Analysis authorization customer exit

I want to pass authorization value in0PLANT_0COMP_CODE same as 0COMP_CODE. For that i am trying ro to make customer exit variable in CMOD. can anybody tell me where I can find values of 0COMP_CODE during cmod exit. In which internal table or field?
If I will find the authorization value in 0COMP_CODE I will pass the same in 0PLANT_0COMP_CODE using exit variable.

Heading 1: Yes  I had made variable in BEx only with customer exit option but in CMOD i want to write routine in i_step = 0 to pass value of 0comp_code in 0plant_0comp_code.
This varibale i can assign in RSECADMIN in authorization.
But can not able to find value for  0COMP_CODE in CMOD.
Can you suggest in which internal table i will get values for authorizatiion.
Regards,
Rohan Shah

Similar Messages

  • Customer-Exit for analysis Authorizations: i_step = 3, i_vnam is empty

    Hello all,
    I have checked multiple scenarios and I cannot figure out the mistake I've done:
    Current situation/setup:
    1. Creation of several variables and adding each of them to different queries :
    Variable Type Processing Infoobject Selection ready for input
    COB 1 6 ZCCOSTCTR__ZCCOB S
    CB2 1 6 ZCCOB S
    CBV 1 3 ZCCOB S
    2. Adding values in a role (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM *
    9ZCCOB $C-B2, $C-OB , $C-BV
    added new object without 1KYFNM:
    ZCCOB $C-B2, $C-OB, , $C-BV
    3. Marked the used object auth. relevant for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
    WHEN 'COB' or 'RESPNO'.
    IF I_STEP = 0.
    IF I_STEP = 1.
    IF I_STEP = 3.
    CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
    EXPORTING
    I_VNAM = I_VNAM
    TABLES
    E_T_RANGE = E_T_RANGE
    EXCEPTIONS
    NO_AUTH = 1
    NOT_VALID = 2
    MISSING_OPERATOR = 3
    OTHERS = 4.
    ENDIF.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of type customer-exit and process it with i_step =1 the value selection and query result is OK.
    But this scenario works without roles and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Hi Petra,
    You are correct.  I_VANM is not stored at I_STEP 3.  However, to access that value at I_STEP3, use the following code.
    IF I_STEP = '3'.
         READ TABLE I_T_VAR_RANGE INTO L_RANGE WITH KEY VNAM = '...variable name.....'
         IF SY-SUBRC = 0.
           ...code here to alter values...
          .....for example:  L_RANGE-LOW = 'S'
         ENDIF.
    ENDIF.
    Kind Regards,
    Larry

  • Double Role for Analysis Authorization using Variable via Customer Exit

    Hi Guys I have been implementing AA using variable via customer exit and I have run into this problem, I wonder anyone have encountered this.
    Example I have a User having 2 sets of authorization Roles
    Role 1
    Personnel Area = A, B
    Personnel Sub Area = 1,
    Role 2
    Personnel Area = A
    Personnel Sub Area = 1, 2
    And what we can derive this that is the user is able to see A-1 B-1 and A-2 BUT NOT B-2 when we run all.
    But instate when we run the report it is drawing B-2 as well as because we are entering
    Personnel Area = A,B
    Personnel Sub area = 1,2
    Any idea how to solve this?
    <removed by moderator>
    Edited by: Siegfried Szameitat on Dec 3, 2008 2:41 PM

    Hello Chee Jason,
    Are you working with version 3.5 or 7.0
    How do you specify Hierarchy variable?
    Any advise you can share is very much appreciated.
    Thanks,
    Patrick

  • BW Authorizations - Query variable with processing mode as "customer exit"

    Hi,
    Iam new to BW authorizations and have not yet worked on customer exit before. I was going through the documentation at various sites but I could not get the end to end description on how the query process( when using a variable for an InfoObject) works in case of customer exit.
    Let's assume that I am using  a query variable with processing mode as "customer exit" and at the exit I  write some code to extract user's authorizations from a z table. if this is the case, then when an end user runs a query,how will the the system know what value needs to be filled in the variable for the requesting user. Are the user details  also sent to the code along with the query variable? If so how. If I mis-understood the process then forgive me and let me know the correct process.

    Hi!
    welcome to SDN!
    customer exit variables need programing by user. so if you create a customer exit variable, you got to right a program which extracts values into this variable. we can do what ever we want in program, SAP will not deal anything ´with customer exits.
    with regards
    ashwin
    PS n:  Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.

  • Authorizations by use of customer-exit: in  i_step = 3,   i_vnam is empty

    Hello all,
    I have checked multiple scenarios and they do not work:
    Current situation/setup:
    1. <b>Creation of several variables and adding each of them to different queries</b> :
    Variable   Type   Processing      Infoobject                     Selection  ready for input
    COB     1     6     ZCCOSTCTR__ZCCOB     S     
    CB2     1     6     ZCCOB                                     S     
    CBV     1     3     ZCCOB                                     S     
    2. <b>Adding values in a role</b> (currently 3.0 is used and we want to check the exit and if it works before upgrading to 7.0) and assign it to the user:
    Old active Object:ZCKS_COB:
    1KYFNM    *                                                                            
    9ZCCOB    $C-B2, $C-OB , $C-BV    
    added new object without 1KYFNM:                                                                               
    ZCCOB      $C-B2, $C-OB, , $C-BV             
    3. <b>Marked the used object auth. relevant</b> for the cube of the query
    4. Enhanced ZXRSRU01 via CMOD with coding and activated also the project:
      WHEN 'COB' or 'RESPNO'.
       IF I_STEP = 0.
        IF I_STEP = 1.
       IF I_STEP = 3.
          CALL FUNCTION 'Z_VARIABLE_BY_AUTH'
            EXPORTING
              I_VNAM           = I_VNAM
            TABLES
              E_T_RANGE        = E_T_RANGE
            EXCEPTIONS
              NO_AUTH          = 1
              NOT_VALID        = 2
              MISSING_OPERATOR = 3
              OTHERS           = 4.
          IF SY-SUBRC = 1.
            MESSAGE W007(EYE).
          ENDIF.
          IF SY-SUBRC = 2.
            MESSAGE W707(BRAIN).
          ENDIF.
          IF SY-SUBRC = 3.
            MESSAGE W999(BRAIN).
          ENDIF.
          IF SY-SUBRC = 4.
            MESSAGE W649(BRAIN) with I_VNAM ''.
          ENDIF.
        endif.
    The function 'Z_VARIABLE_BY_AUTH' was tested separately and fills in E_T_RANGE as expected.
    I also changed the variable names each time to all the other existing variables while debugging.
    If I use a variable of <b>type customer-exit</b> and process it with <b>i_step =1</b> the value selection and query result is OK.
    But this <b>scenario works without roles</b> and authorization values triggered by a variable $<VARIABLE> and is not the intended and documented way proposed by SAP. The documentation says to create a variable of type authorizations and to process it in I_Step = 3. But in this step I_VNAM is empty and so there is no processing ot the function module.
    Has anyone a solution? I could not find the issue during several debugging sessions. One strange thing is the protocol of rssm: the authorization buffer is not reflecting the enhanced role but only the value $C-B2 for object ZCKS_COB.
    Thanks in advance to have a look on this tricky issue.
    Bye,
    Petra

    Try this:
    IF i_s_rkb1d-compid = 'Query Name'
    Validation of data for the value entered in your Variable
        READ TABLE i_t_var_range INTO yourworkarea
                    WITH KEY vnam = yourvariable
        IF sy-subrc = 0.
          IF w_s_var_range-low(4) <>  w_s_var_range-high(4).  " Your condition or Logic
            l_msgv1     = c_qtr_com1.  " Your message
            i_handle = 9998.
            CALL FUNCTION 'RRMS_HANDLE_MESSAGE_INIT'
              EXPORTING
                i_handle         = i_handle
                i_msg_handler_id = sy-uzeit.
            CALL FUNCTION 'RRMS_MESSAGE_HANDLING'
              EXPORTING
                i_class  = 'RSBBS'
                i_type   = 'I'
                i_number = '000'
                i_msgv1  = l_msgv1
            RAISE again.
          ENDIF.
        ENDIF.
      ENDIF.

  • Authorization (rsecadmin) with customer exit variable

    Hello,
    I need to maintain authorization on 0CALMONTH with a customer exit variable.
    0CALMONTH is "authorization relevant"
    I created a variable of type "customer exit" : ZVAR001 (this variable is OK, I checked its value in a query)
    I created a new authorization object with 0CALMONTH = $ZVAR001.
    When I run my query I have a message due to authorization error.
    If I change my authorization object by replacing my variable ($ZVAR001) by a constant value I have no authorization problem.
    I don't understand why...
    Error logs don't help me to solve my problem : I have the following message "Message EYE007: You do not have sufficient authorization" and system just says I have "0CALMONTH  I EQ $ZVAR001 " but doesn't precise values under variable ZVAR001
    Thanks for your help

    Indeed problem was in costumer exit because I used condition with "I_STEP". Since I have delete my condition I have no authorization problem with my variable....

  • Authorization with customer exit variable (CP, BT, EQ)

    Hi SDN-Experts,
    I have a question concerning the new authorization concept.
    I created an authorization for 0COSTCENTER which also contains the 3 special characters 0TCAACTVT, 0TCAIPROV and 0TCAVALID. I inserted a customer exit variable for 0COSTCENTER. The exit reads datasets from a db table which contains authorizations for the actual user. The authorizations have different formats, e.g. "1000", "1000;1200", "25*" etc.
    The internal table e_t_range is filled as followed in the exit:
      i   eq   1000
      i   bt   1000   1200
      i   cp   25*
    This does not work. It works if I only use "eq" OR "cp". But not both at the same time.
    How can I achieve to use the different authorizations in the db table for the bi authorization?
    Thanks in advance...
    Joerg

    Hi Olivier.
    Yes, the variable is defined as selection option and I did also try to use "EQ" instead of "CP".
    I tested again with another variable which is "ready for input" and is not used in an authorization. The Variable is filled in the customer exit. This is the code:
    WHEN 'ZJGR_COSTCTR_TEST'.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'BT'.
      l_s_range-low = '0000001000'.
      l_s_range-high = '0000001200'.
      APPEND l_s_range TO e_t_range.
      l_s_range-sign = 'I'.
      l_s_range-opt  = 'CP'.
      l_s_range-low = '0000002*'.
      APPEND l_s_range TO e_t_range.
    The result in the variable screen in BEx Analyzer is the following:
    1000 - 1200;0000002*;
    And it still does not work. It seems that you could not mix EQ, BT and CP. But this is exactly what I have to do with the authorization variable...
    Do you have any other tipps that I might try out?
    Thanks,
    Joerg

  • Authorization check - customer exit EXIT_SAPLRRS0_001

    Hi gurus,
    a question on customer exit about EXIT_SAPLRRS0_001 related to i_step = 0 (Authorization check).
    I have two InfoObjects: 0WS_CAT and 0WSCATQ. The last one has a compounding that is 0WS_CAT.
    In the exit: I need to check the 0WS_OBSFLAG (a simple flag attribute) to determine if the entries in 0WSCATQ Master data are valid or no.
    If I found that the entry is valid I add the value to the e_t_range export table in this way:
    if ( i_step = 0 ).
        l_s_range-sign = 'I'.
        l_s_range-opt = 'EQ'.
        l_s_range-low = '00000001'.
        append l_s_range to e_t_range.
    endif.
    The problem is the compound, how can specify the value key for the export table?
    For example ... in the table I have three entries:
    0001 00000001 #
    0002 00000001 X
    0003 00000001 #
    The valid entries are:
    0001 00000001 #
    0003 00000001 #
    How can specify '0001' or '0003'? Because if I assign only the value  '00000001' to l_s_range-low then the entries valid in the authorization for 0WS_CATQ are three and not two.
    It's important for me to find a solution.
    Regards, Roberto

    Hi Roberto,
    you have to build your logic into a variable for the other infoobject 0WS_CAT and find your values 0001 and 0003 the way you described.
    You might have to restrict the selection for 0WSCATQ to a single value, in case you have a record like this in addition to the 3 you have listed.
    0002 00000005 #
    Best,
    Ralf

  • Hierarchy Node authorization with customer exit

    Hi All,
    I have created a hierarchy for an info-object A along with nodes test1 and test 2.node test1 consisit of value 10,20,30,40,50 and node test2 consist of value 60,70,80,90.  .
    1) I want that perticuler user should access perticuler node in hierarachy for that reason I have created a database table in which i have maintained the username and the values from the Infoobject A .I want to write a customer exit code in which user X can access node test1 and user Y can access node test2
    but in database table i can not maintain the nodes i can only maintain the values from the nodes
    so how can i restrict the user to perticuler node instead of values
    The authorization values for the perticuler user will get filled by customer exit variable maintained in the authorization profile
    can any body suggest me or send me example customer exit code for this scenario.
    I really appreciate your thoughts on this issue.
    Thanks,

    Hi,
    in addition to Anil's valid input, make sure that ZTEST is NOT ready for input. Indeed "ready for input" vars cannot be changed via customer exits.
    hope this helps...
    Olivier.

  • Hierarchy Authorization using Variable via Customer Exit

    Hi experts,
    I am wondering if I can do Hierarchy Authorization using Variable via Customer Exit? I know it can be done on normal value authorization by putting $+(the variable name). So can we do the same for Hierarchy authorization?
    For my case I have a 0ORGUNIT and I would allow the role to access anything below its node. So do I put $VARORGUNIT in Technical Node Name and Hierarchy name as ORGEH, Type of authorization = 1 and Area of Validity = 3.
    Points will be given!
    Thanx!

    Hello Chee Jason,
    Are you working with version 3.5 or 7.0
    How do you specify Hierarchy variable?
    Any advise you can share is very much appreciated.
    Thanks,
    Patrick

  • Customer Exit - Authorization

    Anyone who can give me a step by step procedure on how to use Customer Exit on Authorization....
    Thanks in Advance....

    Hi Mary Ann,
               Check ..............
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
    http://help.sap.com/saphelp_nw04s/helpdata/en/44/599b3c494d8e15e10000000a114084/content.htm
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/f1a7e790-0201-0010-0a8d-f08a4662562d
    Regards,
    vijay.

  • Populating Authorization value in Customer exit

    Dear Experts,
    I have two info objects Sales org and Plant and both are hierarchies.And both are having the same values
    ie Sales org A100 = Plant A100
    And Sales org hierarchy is like this:
    A100 ( Top Node)
    -A110 (Child of top node)
    --A111 (child of A110)
    -A120 (Child of top node)
    --A121  (child of A120)
    Sales org is authroziation object and plant is not.
    Users are provided authroziation based on Sales org , but our requirement is to popullate the same value to plant variable as well in the query.So in case if they want to drill down there wont be any problem.
    I have created a query with sales org as input varible and plant as customer exit variable.
    Suppose a user is authorized to top node ie A100 sales org and in the query if he inputs sales org as A111 which is a child node of A110
    then my plant vairable should  be populated with the top node which user is authroized to ie A100 iresepective of what ever he enters.
    If the user is authorized to A110 and if he enters A111 then my plant should be populated with A110.
    I am trying to get that info from tables UST12 etc but it would be great if someone throws some light on how to do this requirement.
    Thank you for the help.

    Please see my reply to your another thread.
    Please do not open the thread for same issue twice.
    Regards,
    Ganesh Bothe

  • Analysis Authorization Pre Filtered Values

    Hi all Gurus,
    I am currently using Analysis Authorization setup and when I run report with no values input in the variable input screen it seems to display ALL the records in the info provider BUT not by what I am able to see based on my authorization defined.
    Example:
    I am authorized to see Personnel Area = A but when i run the report it hits authorization error and I understand that it is displaying ALL the records.
    So my question is is it possible that this filter is automatically for Analysis Authorization handled by the system like how the OLD Authorization handle this?
    Thanks

    Hello Julie,
    It is not necessary to use Hierarchy or customer exit inorder to restrict the access based on company code.
    1. First of all make, Company code as authorization relevent in IO settings
    2. In RSECADMIN, create one authorization object. It is a good practice to include all SAP Technical objects also. Just click on Inster special characts.
    3. For the company code assign required value.
    4. Assign this authorization to user in USER tab
    5. In the report, If you want to defualt the value of company code, create one authorization relevent variable for company code. You can make this variable as ready for input/Not ready for input.
    6. Execute the report.
    The user will only get data related to authorized company code.
    Regards,
    Ravindra

  • Analysis Authorization failed for Multiprovider

    Hi all,
    We are facing an issue pertaining to the Analysis Authorization for a multiprovider. When we attempt to access a query base on a multiprovider, the program complains that it has insufficient authorization. So we did debugging in the customer exit and we realise it fails to populate the rest of the authorization variables in I_step = 0. Base on our initial investigation this only happens on queries on multiprovider, so is there anything I need to set or do to curb this error?
    Many thanks!

    Best solution is to trace the authorization for your issue in ST01.
    Switch on the trace in ST01 and start your work. if you face authoirzation check failed. look into the trace there you will find the logs and authorization failed for your userid.
    And one more thing, have you got anything in SU53 as authorization check failed?
    Hope this would help you.

  • Problem wih analysis authorization for two scenarios on same data provider

    Dear all,
    I am looking for a solution on the following authorization scenario (using the new analysis authorization). Unfortunately everything that I tried did not work out as expected:
    User A is allowed to manually access query 1 (based on cube A) with authorization on all sites A-Z
    The same user A shall get an email distribution automatically (derivation of the filter in the query out of the authorization) for query 2, which is as well based on cube A, but this time the authorization shall be limited only to site A.
    As both queries are based on the same infoobject (0PLANT) and the same infoprovider (0TCAIPROV) I always get the result for all sites A-Z. The 0TCAACTVT is in both cases 03 (display), so I have no chance to distinguish between reporting and email distribution.
    Probably the only chance would be to derive the values for the email distribution scenario not from the authorization directly, but using a customer exit to fill the filter - but I would prefer a "standard" solution...
    Any ideas??
    Thanks,
    Andreas

    Dear Andreas,
    Before give you an alternative for you problem, Iu2019d like to comment the combining authorization concept:
    http://help.sap.com/saphelp_nw70/helpdata/EN/46/98cd87f37d19ace10000000a11466f/frameset.htm
    For this reason I suggest you which combing restriction through authorization and query filter. For query 2 try to use in 0PLANT characteristic the single value u201Csite Au201D, this restriction give you only authorization for see this value.
    Otherwise, you have to use customer exit.
    I hope that alternative help you to find a solution,
    Luis

Maybe you are looking for

  • Connect ipod to mac throught internet ?

    HI .. I would like to know that whether ipod can connect to macbook through internet to access file in macbook ? Or any other PDA can do ?

  • Dynamic Partner link in 11g-urgent pls

    Version: 11.1.1.3 All, I've a requirement to use partner link dynamically. I configured a DBAdapter which connects to a DB called 'DB1'. During run time, my payload has systemID based on the systemID I have to insert the doc to a table in appropriate

  • Random images cramming my library

    A ton of random images, apparently mostly from webpages I've browsed, show up in my iPhoto library. This is driving me crazy and making me angry. I have everything from pictures of Queen Elizabeth (figure that one out) to dozens of puppy pictures. I

  • What can you suggest to Functional Consultants?

    Hi all, EBS R12.2 RHEL 6.5 One of  our functional consultants encountered setup error, and is requesting me to apply patch for that error based on the support note she found in MOS. Customer Form Error: Account Site Page Raises Error: Keyflexfielddef

  • Behaviors of materialized views upon refreshing

    Q1. what would happen when a materialized view X is used for a qeury rewrite in the middle while X is (started being) refreshed by another process? Thanks in advance,