Auth relevant Objects in a Infoprovider

Similar Messages

• Wanted: Dictionary-/ Metadatatable for the Mapping of the (old,3.5.) Authorization Object to the (Auth.relevant) InfoObject

  Hi,
  I am looking for the concrete BW's dictionary-/ metadatatable(s)
  which contain/describe the
  Mapping of the (old,3.5.) Authorization Object to the (Auth.relevant) InfoObject
  of  the transaction "RSSM-Authorization for Reporting"
  For example:
  I got 3.5 Auth.Object ZCOMP_CODE and want to know to which   (Auth.relevant) InfoObject
  this is mapped, basically what's in the usage of this Authorization Object.
  ThanXs
  Martin

  Hi,
  As of now, your authorizations still in 3.x. so please check the below tables.
  RSSBAUTHGEN - it holds info provider and authorization object
  RSSBAUTHGENERATD - it have user name and info provider
  RSSBAUTHTRACE
  RSSBAUTHTRUSER
  RSSBAUTVAL
  RSSAUTHHIER
  RSSAUTHHIERNODE
  Coming to 7.x , Above mentioned T code kumar is enough to handle authorization concepts.
  There is best document about 3.x and 7.x comparison on Google.
  please search for it by using search term "An Expert Guide to new SAP BW Security Features"
  Written by Marc Bernard
  Thanks

• To Restrict Auth relevancy in RSD1 * removed_by_moderator *

  Hi Gurus
  I want to restrict user for t-code RSD1 such that they can not mark any object auth relevant. Can you please give me a clue which object should I change ?
  Thanks
  <removed_by_moderator>
  Edited by: Julius Bussche on Jun 26, 2008 8:02 PM

  Hi ,
  check with the object
  Data Warehousing Workbench – InfoObject S_RS_IOBJ
  Authorizations for working with individual InfoObjects and their subobjects.----Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
  <removed_by_moderator>
  Regards
  Malti!!!
  Edited by: Julius Bussche on Jun 26, 2008 8:00 PM

• Implement Hierarchy's On InfoObject that is Not Auth Relevant.

  Hello Friends,
  Please Advice me in this issue.
  I am Upgrading from 3.1 to 7.0.I am able to implement hierarchies when the Infoobject is auth relevant.
  There are hierarchies in 3.1 on Infoobjects which are Not Auth Relevant.
  Like 0PLANT ..I don't know how to implement using this.
  Is there any way to implement hierarchies on InfoObjects which are not auth relevant in BI 7.0 using Analysis authorizations.
  Or Do i need to make thes non auth relevant InfoObjects of 3.1 to auth relevant in 7.0 and implement hierarchies.
  Please advice.
  Thanks,
  Ram

  Hi Keerti,
  Can you please tell me how to implement hierarchy with out making 0PLANT auth relevant.
  We are upgrading from 3.1 to 7.0.
  0PLANT is not auth relevant in 3.1 but it has Hierarchies.
  So business team wants to have the same in 7.0 with out making it auth relevant.
  Please help me in doing this.
  Thanks
  Ram

• Restricting access of to auth relevant characteristics

  Hello Experts,
  We have a requirement wherein I have to restrict access for a user by which the user would not be able change the poroperties of characteristics even in the local view in the query designer.
  The requirement is like the user should be able to go into change query (local view) and change rows and columns but the user should not be able to change the properties of any characteristic.
  In our case the user is trying to change the properties of a authorisation relevant characterstics which the user should not.
  Thanks in advance.
  Best Regds,
  Suyog.

  Hi Suyog,
  As per my knowldge, you cant control change acceess only to rows and column only in query designer. Also please note that maintaining auth. relevant charactristics as processing type authrization or customer exit is BW developers job, as BI security consultant you can give suggestions to maintain such varaiables.
  Hence you give change  query access in Dev and  give only display in QA & production.
  Best Regards
  Imran

• Resultant user authorization of t-codes with a common Auth. Object

  Hi,
  I'm re-posting this question because the first time it was rejected and according to the Rules of Engagement, it seems it's because I did not post my photo, however, dear Moderator, if for any other reason, I mean not to be indecent, kindly let me know if there's anything violating the content rules.
  I'm trying to control access to t-code AS02 using Asset Views (Auth. Object A_A_VIEW), so while looking around I noticed that this Object A_A_VIEW is present in other t-codes/roles assigned to some users.
  My question is (pardon my basic terminology), if a I create a role that has a t-code with certain authorization values defined in its Authorization Objects, and assigned it to a user that has those Authorization Objects in his profile but from totally different t-codes in different roles, will the most explicit/resultant authorization take precedence in all the t-codes? or will the t-codes be accessed as per the authorization provided in their respective roles?

  Hi  Saleh
  Lack of photo would not have been the reason.
  Is SAP security your background? What do you know of generated profiles, user buffer and the concept of cross-inheritance (or cross-talk)?
  If you are asking if a user has Transaction AS02 from one role and A_A_VIEW from another would they be authorised or not then that is a basic question (fundamental of SAP authorisation concept). Basic questions are not allowed in SCN as you can obtain the answer via searching, sap help and basic training.
  If you are trying to understand some specifics of the A_A_VIEW authorisation that the SAP Help (and also IMG configuration for Asset Views) did not provide then you might need to clarify your question.
  Regards
  Colleen
  Ps - I did alert the moderator to your question as I thought it was basic question relating to the SAP authorisation concept that is covered in SAP help, Google and the ADM940 training course.

• RSSM Authorization objects linking to InfoProvider disappeared

  Dear all
  We have observed a strange scenario. Some times the link of the authorization objects to the InfoProvide disappeared and after certain time, it comes back again. It seems no any batch job running related to this. Have someone met the same situation?
  Thanks for the help, Jessica

  I don't know if this is the answer to your question but I have a similar experience, but slightly different:
  Sometimes, in the process of redesigning InfoProviders already present in the production system, they are deleted and recreated in development. When that happens, <i>all possible</i> authorization checks for reporting objects are checked again by default. Transporting these InfoPoviders back to Production means that users will experience a loss in authorizations until the irrelevant authorization checks for reporting objects are unchecked again.
  This problem can only be solved by implementing a decent change management procedure and increasing authorization awareness for BW developers.
  Good luck,
  Kind regards,
  Lodewijk

• Authorization Relevant Object

  Hi experts,
  Please suggest how to make an info object as an authorization relevant object. Please guide step by step.
  Thanks in advance.
  AJAY

  hi ajay,
  for authrization relevant info objects just mark your infoobject as authorization relevant in tha Business Explorer Tab of ur infoobject.
  then if u have authrization go to t-code RSECADMIN.
  here, undet the authorization tab ,
  just create an Authorization Relevant object into which just
  select ur actual info object name for which u want authorization.
  after this just double click on ur info-object and enter your all restictions.
  save it then.
  hope this will help u
  thanks.

• Authorization relevant objects list

  Hello BI experts,
  I need to find out the Authorization relavant infobjects in the system. How can i do it. Is there a table where i can find this data or any transactin
  Thanks in advance
  BWer

  hi BWER,
     You want to see the authorisation relevent objects for perticuler system right.
  1. Go to RSSM tr code
  2.click the radio button Authorizations for several users there u have to enter ur lon-in Id name
  3.right hand side 1 spects symbol is there for disply-- click on it.
  It will show u all authorisation Infoobjects for u.
  Thanks & Regards,
  kiran

• Custom Auth. Object with Profile and role assignment not working

  Hi,
  I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
  Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
  When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
  AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
              ID 'ACTVT'  FIELD '01'.
  Am I missing anything? The profiles are generated correctly. 
  Best Regards,
  Nilesh

  Below are the screen shots for PFCG:

• 1 Auth. Object - 2 TCodes - Need 2 different actions?

  Hello All,
  I have 2 transactions ( IDX1 & IDX2) which works with authorization code "S_IDOCMETA".  I need to have different access levels set for these two transactions. For example, I need only display access for IDX1 tcode and I need full access for tcode IDX2. How shall I go about it. As its only one auth. object if I give full action, both tcodes are getting effected. Thanks in advance. Any help will be rewarded.
  Regards,
  Farooq.

  Hi,
  First the easier method.
  Create two separate roles for these two transactions and add necessary auth values in the S_IDOCMETA. But the problem with this method is that once u assign both the roles to the end users then they will again end up having higher access for the two authorizations avaialable for S_IDOCMETA.
  Second method is using custom auth object in place of S_IDOCMETA having all the fields of it and a field TCD transaction code in addition and place a check for this auth object in the transaction codes this is another solution which might be useful but u need to take the help of a ABAPER to get this done..
  Hope this helps
  Manohar

• Master Data Object as an InfoProvider

  I have a master data object which is loaded with data.  I need to carry out some analysis via queries on this object.  What are the consequences if I now switch on the InfoProvider flag in the InfoObject? Thanks

  Hi,
  you will see it then underneath the InfoArea in the InfoProviderSection.
  Then you'll be able to report onto the InfoObject.
  Additionally, you can then use flexible Update for this InfoObject as well.
  As far as I know, there are no negative aspects to this switch.
  hth
  cheers
  Sven

• CIN Auth. Objects

  Dear Experts,
  Anybody help me out how to findout Authorisation Object for CIN transactions (which start, J* e.g. J1ID, etc....).
  by using tcode SU24, table USOBT_C or by tracing with ST01, other than SU53 for missing object on trail and error basis, we unable to find what tcode call which Auth. object.
  There is only one object class J1I1, in which there are more than 40 Auth. object.
  Please anybody help finding solution, from which table or transaction we can find which tcode call which auth. object.

  Hi,
  Using Profile generator you can generate a authorization profiels for a given role. You can use existing roles or build new roles also based on individual requirements.
  How do I restrict access to the various options under J1ID ,J1IT?
  CIN has pre delivered authorization groups j1it and j1id. You can attach this group to the table using transaction sucu.
  The list of authorization objects used with in CIN are as attached.
  J_1IEXC_JV      Authorization object for Excise JV transaction
  J_1IEWPOVP      Authorization object for Excise without PO – Verify
  J_1IFAC_SL      Authorization object for Factory sales transaction
  J_1IUTZLTN      Authorization object for Fortnightly payment
  J_1IFRTPYM      Authorization object for Fortnightly payment transaction
  J_1I_IMG        Authorization object for IMG
  J_1IEXC_OT      Authorization object for Other Excise Invoice Create
  J_1IPLA_FC      Authorization object for PLA forecast 
  J_1IREGS        Authorization object for RG23 issues and RG1
  J_1IARE_ME      Authorization object for area menu transaction
  J_1ICAP_GD      Authorization object for capital goods transaction
  J_1IDEP_SL      Authorization object for depot sale transaction
  J_1IEXC_IV      Authorization object for excise invoice posting transaction
  J_1IREGEXT      Authorization object for excise registers extraction
  J_1IEXC_RT      Authorization object for maintain excise rate transaction
  J_1IEXPRN       Authorization object for printing excise invoice
  J_1IUTZL        Autorization object for Fortnightly payment
  J_1IEX_PST      Autorization object for posting Other Excise invoice
  J_1IFAC_S1      Enhanced Factory sales authorization
  J_1IIEXCP       Exceptions for sales Excise invoices
  J_1IEXCJV1      Excise Invoice
  J_1IEWPOCR      Excise invoice without PO create
  J_1ICWIZ        Health Check
  J_1IINEX        Incoming Excise Invoice
  J_1IFACSL1      Out going excise invoice - authorizations
  J_1IFACT1       Out going excise invoice - authorizations
  Cheers...
  Santosh.
  <i><b>Reward Points if usefull.</b></i>

• Customizing Search Results - Relevance, object type

  Hello,
  We would like to customize our search so that it will always return pages first, then Global Links, then Documents. Each of these should then be sorted by relevance.
  Can anyone suggest what might be the best way to accomplish this?
  Thanks!
  ~Kevin.

  Hi Kevin
  Even I am working on similar UI customization of the search view, so that each object type result is grouped in a different table.
  Kindly let me know how to achieve this

• Auth. Object for follow up transactions in CRM

  Hello experts,
  I have created a few roles in CRM as i had to segregate the users' access to transactions as per their departments (Org. Units). The users are working on EP7 and everything is working fine except that they are <b>not able to create FOLLOW UP transactions</b>
  The standard sales representative role is working perfect,  Please help & let me know if there is any authorization object required which iam missing..i've tried everything.
  thnx,
  Jacob

  any replies plzz iam in urgent need of a solution ??
  thnx
  Jacob.