Analyzing existing Authorization - InfoProvider relation in 3.5
Hi Guys!
I am still working on a concept to migrate report athorization in 3.5 to analysis authorization in 7.0.
At the moment, I am struggling to find a way to analyze existing authorizations, in terms of access on InfoProviders.
In the new analysis authorization, we plan to use the special dimension 0TCAIPROV to restrict access of an authorization object.
However, to migrate our existing authorizations, we therefore need to know on which InfoProvider an authorization has access to.
Do you know any "easy" way to identify the InfoProvider, an authorization has access on?
Thanks in advance,
Tobias
Edited by: t.braml on Sep 9, 2009 12:21 PM
Hi Gaurav!
Thanks for your reply. I appreciate your effort. The provided information helped me to access the table RSSTOBJDIR and to display the list of InfoProviders for which the Authorization Object is active.
However, this list does not provide the information I am looking for. I want to know the specific InfoProvider, the authorization relevant InfoObjects of an Authorization are using/accessing.
Because this way, I can easily migrate the existing authorizations to the new concept and restrict access by assigning InfoProvider to the dimension "0TCAIPROV".
Maybe it helps to use an example.
I do have an authorization X that uses the authorization object Y to restrict access on the authorization relevant object Z.
The authorization relevant object Z is sitting in an InfoProvider.
And I want to know, how to get the name of the InfoProvider, in which the autorization relevant object Z that is used in the specific authorization X is sitting in.
Does anyone know how to get the information?
Cheers,
Tobias
Edited by: t.braml on Sep 11, 2009 12:32 PM
Similar Messages
-
The workbook report no authorization, but related query can show part data
Dear All,
We meet an error, The workbook report no authorization, but related query can show part data.
We have a workbook, it have 1 queries, and when we key in condition to run it, in one field we put on one more condition(Z3XXX = ' WZO' & ' WZA")(User didn't have authorization for this condition), and workbook report no authorization.
Then we checked authorization check log and it show "You do not have sufficient authorization on Z3XXX = ' WCO'.
But when we execute the related query with same condition. the query can open and show WZA's data.
I'd like to know the reason.
thanks & Best Regards,
Kent YuDear All,
We meet an error, The workbook report no authorization, but related query can show part data.
We have a workbook, it have 1 queries, and when we key in condition to run it, in one field we put on one more condition(Z3XXX = ' WZO' & ' WZA")(User didn't have authorization for this condition), and workbook report no authorization.
Then we checked authorization check log and it show "You do not have sufficient authorization on Z3XXX = ' WCO'.
But when we execute the related query with same condition. the query can open and show WZA's data.
I'd like to know the reason.
thanks & Best Regards,
Kent Yu -
Authorization Object Related To Movement Type
Hi,
I meet one problem, one user want to check which user can use MB1A t-code with movement type 201 and 202, but I know there are some authorization object related to movement type and I want to use suim with mb1a t-code and authorization object to check the user, but I don't know the authorization object about movement type in MB1A t-code, does anyone can help?Go to SU24, enter the transaction code and press execute.
Here you can see the all authorization object whose are used for the transaction code MB1C.
Regards
Dev -
Error Infoobject does not exists in Infoprovider
Hi Friends,
I am getting "Error Infoobject does not exists in Infoprovider" in Quality. Actually Fiscal Period and Variant are not showing up in Query designer left panel (where we can see infoprovider structure). This problem is only in Quality, the query works fine in Development and training system.
Any thoughts why am I getting this and way to rectify it? I tried transporting the query again by collecting query elements. Still it gives same error.
Thanks and regards,
BalarajProbably your data provider has been changed and transported to quality and your query is still using those objects. Please check the info provider in both system if they are in sink or not.
Regards,
Kams -
How to add id to the existing Authorization Object
Hi,
I want to add one id to the existing Authorization Object,How to add this?
Here is my Object and existing ID's
authority-check object 'Z_W2WALL' for user sy-uname
id 'ZFREEZE' field r_freeze
id 'ZLI01' field r_li01
id 'ZLI11' field r_li11
id 'ZLI14' field r_li14
id 'ZLI11R' field r_li11n
id 'ZLI20' field r_li20
id 'ZMI10' field r_mi10
id 'ZUPLOAD' field r_upload
id 'Z_ARTFRZ' field r_artfrz.
Now for this i want to add
id 'Z_BIN' field r_frz.
How to do this?
ThanksHi Sai,
as there are already defined other id's have been added, you could also do the same way
but this will also done through your basis end, where for this id your basis team will provide the
authority to this id for the same purpose..
authority-check object 'Z_W2WALL' for user sy-uname
id 'ZFREEZE' field r_freeze
id 'ZLI01' field r_li01
id 'ZLI11' field r_li11
id 'ZLI14' field r_li14
id 'ZLI11R' field r_li11n
id 'ZLI20' field r_li20
id 'ZMI10' field r_mi10
id 'Z_BIN' field r_frz
id 'ZUPLOAD' field r_upload
id 'Z_ARTFRZ' field r_artfrz. -
Existing authorization processes are based on current template
Hi!
In 8.8 the "Cannot update stage;existing authorization processes are based on current template" message shows up, when we want to change the user for a given approval stage.
Our partners did it quite frequently in version 2007A, and succeeded to do so, because there were no checks for existing authorization processes. Now there is. And "existing authorization process" in this case means more than pending approvals for that stage. It also covers those processes, that has been approved by this user, but are waiting for other stages, or waiting for the author to create the invoice. This whole procedure takes usually quite a long time, new processes could be initiated during this time, so it's hard to find a moment when there isn't any "existing" processes.
I suggest you to revert to the former functionality.
The check for "existing authorization processes" is quite unnecessary: When we want to change an approval stage it has nothing to do with existing processes, we want to make the change for newly created approvals. And it didn't cause any problem in earlier versions either.
Our partners usually needed to change approvers, when the original one was out of office, so somebody needed to substitute him/her. It's getting more and more critical since christmas is coming soon.
Regards,
Gergely HumicskóHi,
As per SAP note 1660690,
"When the draft is generated an alert is registered and sent to the Authorizers. These alerts cannot be retroactively sent to newly added Authorizers"
This is the reason why system is not accepting update of approval stages.
Thanks & Regards,
Nagarajan -
Authorization object related to PRT Delete
Hi PM guru,
Some user is not able to delete PRT assigned to the operation.
Whether any authorization object related to PRT is there so that i can check roles for user .
Regards
Anil KumarAnil,
Get the user to try to delete the PRT.
Then the user should type /nSU53 in the command field.
This will produce a report with the missing authorization object(s) -
Importing Word doc into Previously Existing Project Corrupts Related Topics
Hi,
I had a few extra topics that I documented in a Word document
and imported that document into an existing HTML Help project in
RoboHelp. After doing this, it used the CSS file called by the new
folder it added for those new topics (based on the name of the
imported word doc) and when I look at topics in WYSIWIG, the text
on them is Design_Time Con. (I used the text only style of related
topics). When I select the related topic button in WYSIWIG and view
the popup, the menu choice for properties is deactivated so I can't
even edit the topics in them. And, when I try to add a new related
topic, it looks the same "corrupted" way.
What am I going to do? Is there are project setting that is
pointing to the wrong directory? What can I do to save my related
topics. I have over 400 topics all with related topics buttons and
each has an average of 6-8 related topics listed.P.S. I also tried creating a new project and importing the
htm files into it but it is doing the same thing.
Here is the code for the Related Topics in one of the topics
as a sample:
<!--Metadata type="DesignerControl" startspan
<object
CLASSID="clsid:FF80F713-5DC6-11d0-A7B4-00AADC53E937"
ID=RelatedTopics
BORDER=0>
<param name="_Version" value="65536" >
<param name="_ExtentX" value="2117" >
<param name="_ExtentY" value="556" >
<param name="_StockProps" value="13" >
<param name="ForeColor" value="0" >
<param name="BackColor" value="14215660" >
<param name="UseButton" value="0" >
<param name="UseText" value="-1" >
<param name="ControlLabel" value="Related Topics" >
<param name="UseIcon" value="0" >
<param name="Items" value="About the Main Work Pick
Window;About_the_Main_Work_Pick_Window.htm$$**$$About the Picking
Employees Grid;About_the_Picking_Employees_Grid.htm$$**$$Adding a
Part-Time Employee
Pick;Adding_a_Part_Time_Employee_Pick.htm$$**$$Adding a Work
Pick;Adding_a_Work_Pick.htm$$**$$Changing the Employee Pick
Order;Changing_the_Employee_Pick_Order.htm$$**$$Choosing the List
of Picking
Employees;Choosing_the_List_of_Picking_Employees.htm$$**$$Defining
the Main Pick
Information;Defining_the_Main_Pick_Information.htm$$**$$Pick Status
Codes;Pick_Status_Codes.htm$$**$$Picking Extra
Work;Picking_Extra_Work.htm$$**$$Picking Special
Days;Picking_Special_Days.htm$$**$$Reviewing Master List
Positions;Reviewing_Master_List_Positions.htm$$**$$Saving the
Pick;Saving_the_Pick.htm$$**$$Selecting an Employee and Beginning
the
Pick;Selecting_an_Employee_and_Beginning_the_Pick.htm$$**$$Selecting
Imported Rosters;Selecting_Imported_Rosters.htm$$**$$" >
<param name="Image" value="" >
<param name="FontInfo" value="Arial,8,0,," >
<param name="_CURRENTFILEPATH"
value="\\cronos\Usr\kwatson\Operations Guide\TeleDriver Operations
Guide Draft 1 for Import into Help\Adding_an_Extraboard_Pick.htm"
>
<param name="_ID" value="RelatedTopics" >
<param name="UseMenu" value="-1" >
<param name="Frame" value="" >
<param name="Window" value="" >
</object>--><OBJECT
CLASSID="clsid:ADB880A6-D8FF-11CF-9377-00AA003B7A11"
ID="RelatedTopics" TYPE="application/x-oleobject" >
<PARAM NAME="Command" VALUE="Related Topics,MENU">
<PARAM NAME="Font" VALUE="Arial,8,0,,">
<PARAM NAME="Item1" VALUE="About the Main Work Pick
Window;About_the_Main_Work_Pick_Window.htm">
<PARAM NAME="Item2" VALUE="About the Picking Employees
Grid;About_the_Picking_Employees_Grid.htm">
<PARAM NAME="Item3" VALUE="Adding a Part-Time Employee
Pick;Adding_a_Part_Time_Employee_Pick.htm">
<PARAM NAME="Item4" VALUE="Adding a Work
Pick;Adding_a_Work_Pick.htm">
<PARAM NAME="Item5" VALUE="Changing the Employee Pick
Order;Changing_the_Employee_Pick_Order.htm">
<PARAM NAME="Item6" VALUE="Choosing the List of Picking
Employees;Choosing_the_List_of_Picking_Employees.htm">
<PARAM NAME="Item7" VALUE="Defining the Main Pick
Information;Defining_the_Main_Pick_Information.htm">
<PARAM NAME="Item8" VALUE="Pick Status
Codes;Pick_Status_Codes.htm">
<PARAM NAME="Item9" VALUE="Picking Extra
Work;Picking_Extra_Work.htm">
<PARAM NAME="Item10" VALUE="Picking Special
Days;Picking_Special_Days.htm">
<PARAM NAME="Item11" VALUE="Reviewing Master List
Positions;Reviewing_Master_List_Positions.htm">
<PARAM NAME="Item12" VALUE="Saving the
Pick;Saving_the_Pick.htm">
<PARAM NAME="Item13" VALUE="Selecting an Employee and
Beginning the
Pick;Selecting_an_Employee_and_Beginning_the_Pick.htm">
<PARAM NAME="Item14" VALUE="Selecting Imported
Rosters;Selecting_Imported_Rosters.htm">
<PARAM NAME="Text" VALUE="Text: Related Topics">
</OBJECT>
<!--Metadata type="DesignerControl" endspan--> -
How to store, in an effective way, analyzer data into a relational database?
We want to store the "sweep traces" of a network analyzer in a relational database in a way that it saves as much as possible space without loosing resolution.
The solutions were we thinking on are to separate the x-axes information from the y-axes information and store it in different tables of the database.
Because the repeating character of the measurements the data in the x-axes will be nearly all ways the same. So we want to store only new data in the x-axes table as a different x-axes is detected.
In a third table we want to save the relation between the x and y data and other data that belongs to the measurement.
Question is are there other or better possibilities to solve this proble
m?Hi Ben,
Thanks for you help.
The use of a third table that links the X-axe and y-axe table together depends on if I store the datapoints in the y-axe table sequential, so I need an identification of the points belonging together and I can have a varying number of data-points, (i.e. 401 of 801 ...) or I save it in one record.
The problem here is I have to save a varying nummer of points in tables with a lot of "datapoint columns".
Another solution is save the datapoints as a semicolon ( separated text string in one field.
Problem now is the limitation in the max. text field length.
In my Oracle Rdb database I can use "Varchar" fields.
(is here no limitation??)
In other databases a "Note field" will maybe give a solution.
The question sti
ll is: What is the best solution and uses the smallest amount of space?
In the next week I will do some tests with the solutions mentioned.
Please let me know what DSC is??
Greetings Huub -
Key figure not exist in infoprovider
Hi,
in what situation can a keyfigure exist in a query designer but not belonging to an infoprovider?
When i tried to launch a BEx query, i got system message about the above.
There is aggregation level under which there is multiprovider under which there are basic and real-time cubes.
regards
PrexDear
When you want to report some attributes as navigational attributes of a certain characteristics, then, you will mention that Chracteristics as data target and use it in report through multiprovider.
Thanks -
How can I delete the existing objects and Relation ships in OM?
Hi One and All,
Hope all of you doin well,
I want to delete the all existing objects in OM, like Org units, positions, jobs and etc... and also relationships.
Please guide me.
Thanks,
Potru.all Objects are stored in table HRP1000 and relations in HRP1001, related to HRP1001 there are HRPADxx tables depending on the relationship.
You will have to write your own program.
If you have Clone&Test you could use /BKC/SOL21_PDPDEL to delete complete (sub-)structures. -
Analysis Authorization and relates issue
Hello all,
I am in the midst of designing authorizations using RSECADMIN transaction.
We have a set of 50 different queries.
In our cube, there are 5 different characteristics, which are authorization relevent.
So, in RSECADMIN, i have created one analysis auth role, included all special and authorization relevent characteristics and maintained the appropriate values.
But when i execute the queries,the desired output is not coming.
- Do i need to create authorization varaibles and included in all my queries ?
- Without including the auth.variabes in queries, is there any other way to restrict the users ?
I though, by assigning the parameters in RSECADMIN, the query will automatically filter the data.
Can you pls help ?
We are on SP19.Hi,
First of all, The query is always based on a InfoCube. Now, you have 50 different Queries which is based on this InfoCube if I am not wrong as you are not getting any authorization error.
For a query to run, the user should have access to 1. Query, 2. Infocube and 3. Data(All Auth Relevant + 4 Special Objects)
Authorization relevant objects are for an InfoCube which means that these objects are important or key fields for the infocube.
You say that in your case, you have 5 Auth relevant objects which means they are important. But please note that there are more infoObjects in that InfoCube.
Now, when you go to the query design, you can restrict on any object in the InfoCube but it makes more sense that you do it on one of those authorization relevant objects as you have to specify that in the Analysis Authorization where the system can pick up the data easily and give the output.
Again, on the query design, if you have designed the query with processing type "Authorization", then it would automatically pick up (What you mentioned as automatic filtering) the value from the Analysis Authorization which is contained in the user's role for that query which otherwise gives a wide variety of options to chose from where the user has to choose the correct one.
To get the desired output, all the correct variables should be included in the query and user should have access to all the three mentioned above.
May be this gives a clear picture.
Regards,
Prasanna
Edited by: Prasanna Nagaraja on Sep 11, 2009 11:40 PM -
The Urgent Change request is in created status and I am not able to assign project to it. Also I am not able to change the status of the change request to In developement with developer's Id. Everything works fine if i assign SAP_ALL authorization to the developer.
Below are the roles assigned to Developer ID -
SAP_CM_SMAN_DEVELOPER
SAP_SM_CRM_UIU_FRAMEWORK
SAP_SM_CRM_UIU_SOLMANPRO
SAP_SM_CRM_UIU_SOLMANPRO_CHARM
SAP_SMWORK_BASIC_CHANGE_MAN
SAP_SMWORK_CHANGE_MAN
SAP_SOCM_DEVELOPER
Z_S001
ZSAP_SOCM_DEVELOPER
Issue screen -
SU53 for Developer-
Please suggest which roles/Authorization should be assign to Developer Id.
Thanks
KavitaHi Kavita,
Copy these roles to Z-roles
SAP_CM_SMAN_DEVELOPER
SAP_SM_CRM_UIU_FRAMEWORK
SAP_SM_CRM_UIU_SOLMANPRO
SAP_SM_CRM_UIU_SOLMANPRO_CHARM
SAP_SMWORK_BASIC_CHANGE_MAN
SAP_SMWORK_CHANGE_MAN
SAP_SOCM_DEVELOPER
Assign this to user.
Put a stace using ST01.
Find that object and modify/add in your custom role.
Regards,
Divyanshu -
BW 3.5 which authorization objects available rssm (checks for infoprovider)
Hi all,
How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
thanks for your help.Based on which criteria?
Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
Thanks, -
How to get standard authorizations saritha reddy
Hello Basis Gurus.
iam using one month trail version of crm 5.0.
my client is 100. i entered password wrong then the login failed. then i entered thru 066 and 000 clients. but its not allowing me to copy any standards. its says u r not authorized . i entered thru 066 client and created a new Id thru su01. but the same problem its not allowing me to copy any standards .
Pls tell me how to log on to 100 client or how to get standard authorizations.
pls give me u r valuable solution to me problem
Many Thanks
saritha
[email protected]Hi
See the doc related to Authorization concept and do accordingly
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
<b>Reward points for useful Answers</b>
Regards
Anji
Maybe you are looking for
-
How do I change my incoming call view to see the "phone number" instead of seeing "Unknown" for contacts who are not stored in my phone? Whenever a call comes in it says unknow instead on the phone number that is calling.
-
IPhoto book displaying corrupt pictures
I successfully ordered a number of calendars iLife 08. Image quality was great ... no complaints. HOWEVER, when I received my first hardcover book, I was surprised to see 8 photos displaying what appeared to be corrupt files. Subsequently, with the h
-
Forms 10g compile : syntax error near unexpected token `in
Hi, I am writing a code to compile FORMS 10g(10.1.2.0.2) in HP_UX one by one. this is the code---frm10g.sh *#!/bin/ksh* *# . ~oracle/forms/server/default.env* *# . sid icache* TERM=vt220 *if [ $# != 2 ]* then echo Usage : $0 module_name module_type e
-
Hi, I want to find that on which table paralle process is enable . By which dictionary view I can find it?
-
How to move multiple pictures on iphoto
Cannot figure out how to move pictures without choseing each one