1 SP1 onwards. That is the reason I used a HTTP sender adapter.
    Any help is much appreciated  <text removed>
    Thanks & regards,
    Sudheer
    Edited by: Matt on Oct 12, 2011 6:49 AM

    Hi Abhishek,
    I am not able to see that option in the SOAP Sender channel configuration. Besides, the help link from SAP also does not show this option.
    Here is the link for EHP1:
    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/3555240bea31c3e10000000a42189d/content.htm
    and here is the link you gave,
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/fc/5ad93f130f9215e10000000a155106/content.htm
    Clearly, both are for configuring the sender SOAP channel, but the options are different if you notice.
    I am not able to understand where I am going wrong.
    Appreciate your quick response.
    Regards,
    Sudheer

  • Unable to transport Integratin Builder objects from Dev to QA correctly

    Hi,
    System : Pi 711 SPS03
    SLD 7.1 with  latest model and content
    We are trying to transport Integration Builder Objects from Dev to QAS, but the SID translation from DEV to QAS is not working.
    The interface is being imported as the source SID.
    We checked the SLD configuration for Transport targets, that is when we realised the below issue.
    Unable to Assign Business Systems in respective Business System Groups
    The expected configuration of the SLD is as below:
    UKD_400  - Integration Server for Dev PI 711 server
    INTEGRATION_SERVER_UKQ - Integration Server for QAS PI 711 server
    XI_QA - Business System Group for all Quality Systems in the landscape
              1) UKD_400
              2) UC1_ECC_60
              3) UED_400
    XI_DEV - Business System Group for all Developement Systems in the landscape
              1) INTEGRATION_SERVER_UKQ
              2) UC2_400
              3) UEQ_400
    We are unable to put the business systems in their respective groups
    All the Business systems are either being assigned in XI_QA or XI_DEV
    Please let us know if this is a product error in SLD 7.1, could not find any relevant notes
    Thanks,
    Govind
    Edited by: Govind Prathi on Feb 12, 2010 10:25 PM
    Edited by: Govind Prathi on Feb 12, 2010 10:27 PM

    We  have already  assinged the Integration server to their respective business system groups while creating the Business system groups.
       BSG: XI_DEV --> UKD_400( Integration Server DEV )
      BSG : XI_QA  ---> INTEGRATION_SERVER_UKQ( Integration Server QA)
    As per documentation, the business systems should be automatically assigned to their respective Groups based on their association with Integration Server.
    But, we are not seeing this behaviour, both the Integration servers are being assigned to the same Business System Group.
    Please help me understand if i am something in the configurations.
    Thanks
    Govind

  • DMS security object c_drad_obj

    Hi DMS Gurus,
    I'm hoping someone can help me.  I've been testing different scenarios all day and just did a web search to see if anyone has posted anything about this in the past.  I came up with zero on both counts.
    We are new to DMS at my company.  Our objective is to give some users full access to DMS and others no access.  I have found that our existing user roles already pull in Document Management security object CV, I think because the user has access MM03.  For example our sales role has the c_drad_obj object assigned, but we don't want this role to have access to DMS.  No matter what I change the options to in the security object, it doesn't have any effect.
    I was under the impression that I can restrict the activity / document type / linked SAP object / document status in the c_drad_obj object.  But as I previously said, no matter what I set these to, even to disable the object itself, it doesn't seem to matter.
    Thanks for your consideration.
    Regards,
    Julie

    You do realize that C_DRAD_OBJ is relevant only for Object Links stored in table DRAD? Not all documents will have Object Links. See Authorization Objects for Documents - Document Management - SAP Library for details on DMS authorizations. The main table for documents is DRAW.

  • Security object for check against Lab office in DIR

    Hi,
    We are running R/3 46C and use DMS to store our business documents via online vault. I have a requirement to set up access based on Lab office (department) that is used in the Document Information Record. Is there a standard security object that I can use in security roles to build this.
    Any info would be appreciated and rewarded.
    Regards
    Nirmal

    Your best option would be to use a user exit, for example badi "document_main01" "before_save" to populate the auth. group field, and then use normal roles/profiles to check on auth. group.
    Regards,
    Espen
    Please reward if useful.

  • Transport Layer Security Cipher Suites in Safari

    Does anyone happen to know which Transport Layer Security (TLS) Cipher Suites Safari 4 supports?
    Specifically, does it support the Elliptic Curve suites from RFC 4492? How about AES?
    Thanks!

    Hi,
    i`m only aware that SSL is supported. If you need an official Statement i would recommend you open an OSS Message with the SAP Support.
    Regards
    -Seb.

Maybe you are looking for