Analysis Authorization and Query

Hi everybody,
while studying the new analysis authorization concept in BI7 I tested a little bit around. I was wondering how I can realize the following scenario:
A user should see "0VERSION" "2" and "0DIVISION" "01" as well as "0VERSION" "5" and "0DIVISION" "02" while executing the query with BEx Analyzer.
Am I right that I have to create two analysis authorizations?  How do I have to model the query? I always get the message that my testuser does not have enough authority.
Thanks for your suggestions.

Hi Anja,
Did you ever get a resolution to the question you asked.  I am facing the same scenario now where i want to restrict a user to seeing seeing the following:
user must see:
Division = 001 and Area = A
Division = 002 and Area = B
But he must not see Division 001, Area B for example
Creating the analysis authorizations is not a problem, the problem is modelling the query to return this result.  I always get no results due to lack of authorization as the authorization variables try to return All Division "001" and "002" and All "A" and "B"
As i see it, you cannot model the query to return the required result.  What would be ideal is if the query would only return what the user is authorized to, rather than returning nothing and giving an auth error.
Thanks
Gavin

Similar Messages

  • Analysis Authorization and relates issue

    Hello all,
    I am in the midst of designing authorizations using RSECADMIN transaction.
    We have a set of 50 different queries.
    In our cube, there are 5 different characteristics, which are authorization relevent.
    So, in RSECADMIN, i have created one analysis auth role, included all special and authorization relevent characteristics and maintained the appropriate values.
    But when i execute the queries,the desired output is not coming.
    - Do i need to create authorization varaibles and included in all my queries ?
    - Without including the auth.variabes in queries, is there any other way to restrict the users ?
    I though, by assigning the parameters in RSECADMIN, the query will automatically filter the data.
    Can you pls help ?
    We are on SP19.

    Hi,
    First of all, The query is always based on a InfoCube. Now, you have 50 different Queries which is based on this InfoCube if I am not wrong as you are not getting any authorization error.
    For a query to run, the user should have access to 1. Query, 2. Infocube and 3. Data(All Auth Relevant + 4 Special Objects)
    Authorization relevant objects are for an InfoCube which means that these objects are important or key fields for the infocube.
    You say that in your case, you have 5 Auth relevant objects which means they are important. But please note that there are more infoObjects in that InfoCube.
    Now, when you go to the query design, you can restrict on any object in the InfoCube but it makes more sense that you do it on one of those authorization relevant objects as you have to specify that in the Analysis Authorization where the system can pick up the data easily and give the output.
    Again, on the query design, if you have designed the query with processing type "Authorization", then it would automatically pick up (What you mentioned as automatic filtering) the value from the Analysis Authorization which is contained in the user's role for that query which otherwise gives a wide variety of options to chose from where the user has to choose the correct one.
    To get the desired output, all the correct variables should be included in the query and user should have access to all the three mentioned above.
    May be this gives a clear picture.
    Regards,
    Prasanna
    Edited by: Prasanna Nagaraja on Sep 11, 2009 11:40 PM

  • BW BEX Queries and Analysis Authorizations

    Hello....
    Have an opportunity with BW BEX queries and Analysis Authorization...would like to see if anyone has had the same experience and if so is there a answer....
    1) given a query....
    2) given a analysis authorization with a info-object that has intervals defined to be both single values and ranged values
    the following happens...
    after the query is fired the starter screen appears...the info-object in question appears with the defined single values only....if....the window is opened....again only the single values appear...the range values do not appear...once the query is executed the only results given are those for the single values...
    also if you re-fire the query and manually enter a valid value for the info-object that falls with-in any of the range values no result is given...even if there is data for it....the reponse given is no data found....
    NOW...if the single values, for the given info-object, are removed from the Analysis Authoriization then the range values appear and work....
    Is this a problem within in the query...or...is this a "feature" of the query...and thus must be "lived" with...
    Terry
    PS...this problem currently only happens if the window for the info-object allows for multi-selection....this problem does not occurr when the window only allows for one selection...

    Hi,
    This is a known problem with analysis authorization and multi selection IO selection criteria.
    When you define the analysis authorization with ranges and when you try to enter single values on the selection critera of the query, then the system shows zero data.
    You can run the query without entering any selection values for the IO in question only.
    I have tried several combinations and still encountering the same issue.
    Ravi

  • Analysis Authorization (Role, Profile and Direct Assignments)

    <b>Analysis Authorization Question:</b>
    1)     In BW 3.x environment, customers have used Role Maintenance Process to assign proper object level security and then assign to the users.
    2)     Most of the places R/3 security team takes over support/administration function of BI Security and they continue to use Role method to assign “Reporting Authorizations” as per the process defined in BW 3.x system.
    3)     Customer sometime have 100 + Roles to have 3.X “Reporting Authorizations”. This is Managed, assigned, approved using role concept.
    <b>
    Migration Options:</b>
    1)     New Analysis Authorization makes process of Role Maintenance like "hierarchy authorizations" of BW 3.x. You have to create Value in other transactions and assign them in Role as a pointer or link object. With Analysis Authorization concept, Actual value of the Object Assigned “Like Company code 1100” not visible in Role Maintenance PFCG transactions. It is only visible in Transaction code RSECADMIN.
    2)     Analysis Migration Tool - RSEC_MIGRATION does not update “ROLES”. It creates or changes “PROFILES”.
    3)     Profiles are assigned to the users and Roles does not reflect any Impact by Analysis Authorization migration.
    <b>Questions</b>
    a)     This means customer need to update all the roles by hand. If they want to use Roles to manage the assignment of the Security to users. Migration Tool does not update Roles, it only updates PROFILES.
    b)     Does any one use direct assignment to Users? It is good business practice?
    c) Is <b>Profiles</b> recommended method of Authorization Maintenance?
    d) Can we run migration tool to create Analysis Authorizations, but not assign to the users as a Profile. But stop at creating Analysis Authorizations. If Customer wants to use Roles maintenance process then, they can do not have delete profile assignments from all users before updating Roles using Analysis Authorizations.
    Just want to check how other folks have done migration that can be supported going forward.
    Pankaj Gupta

    Hey Pankaj,
    In general, assigning the analysis authorization directly to user makes a lot of sense for granular levels of authorization. For example, if you had 3,000 users, 3,000 specific authorization combinations, and 3,000 roles, using roles is a lot of additional overhead. If you had 12 roles and 3,000 users, your role concept makes a lot of sense.
    Therefore, the recommendation is that it varies on what makes the most sense logically. Authorization groups can be created to group analysis authorizations and combine them. Also, you have the ability to generate analysis authorizations using the Content Datastores for this. That is an option as well.
    RSEC_MIGRATION does use profiles as you've stated. If you want, there would be manual work to convert to roles afterwards. In case you haven't seen Marc's presentation on security, it's pretty good and covers how to generate authorizations from the datastore.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/ac7d7c27-0a01-0010-d5a9-9cb9ddcb6bce

  • Problem with analysis authorization- 0BI_ALL always needed

    Dear all:
    we have a serious issue on so-called "analysis authorization" now. We have auth-restricted user who only have authorization to access data on one company code. We also create a BI-authorization in analysis authorization and assign the following auth-relevant object to this authorization-
    0TCAACTVT = 01-03
    0TCAIPROV = ALL
    0TCAVALID = ALL
    0TCAKYFNM = ALL
    0COMP_CODE = A001
    And we create one query with only company code and number of employee in the row and column. But everytime we execute this query, there s always message" No Authorization". We used ST01 to trace and the result shows we need to have "0BI_ALL" in auth object S_RS_AUTH. If we added 0BI_ALL, all company code data will display, which definitely no auth restriction at all. Is there any specific authorization setting we need to do?
    We are stuck here pretty bad. Thank you all in advance if any input.
    BR
    SF

    Hi,
    I guess the Authorization profile is active , and in the Tcode PFCG -> Role name -> User tab page ( user comparision is done ).
    Check if any of the tab page shows red light .
    And assignment of 0BI_ALL is not a solution , as any user can do anything in the system.
    Also do not forget to log - off and log-in into system after changing into any of the authorization profile to see changes that had happened.
    Hope that helps.
    Regards
    Mr Kapadia
    Assigning points is the way to say thanks in SDN.

  • Problem wih analysis authorization for two scenarios on same data provider

    Dear all,
    I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
    User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
    The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
    As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
    Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
    Any ideas??
    Thanks,
    Andreas

    Dear Andreas,
    Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
    http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
    For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
    Otherwise, you have to use customer exit.
    I hope that alternative help you to find a solution,
    Luis

  • How to implement complex analysis authorizations in simple way

    Hi All,
    I need to create some analysis authorizations with long list of single values for a characteristics. For example, we have multiple set up of company codes (APAC, EAME, AMERICAS, etc) and each set contains 150 - 200 company codes in it. Now we have multiple combinations of company code set and geographies. In short, we will have multiple analysis authorizations and each will have one or two set of company codes and some geographies.
    I can create the analysis authorizations for the first time, by putting individual values in the respective characteristics. That would be a big task but can be done. But the problem is about ongoing maintenance. In future, if a new company code is added to lets say APAC companies, then we will have to update all analysis authorizations which contains APAC company code and that would be huge number of AAs due to the complexity of business architecture.
    Could anyone please suggest if it is possbile (and how) to do below or similar, or have any other better approach (using BW7.4)
    - We would create a group (or set) of company codes. Lets say would create a group APAC_Comp_Code and add all APAC related company codes in it. This would be repeated for all set of compant codes.
    - While creating analysis authorizatons, I would not assign any individual company code value in characteristic, instead put APA_Comp_Code inside the characteristic 0COMP_CODE.
    - If I need to put multiple set of company codes inside 0COMP_CODE, I will just put the corresponding group name, not the invidual values.
    The benefit would be that in future if I need to add a new company code to APAC, I would just have to update this group APAC_Comp_Code. I will not have to maintain the analysis authorizations.
    Please let me know if this is possible or if there is any other way to implement the requirement with simpler maintenance.
    Thanks
    Nitesh Gupta

    Hi Nitesh,
    From what you describe, this would be a good case to use variables in your analysis authorisations. You can specify a variable value for the BUKRS field and have a couple of options to populate the values which are picked up in the query execution.
    You will need to ensure that you activate the istep to read customer exit variables and have the query variable set as customer-exit. Once those are complete, you can create a custom table to maintain the mapping of groups to company codes, or to read the company codes directly from your ERP system (if you want to base authorisations on what the users can see in ERP) and populate the table with those values.
    However you populate the value to the variable, I think this approach will get you closer to minimal maintenance going forward. Enhancement RSR00001 should be implemented, some help documentation for this below
    http://help.sap.com/saphelp_nw70/helpdata/en/1d/ca10d858c2e949ba4a152c44f8128a/content.htm
    Hope this helps,
    Tom

  • BW Analysis Authorization gut check.

    Hello all,
    Just a gut check about how the AA strategy works.  Take this scenario when executing a query:
    The following InfoObjects are auth relevant:
    0PLANT:  Aggregated Data so only : is needed.
    0WHSE_NUM:  Needs specific value
    0TCAACTVT:  Default 03 given.
    And then the following special characteristics:
    0TCAIPROV:  Infocube Z123
    0TCAVALID:  Default * given.
    Now..if I were to put these 5 Characteristics in 5 seperate Analysis Authorizations and assign those 5 to a role with S_RS_COMP, the query can be executed.  Not our design...testing purposes only.
    I THOUGHT that some of these characteristics needed to exist together in 1 AA, like 0TCAACTVT and 0TCAIPROV in order to work properly.  But apparently when the system is checking authorizations, it only treats each characteristic seperately and on it's own when checking the values.
    Thoughts or insight?
    Thanks,
    Tom

    Hi Tom,
    To be precise, you'd assign your analysis auths to a role with S_RS_AUTH. S_RS_COMP is to give access to BEx.
    Check out the online documentation from SAP on analysis auths. I did a really quick look in there and found this gem that should help answer your question:
    In addition to these generic dimensions, an authorization includes special dimensions. These consists of the characteristics 0TCAACTVT (activity), 0TCAIPROV (InfoProvider), and 0TCAVALID (validity). These special characteristics must be included in at least one authorization for a user; otherwise the user is not authorized to execute a query.We recommend that you include these special characteristics in every authorization. You do not have to include them in every authorization, but for reasons of clarity and analysis security, we recommend that you do this.
    So it seems that you need those special dimensions in at least one analysis auth to be able to execute queries, but SAP recommends including them in all of them.
    Krysta

  • Standard authorization concept versus analysis authorizations

    Hi
    I am bit confused about the necessity of maintaining both.
    Example:
    I have designed an analysis authorizations for CO (Controlling), named CO_001:
    InfoProvider: 0COOM_C02
    Thereafter I have put the authorization object S_RS_AUTH into a role (standard authorization object) with CO_001 as value in BIAUTH.
    Is there still a need to maintain authorization objects for Business Explorer or Business Planning, like:
    S_RS_COMP (limiting to the InfoProvider mentioned in the analysis authorization)
    S_RS_PLSE (limiting to a special aggregation level of the appropriate InfoProvider mentioned in the analysis authorization)
    What happens when there is no limitations maintained in the role for these auth objects, "*"?
    Which concepts dominates the other one?
    Thanks
    BEO

    Hi BEOplanet,
    S_RS_COMP will give you access to the Infoprovidor in BEx so this will be access level security.
    Then Analysis authorization will give you the data level security within the infoprovidor (like what data you can see within the infoprovidor)
    There fore you need to maintain both S_RS_COMP and Analysis Authorizations.
    To your question ,if you have maintained the cube 0COOM_C02 in Analysis Authorization and S_RS_COMP has only 0PA_01 then the Query will fail since you dont have access to the cube 0COOM_C02 in S_RS_COMP.
    Regards,
    Karthik.

  • Rational approach for Analysis Authorization:

    This post is regarding the implementation of Analysis Authorization.  Considering the role based approach; please let me know the optimized way to implement the analysis authorization such that there will be very low maintenance.
    For e.g. I have queries which need to be restricted at data level PLANT wise. So I mark the characteristic 0PLANT as authorization relevant. There are 150 plants so I create the 150 Analysis Authorizations and put each one of them in roles (1:1) resulting in 150 roles. In addition; 151th Role and Analysis Authorization for ALL plant access.
    Now to restrict the queries themselves, I create a Role with object S_RS_COMP , S_RS_COMP1 (For queries) ; S_USER_AGR  and S_USER_TCD( for  workbooks).
    Then I create a composite role  with above 2 single roles (one containing AA and other role for Query restriction)and assign it to user.
    Now suppose when I need to restrict data at some other level say DIVISION wise. Then I would be again creating analysis authorization for all the divisions and putting them in roles.
    Using this approach ; there would be many roles and analysis authorizations. Also during production support it may be cumbersome to debug the errors.
    Please comment if any other approach for implementing the above scenarios.
    Regards,
    Ajit
    Edited by: Ajit Nadkarni on Apr 4, 2010 5:47 PM

    Hi,
    I had a similar requirement where in we had 178 plants and each plant manager has to see their own site by default in the selection screen when they run the query.
    By defalut it should display there own site but its not restricted to only that site. Managers can also look into other sites but by default they wanted their own site to be displayed.
    So I have created DSO and did mapping with username and store. And in query I created a variable in plant of type customerexit and written exit in CMOd using I_STEP 1. This solved our requirement. But to restrict to particular site i guess we can extend the routine in cmod.
    Thanks
    Srikanth

  • Issues with Analysis Authorization checks in APO

    Hi Friends,
    I am facing an issue with Analysis authorization checks in APO.
    We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
    Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
    This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
    In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
    However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
    Resultant trace results are as below: This should not happen..
    I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
    Will it be possible for you to advise on what could I be missing.

    Hi All,
    If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
    while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
    Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
    Please advise.. Thanks..
    Regards,
    Prakash

  • What is Analysis Authorizations in BI 7.0?

    Hello BW Gurus,
    Greetings!!!!
    Please forward the relevant documents (<b>Analysis Authorizations and also about data migration from 3.0 to 7.0</b> ) to the ID- <b>[email protected]</b>
    Points will be rewarded..
    Best Regards,
    Priya

    Hi Priya,
    These would be great help to you,
    Upgrading to SAP NetWeaver 7.0 BI - The Details doc.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10564d5c-cf00-2a10-7b87-c94e38267742
    Please check these blogs for full details:
    /people/prakash.darji/blog/2006/09/22/rolling-out-the-new-sap-netweaver-2004s-bi-frontend-tools?page=last&x-showcontent=off&x-order=date [original link is broken]
    https://weblogs.sdn.sap.com/pub/wlg/4668?page=last&x-order=date [original link is broken] [original link is broken] [original link is broken]
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6a19f233-0e01-0010-6593-c47af5a8df3b
    Some Insights..
    NW2004s Upgrade - Front-End Migration Strategy
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2331907
    Migration of Data Sources
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3369391
    Migration - Web Templates from 3.x to NW2004s
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2052465
    Migration question
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2935414
    Migration Transformation NW2004s Datasource
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3034054
    Analysis Authorization Migration Question
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=2537477
    NW2004s Data flow
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3447826
    Visual composer migration
    https://forums.sdn.sap.com/click.jspa?searchID=3914335&messageID=3775098
    Rfer thez threads.. u will get good idea..
    /thread/439486 [original link is broken]
    /thread/377643 [original link is broken]
    Migrate Transformations
    /message/3034624#3034624 [original link is broken]
    /thread/178564 [original link is broken]
    For Data Flow:
    http://help.sap.com/saphelp_nw2004s/helpdata/en/43/f00e2696d24c5fe10000000a155369/content.htm
    /people/prakash.darji/blog/2006/09/22/rolling-out-the-new-sap-netweaver-2004s-bi-frontend-tools
    Assign points if it helps,
    Regards,
    Mani

  • Assignment of analysis Authorization

    Hello Experts,
    i have created an analysis authorization and assign the same to 20 users. Now i want to assign some other analysis authorization to all those 20 users instead of that previous one.
    so how can i achieve this??
    thanks in advance
    Neha

    I think you might have assigned that authorization object to some role.
    Then if you remove the authorization object  from that role it will removed from
    all the user.and assign the new authorization object to
    this role .
    You can check the user with that role in suim t-code.
    Thanks,
    Saveen Kumar

  • APO - Demand Planning: Tracing Analysis Authorizations

    Hi,
    I was wondering if there is a way to trace analysis authorizations for demand planning?
    I have an APO concept that uses analysis authorizations. A user gets blocked in transaction /SAPAPO/SDP94
    If I run ST01, the missing value is in S_RS_AUTH, meaning Analysis Authorizations are missing.
    However,
    I can't seem to find a way to trace transaction /SAPAPO/SDP94 as another user with RSECADMIN.
    Any advice?
    FYI - I do NOT want to assign 0BI_ALL.
    Thanks for your help

    Hello Mariano,
    ST01 and SU53 tells me it's Analysis Authorizations that are missing.
    It's asking for S_RS_AUTH object 0BI_ALL. If I assign 0BI_ALL everything works; but that is NOT what I want to do.
    Hence I know it's related to Analysis Authorizations and I would like to know HOW to trace WHAT analysis authorizations are missing.
    Best regards,
    Tom

  • How to get Query Results based on Analysis Authorization Ranges????

    Hi Experts,
    I have gone through the lot of SDN Links, however not able to find the answer to my question.
    I have an Authorization Issue, “NO Authorization “
    Error : EYE 007 ( Insufficient Authorizations )
    <b>Here is the issue:</b>
    Need to see the complete query result when I gave the range in Analysis Authorization for Controlling Area 001-005. Controlling Area is auth relevant and right now a variable is inserted in the query for it. If I select Controlling Area 001, the result for Controlling Area 001 is displayed in query. If 002 then also displayed. If I do not enter anything, then I get the <b>Eye 007 error message</b>.
    I am not sure how do I display/authorize the entire result in the query for all the Controlling Areas, I have authorized user to see??
    <b>Its really urgent, please help..!</b>
    Here are the logs:
    Authorization Check Log
    Date and Execution Time (Local Server)
    Execution Date: 06.09.2007
    Execution Time: 14:48:41
    Executed Query: 0CCA_C11/GBCCA_MP01_Q0002_AP
    Executed by User ZBI_TEST_001
    Executed with Analysis Authorizations of Another User ZBI_TEST_001
      InfoProvider Check  
    Building the Buffer...
    ...Buffer Built
    Are there authorizations for accessing InfoProvider 0CCA_C11 with activity 03?
    Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03 
      InfoProvider Check  
    Authorization exists for general access to InfoProvider 0CCA_C11 with activity 03 
      Relevant Characteristics for Detailed Authorization Check  
    (Characteristics with Full Authorization Are Not Listed!)
      List of Effective Authorization-Relevant Characteristics for InfoProvider 0CCA_C11:  
    0CO_AREA 
    0TCAACTVT 
      Relevant Characteristics for Detailed Authorization Check  
    (Characteristics with Full Authorization Are Not Listed!)
      List of Effective Authorization-Relevant Characteristics for InfoProvider :  
    List Is Empty:
      There Are No Characteristics That Have to Be Checked in Detail  
      Authorization Check  
      Detail Check for InfoProvider 0CCA_C11  
      Preprocessing:  
    Selection Checked for Consistency, Preprocessed and Supplemented As Needed
    Subselection (Technical SUBNR) 1
    Check Node Definitions and Value Authorizations...
    Node- and Value Authorizations Are OK
    End of Preprocessing
    Filling the Buffer...
    ...Buffer Filled
      Main Check:  
      Subselection (Technical SUBNR) 1  
    Supplementation of Selection for Aggregated Characteristics
      No Check for Aggregation Authorization Required  
    Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
    Characteristic  Contents 
    0CO_AREA
    0TCAACTVT
    SQL Format:
    CO_AREA = '0003'
    AND TCAACTVT = '03'
    Characteristic  Contents 
    0CO_AREA  I BT 0001 0005
    0TCAACTVT  I EQ 03
    I EQ 16
    Authorized   
      Subselection (SUBNR) Is Authorized  
      Authorization Check Complete  
      Authorization Check  
      Detail Check for InfoProvider 0CCA_C11  
      Preprocessing:  
    Selection Checked for Consistency, Preprocessed and Supplemented As Needed
    Subselection (Technical SUBNR) 1
    Check Node Definitions and Value Authorizations...
    Node- and Value Authorizations Are OK
    End of Preprocessing
    Filling the Buffer...
    ...Buffer Filled
      Main Check:  
      Subselection (Technical SUBNR) 1  
    Supplementation of Selection for Aggregated Characteristics
      No Check for Aggregation Authorization Required  
    Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
    Characteristic  Contents 
    0CO_AREA
    0TCAACTVT
    SQL Format:
    TCAACTVT = '03'
    Characteristic  Contents 
    0CO_AREA  I BT 0001 0005
    0TCAACTVT  I EQ 03
    I EQ 16
    Partially or Fully Authorized (Intersection)   Characteristic  Contents 
    0CO_AREA
    0TCAACTVT
    SQL Format:
    ( CO_AREA < '0001'
    OR CO_AREA > '0005' )
    AND TCAACTVT = '03'
    Value selection partially authorized. Check of remainder at end
    Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Set 
    Characteristic  Contents 
    0CO_AREA
    0TCAACTVT
    SQL Format:
    ( CO_AREA < '0001'
    OR CO_AREA > '0005' )
    AND TCAACTVT = '03'
    Characteristic  Contents 
    0CO_AREA  I BT 0001 0005
    0TCAACTVT  I EQ 03
    I EQ 16
    Not Authorized   
    All Authorizations Tested
      Message EYE007: You do not have sufficient authorization  
      No Sufficient Authorization for This Subselection (SUBNR)  
    Following CHANMIDs Are Affected:
    184 ( 0CO_AREA )
      Authorization Check Complete  

    Hi,
        Have you defined the vaule for 0CO_AREA as BT 001-005 in you Authorization for 0CO_AREA.Also how have you defined your Authorization Variable on the query? Have you define as select options or interval? I thing you need to define it as interval or select options.
    Hope it helps,
    Cheers,
    Balaji

Maybe you are looking for

  • Adding Javascript to pages

    Hi, I'm trying to add Javascript-function to the standard OIM-catalog-page. But I haven't had any success yet. I'm trying to do this by adding <ad:resource type=""javascript>MyJavaScript< ad:resource>in an exported sandbox. When I import the sandbox

  • Error AAPO169 when performing MIGO on a PO with Acc.*** Category A

    Hi, When perfoming MIGO on a PO with: - Account assignement category                      A (Asset) - Item Category in Purchasing Document          L (Subcontracting) - Single account assignement - Derive from Account assignement category    I receiv

  • Rental Movies on Mac & Apple TV

    I rented a movie on my computer and then wanted to see it on my apple TV but the movie does not appear there. I checked the apple store / rentals but nothing appears. For sure i am using the same Apple ID on Itunes in the computer and on the Apple TV

  • Transmitting the Purchase order Document to the Vendor.

    Hi All,            There are different modes by which the Purchase Order (PO) Document could be sent to the Vendor from backend R/3 system. The various modes include XML/ Auto email, through Supplier Portal, or manually by means of Fax. How will i ch

  • Switch off email notifications

    I use thunderbird with a number of email accounts. There is one account I do not want to check for mail unless I specifically press the 'get messages' option for that account. I have followed the steps outlined in https://support.mozilla.org/en-US/qu