Adding authorization objects to Report Painter reports

Similar Messages

• Manually added Authorization object

  All ,
  What is the impact for manually added authorization objects in the roles after the system upgrade??

  My 2 cents, since I don't see any replies.
  I try to avoid manual auth objects on a role as much as possible.  One problem with manually auth object is in PFCG, it will not give a reference to what transaction the auth object came from.  Unless thoroughly documented this can be an audit issue. 
  In regards to upgrades, I don't this it will have any affect.  It is usually the tcodes that are affected.

• Adding authorization object for "Function Group"s ?

  Is it possible to add any authorization object for any function group ?
  We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
  Function Group you can check through SE37->GoTO->Display Function Group
  Now is it possible to add authorization for any "Function Group" ?

  You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
  However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
  In this case, add only the function group that the user requires in this instance into S_RFC

• How can I run graphic object on report. ( I got REP-1246 Chart not found)

  Hi All,
  I made a report that consists a chart object. When I run it on report builder, it works well. But When I call the report from client side, I got "Rep-1246 Char Document not found" . I tried to solve it , I couldn't solve the problem . If I delete chart object from report , then report works well on client side. I didn't use graphics builder to create graphs I used only report builder to do it. I read the threads about it , but I couldn't find the solution. All solutions are about path of graphic file. I don't understand it. Because I only have *.rdf *.rep file. There is no any graph file in my system. I can create it in graphic builder but I don't know how can I deploy the graph object into report layout and run ?
  I need urgent help ..
  Thanks in advice
  Suleyman

  Hi again , I used developer 2000. In order to show graphic object on report firstly
  I created my graphic object on oracle graph builder.After that I save it like mygraph.OGD . Then I added graphic object on report builder by using graphic object on report builder. When you click the graphic object you will see CHART FILENAME part in part of CHART. In this field , you should add graphic file path that you created on graphic builder. I added mygraph.OGD into this filename part. I worked well.
  Good LUck !

• Assign authorization objects

  HI ,
  1. When i create new set of WS do i need to create to them authorization object ?
  2. if i create new set of users from scratch in the system and i want to provide to them one role that
  I create and contain for instance all the report and transaction that i want to provide,
  do i need to add to them another authorization objects ?
  3. if i create authorization object in the system how i add it to certain role ,i don't see these
  option in PFCG.
  Best Regards
  Michael

  HII,
  Yes u can aad  other authorization object to the existing role if the role needs it because user is unable to perform any task releated to it because of missing authorization object after seeing it in su53 because sometimes tcode assigned but corresponding authorization is not added by system automatically this creates prob for the user to perform task as far as adding up an authorization object u can added it  throught su24 or pfcg in pfcg u need to click on manuaally option u can added upto 8 authroziation objects and if u want to added it through su24 u click on add authorization object feild
  but never forget to save and generate the profile after adding authorization object and also do user comparsion and complete comparsion so this object gets added to the role
  byeeeeeeeeeeee
  takecare

• Transport authorization objects in BW

  Hi gurus,
  I have this problem regarding authorization objects for reporting in BW:
  I hace created in DEV some authorization objects and linked them to some infoproviders.
  When I make the transport to PRD system, I can see these objects but they are link to other inforproviders and not the ones that are marked in the dev system. The OT doen´t seem to have any trouble, but ¿why has this happened?.
  As you know, I can´t select the correct infoproviders in prd system, and moreover I can´t erase them because I have already created profiles using these objects.
  I think an option would be to pass again an OT, but I think the same problem may arise again.
  I would appreciatte any kind of help.
  Thanks,
  Luis

  It's the same as you would in another system.
  SE84 -> Other Objects -> Auth Objects
  Choose your object and then there will be the option to transport it in menu item Authorization Obj's

• Assigning authorization through assigning authorization objects

  hi all,
  can anybody tell me the whole procedure for assigning authorizations by assigning authorization objects from the scratch along with the example with guide for assigned authorizaon using this method.b'coz this is the requirement of our organization.
  I mean to say assign authorization manually without assigning trnsaction codes.
  suggestion are always accepted.
  if you want to send me the documents then my email id is [email protected]
  thanks in advance,
  waiting for reply............
  hardik patel.

  hi kumar,
          thanks for your help.
          ok i got it and i agree that i can find the authorization object by your suggested way.
      now my point is that i find that this perticulat object is corresponding to this particular trnsaction code. now if i want to aloow only four transaction code out of all transaction codes belongs to that authorization objects. so, for this how can i maintain authorization for this authorization objects.
  It means on " Change authorization tab" it shows fields of that added authorization objects. so what values should i give to those fields so that i can allow only particular transaction codes which i want. so, how can i determine these values for allowing particular transaction codes, not all transaction codes. can you guide me regarding this?
  Please help me regarding this?
  thanks for your support,
  waiting for your reply...............
  Regards,
  Hardik Patel.

• Authorization Object is not working when report is modified.

  Hi BW Guru's
  We have Company Code as Authorization Object .and we have 3 company Codes (xxxx,yyyy,zzzz).where the users under Company code xxxx are not supposed to view company code yyyy,zzzz data etc.
  I modified an existing Report and transported to production.But the Authorization Object is not working for that report.The Report is defaultly displaying all the company codes data(xxxx,yyyy) for all the users.But for the other reports its(company code ) is working fine.
  What could be the problem?Is theproblem in transporting the objects.But i transported all the objects inluding auhorization object.
  Please send me the solution as it is very much urgent.
  The solution will be def. awarded with full points.
  Regards
  Sanjay

  hi Sanjay,
  please don't post the same question again, check and response back from your previous thread
  Re: Authorization Object is not working when report is Modified.
  hope this helps.
  would be nice if you reward for helpful answers to all of your previous postings, e.g
  docs related to RRI

• Report to check authorization object used in customized programs

  Hi Guys,
  An auditor came and he raised a question to us, he asked whether all of our customized transactions and programs are maintained with authorization checks? The question is how can we check what authorization objects are used for our customized programs and transaction codes? The developer did not maintain the objects used for that program in SU24 table. Is there a program or a report to show us all the authorization object used for a customised program or transaction? Example : T-code MIGO we can check in SU24 table for all the authorization object used. How do we check for customized tcodes? Please advise. Thanks!
  Edited by: Jarod Tan on Nov 25, 2010 9:42 AM

  Note that some programs are built in such a way that no (visible) auth check is necessary, or even desired at all.
  To determine the necessity of an auth check, you should check that starting it has an entry point (tcode, rfc, service) which is appropriately restricted. The rest (whether and where and how a further check is evaluated) is entirely dependent to what the program actually does.
  Well designed applications generally have centralized functions and methods, and the checks are in there or a "base check" they use.
  Others again use the same in UI programming to determine the visibility of functions, to make the application more intuitive for the user. This on it's own is however not a sufficient auth check to rely on.
  Code review is an art form!
  Cheers,
  Julius

• Authorization object for running a report in background

  Good day experts,
  I tried running a report in background, I choose immediately so that it doesn't have to be scheduled. But when I checked it in my own jobs, It remains at scheduled status. When I tried it on my admin account, It works and with status finished. It seems to be an authorization problem. What object could I be missing with my user account? I tried S_TCODE SMX and SP02 but still not working.
  Thanks in advance!

  Hi karshbax,
  What you're looking for is authorization object S_BTCH_JOB. You need authorization for field JOBACTION = RELE.
  In future use transaction SU53. It shows last error authorization error, so if this is authorization problem then after try of manual releasing of job you'll find in SU53 precise info what went wrong.
  Best Regards
  Marcin Cholewczuk

• Report to view user nm, authorization objects, activity, transaction code.

  Hi All,
  I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
  Is there any standard report to view all this at a glance?
  Can anybody help me on this?
  Thanks.

  u can try SUIM tcode
  its really helps u
  regards,
  Abhilash

• Authorization object coding in ABAP report

  Hi,
  I am working on a report. The output of the report is details regarding vendor based on purchasing organization. When user executes the reports, they should be only able to see details if they are authorized to (create, change and display) for the purchasing org of vendor.
  The authrorization object by SAP security team is 'M_LFM1_EKO' for standard access to vendors (via MK01, MK02 AND MK03).
  How can I use same authorization object to do check in my program for the user in ABAP so that if user is not authroized he will not be able to see details during output for those vendor.
  Regards,
  Tgshah.

  Hi ,
  Basically you need to call Authority-check using the pattern option and then pass the object name and field name .If the user has been assigned that object in his profile sy-subrc will succed otherwise fail .
  AUTHORITY-CHECK OBJECT 'M_LFM1_EKO'
           ID 'ACTVT' FIELD '1/2/3'
           ID 'EKORG' FIELD 'value of purchase organization'.
  IF sy-subrc eq 0 .
  WRITE :'authorization' .
  ELSE .
    WRITE 'no authorization' .
  ENDIF.
  The below lonk explains it more ...
  [http://help.sap.com/saphelp_40b/helpdata/fr/d4/e02c7dd435d1118b3f0060b03ca329/content.htm]
  Thank you .
  Anjaneya .

• Authorization object in zee report

  Dear experts,
  How to restrict a user from viewing ohter sales office.
  What are the steps to be followed.
  Who will create authorization 0bject or authorization group abaper or functional person.
  I am using AUTHORITY-CHECK in my report for a authorization object which is already created but
  it is not giving the correct results.
  Do I have to make a new authorization object and class for this.
  How should I control my zee transaction which is attached to this report.

  Hi,
  How to restrict a user from viewing ohter sales office.
  What are the steps to be followed.
  Who will create authorization 0bject or authorization group abaper or functional person.
  You need to identify the correct authorization object. BASIS team can help you in this.
  Usually all security related activities is taken care by the BASIS team. It depends on project to project.
  I am using AUTHORITY-CHECK in my report for a authorization object which is already created but
  it is not giving the correct results.
  What do you mean by not giving correct results. You might be having access to the sales areas you are trying to execute. That why check is successful.
  Do I have to make a new authorization object and class for this.
  Not required i hope as you already got the reply for this.
  How should I control my zee transaction which is attached to this report.
  Give the right authorization group in T-code as well (SE93). Even if you don't give, since you already have the check in the program, no issues i hope. But it is always advised to control this through BASIS at user role level rather than at ABAP level.
  Please note that authorization check statement won't give any error. You need to through the error if sy-subrc NE 0
  after the AUTHORITY-CHECK statement.
  Hope you are clear now:)
  Thanks,
  Vinod.

• MSS - Reports - Authorization object

  Hi
  I am working on configuring EP 7.0 ... In MSS , i have brought the reports from MDP..Its working fine when i give "SAP_ALL" profile, else i see only reports table with out any entries(Reports selection) ..when i check out Su53 for any missing Auth-object , it doesnt give any clue as it doesnt take this as authorization error.
  Any idea on what authorization object to be included in the backend role to get the reports page  displaying  all the entries/reports?
  Thanks in advance

  SU53 isn't all that useful for properly analysing authorisation checks.
  Try running an authorisation trace in transaction ST01 to see what's really happening in the backend ECC system.

• Authorization Object for HR Reports

  Hi All,
  I have to restrict the users based on Company Code so that the users can only access the data for which they authorized from the standard HR reports.
  Please suggest the authorization object.
  With Regards
  Akshat

  Hi Akshat,
  For HR perspective its best to use P_ORGIN Authorization Object which gives you flexibility at following level:
  INFTY: Infotype Number
  SUBTY: Subtype Number
  AUTHC: Authorization Level
  WERKS: Personnel Area
  PERSG: Employee Group
  PERSK: Employee Subgroup
  VDSK1: Organizational Key
  You can consult functional consultant for its parameters and further help.
  Hope this helps.
  Regards,
  Naveen