Auth relevant Objects in a Infoprovider
Hello,
Is there a way to findout list of Authorization Relevant Objects in a Infoprovider? instead of going through all the Objects?
Thanks,
KK
Hello Kris Kamal,
If you're in the new Authorization Analysis of BI 7, then all of InfoObjects marked as AuthorizationRelevant in rsd1->tab Business Explorer that exist for that InfoProvider the query is built are check during reporting. To see what are these InfoObjects go to transaction RSECADMIN create a new authorization from scratch in "Maintenance" give a short text description and push the button "InfoCube Authorization". Insert your InfoProvider where the query is built push enter and you'll see a list of InfoObjects. Those InfoObjects are checked for that query.
Please assign points,
Diogo.
Similar Messages
-
Hi,
I am looking for the concrete BW's dictionary-/ metadatatable(s)
which contain/describe the
Mapping of the (old,3.5.) Authorization Object to the (Auth.relevant) InfoObject
of the transaction "RSSM-Authorization for Reporting"
For example:
I got 3.5 Auth.Object ZCOMP_CODE and want to know to which (Auth.relevant) InfoObject
this is mapped, basically what's in the usage of this Authorization Object.
ThanXs
MartinHi,
As of now, your authorizations still in 3.x. so please check the below tables.
RSSBAUTHGEN - it holds info provider and authorization object
RSSBAUTHGENERATD - it have user name and info provider
RSSBAUTHTRACE
RSSBAUTHTRUSER
RSSBAUTVAL
RSSAUTHHIER
RSSAUTHHIERNODE
Coming to 7.x , Above mentioned T code kumar is enough to handle authorization concepts.
There is best document about 3.x and 7.x comparison on Google.
please search for it by using search term "An Expert Guide to new SAP BW Security Features"
Written by Marc Bernard
Thanks -
To Restrict Auth relevancy in RSD1 * removed_by_moderator *
Hi Gurus
I want to restrict user for t-code RSD1 such that they can not mark any object auth relevant. Can you please give me a clue which object should I change ?
Thanks
<removed_by_moderator>
Edited by: Julius Bussche on Jun 26, 2008 8:02 PMHi ,
check with the object
Data Warehousing Workbench InfoObject S_RS_IOBJ
Authorizations for working with individual InfoObjects and their subobjects.----Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
<removed_by_moderator>
Regards
Malti!!!
Edited by: Julius Bussche on Jun 26, 2008 8:00 PM -
Implement Hierarchy's On InfoObject that is Not Auth Relevant.
Hello Friends,
Please Advice me in this issue.
I am Upgrading from 3.1 to 7.0.I am able to implement hierarchies when the Infoobject is auth relevant.
There are hierarchies in 3.1 on Infoobjects which are Not Auth Relevant.
Like 0PLANT ..I don't know how to implement using this.
Is there any way to implement hierarchies on InfoObjects which are not auth relevant in BI 7.0 using Analysis authorizations.
Or Do i need to make thes non auth relevant InfoObjects of 3.1 to auth relevant in 7.0 and implement hierarchies.
Please advice.
Thanks,
RamHi Keerti,
Can you please tell me how to implement hierarchy with out making 0PLANT auth relevant.
We are upgrading from 3.1 to 7.0.
0PLANT is not auth relevant in 3.1 but it has Hierarchies.
So business team wants to have the same in 7.0 with out making it auth relevant.
Please help me in doing this.
Thanks
Ram -
Restricting access of to auth relevant characteristics
Hello Experts,
We have a requirement wherein I have to restrict access for a user by which the user would not be able change the poroperties of characteristics even in the local view in the query designer.
The requirement is like the user should be able to go into change query (local view) and change rows and columns but the user should not be able to change the properties of any characteristic.
In our case the user is trying to change the properties of a authorisation relevant characterstics which the user should not.
Thanks in advance.
Best Regds,
Suyog.Hi Suyog,
As per my knowldge, you cant control change acceess only to rows and column only in query designer. Also please note that maintaining auth. relevant charactristics as processing type authrization or customer exit is BW developers job, as BI security consultant you can give suggestions to maintain such varaiables.
Hence you give change query access in Dev and give only display in QA & production.
Best Regards
Imran -
Resultant user authorization of t-codes with a common Auth. Object
Hi,
I'm re-posting this question because the first time it was rejected and according to the Rules of Engagement, it seems it's because I did not post my photo, however, dear Moderator, if for any other reason, I mean not to be indecent, kindly let me know if there's anything violating the content rules.
I'm trying to control access to t-code AS02 using Asset Views (Auth. Object A_A_VIEW), so while looking around I noticed that this Object A_A_VIEW is present in other t-codes/roles assigned to some users.
My question is (pardon my basic terminology), if a I create a role that has a t-code with certain authorization values defined in its Authorization Objects, and assigned it to a user that has those Authorization Objects in his profile but from totally different t-codes in different roles, will the most explicit/resultant authorization take precedence in all the t-codes? or will the t-codes be accessed as per the authorization provided in their respective roles?Hi Saleh
Lack of photo would not have been the reason.
Is SAP security your background? What do you know of generated profiles, user buffer and the concept of cross-inheritance (or cross-talk)?
If you are asking if a user has Transaction AS02 from one role and A_A_VIEW from another would they be authorised or not then that is a basic question (fundamental of SAP authorisation concept). Basic questions are not allowed in SCN as you can obtain the answer via searching, sap help and basic training.
If you are trying to understand some specifics of the A_A_VIEW authorisation that the SAP Help (and also IMG configuration for Asset Views) did not provide then you might need to clarify your question.
Regards
Colleen
Ps - I did alert the moderator to your question as I thought it was basic question relating to the SAP authorisation concept that is covered in SAP help, Google and the ADM940 training course. -
RSSM Authorization objects linking to InfoProvider disappeared
Dear all
We have observed a strange scenario. Some times the link of the authorization objects to the InfoProvide disappeared and after certain time, it comes back again. It seems no any batch job running related to this. Have someone met the same situation?
Thanks for the help, JessicaI don't know if this is the answer to your question but I have a similar experience, but slightly different:
Sometimes, in the process of redesigning InfoProviders already present in the production system, they are deleted and recreated in development. When that happens, <i>all possible</i> authorization checks for reporting objects are checked again by default. Transporting these InfoPoviders back to Production means that users will experience a loss in authorizations until the irrelevant authorization checks for reporting objects are unchecked again.
This problem can only be solved by implementing a decent change management procedure and increasing authorization awareness for BW developers.
Good luck,
Kind regards,
Lodewijk -
Hi experts,
Please suggest how to make an info object as an authorization relevant object. Please guide step by step.
Thanks in advance.
AJAYhi ajay,
for authrization relevant info objects just mark your infoobject as authorization relevant in tha Business Explorer Tab of ur infoobject.
then if u have authrization go to t-code RSECADMIN.
here, undet the authorization tab ,
just create an Authorization Relevant object into which just
select ur actual info object name for which u want authorization.
after this just double click on ur info-object and enter your all restictions.
save it then.
hope this will help u
thanks. -
Authorization relevant objects list
Hello BI experts,
I need to find out the Authorization relavant infobjects in the system. How can i do it. Is there a table where i can find this data or any transactin
Thanks in advance
BWerhi BWER,
You want to see the authorisation relevent objects for perticuler system right.
1. Go to RSSM tr code
2.click the radio button Authorizations for several users there u have to enter ur lon-in Id name
3.right hand side 1 spects symbol is there for disply-- click on it.
It will show u all authorisation Infoobjects for u.
Thanks & Regards,
kiran -
Custom Auth. Object with Profile and role assignment not working
Hi,
I have created custom Authorization Object with field ACTVT with allowed values - 01,02, 03. Now test it with custom program using AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ' it is working fine and returning sy-subrc 12. At this point i have not created any role using this Auth Object.
Now I have created custom role ZPM_**** and assigned above Auth object to it with value ACTVT 03. Assigned this role to user.
When I try to test the above custom program with any ACTVT value it is giving sy-subrc as 0. Used below custom code in program.
AUTHORITY-CHECK OBJECT 'Z_AUTHORIZ'
ID 'ACTVT' FIELD '01'.
Am I missing anything? The profiles are generated correctly.
Best Regards,
NileshBelow are the screen shots for PFCG:
-
1 Auth. Object - 2 TCodes - Need 2 different actions?
Hello All,
I have 2 transactions ( IDX1 & IDX2) which works with authorization code "S_IDOCMETA". I need to have different access levels set for these two transactions. For example, I need only display access for IDX1 tcode and I need full access for tcode IDX2. How shall I go about it. As its only one auth. object if I give full action, both tcodes are getting effected. Thanks in advance. Any help will be rewarded.
Regards,
Farooq.Hi,
First the easier method.
Create two separate roles for these two transactions and add necessary auth values in the S_IDOCMETA. But the problem with this method is that once u assign both the roles to the end users then they will again end up having higher access for the two authorizations avaialable for S_IDOCMETA.
Second method is using custom auth object in place of S_IDOCMETA having all the fields of it and a field TCD transaction code in addition and place a check for this auth object in the transaction codes this is another solution which might be useful but u need to take the help of a ABAPER to get this done..
Hope this helps
Manohar -
Master Data Object as an InfoProvider
I have a master data object which is loaded with data. I need to carry out some analysis via queries on this object. What are the consequences if I now switch on the InfoProvider flag in the InfoObject? Thanks
Hi,
you will see it then underneath the InfoArea in the InfoProviderSection.
Then you'll be able to report onto the InfoObject.
Additionally, you can then use flexible Update for this InfoObject as well.
As far as I know, there are no negative aspects to this switch.
hth
cheers
Sven -
Dear Experts,
Anybody help me out how to findout Authorisation Object for CIN transactions (which start, J* e.g. J1ID, etc....).
by using tcode SU24, table USOBT_C or by tracing with ST01, other than SU53 for missing object on trail and error basis, we unable to find what tcode call which Auth. object.
There is only one object class J1I1, in which there are more than 40 Auth. object.
Please anybody help finding solution, from which table or transaction we can find which tcode call which auth. object.Hi,
Using Profile generator you can generate a authorization profiels for a given role. You can use existing roles or build new roles also based on individual requirements.
How do I restrict access to the various options under J1ID ,J1IT?
CIN has pre delivered authorization groups j1it and j1id. You can attach this group to the table using transaction sucu.
The list of authorization objects used with in CIN are as attached.
J_1IEXC_JV Authorization object for Excise JV transaction
J_1IEWPOVP Authorization object for Excise without PO Verify
J_1IFAC_SL Authorization object for Factory sales transaction
J_1IUTZLTN Authorization object for Fortnightly payment
J_1IFRTPYM Authorization object for Fortnightly payment transaction
J_1I_IMG Authorization object for IMG
J_1IEXC_OT Authorization object for Other Excise Invoice Create
J_1IPLA_FC Authorization object for PLA forecast
J_1IREGS Authorization object for RG23 issues and RG1
J_1IARE_ME Authorization object for area menu transaction
J_1ICAP_GD Authorization object for capital goods transaction
J_1IDEP_SL Authorization object for depot sale transaction
J_1IEXC_IV Authorization object for excise invoice posting transaction
J_1IREGEXT Authorization object for excise registers extraction
J_1IEXC_RT Authorization object for maintain excise rate transaction
J_1IEXPRN Authorization object for printing excise invoice
J_1IUTZL Autorization object for Fortnightly payment
J_1IEX_PST Autorization object for posting Other Excise invoice
J_1IFAC_S1 Enhanced Factory sales authorization
J_1IIEXCP Exceptions for sales Excise invoices
J_1IEXCJV1 Excise Invoice
J_1IEWPOCR Excise invoice without PO create
J_1ICWIZ Health Check
J_1IINEX Incoming Excise Invoice
J_1IFACSL1 Out going excise invoice - authorizations
J_1IFACT1 Out going excise invoice - authorizations
Cheers...
Santosh.
<i><b>Reward Points if usefull.</b></i> -
Customizing Search Results - Relevance, object type
Hello,
We would like to customize our search so that it will always return pages first, then Global Links, then Documents. Each of these should then be sorted by relevance.
Can anyone suggest what might be the best way to accomplish this?
Thanks!
~Kevin.Hi Kevin
Even I am working on similar UI customization of the search view, so that each object type result is grouped in a different table.
Kindly let me know how to achieve this -
Auth. Object for follow up transactions in CRM
Hello experts,
I have created a few roles in CRM as i had to segregate the users' access to transactions as per their departments (Org. Units). The users are working on EP7 and everything is working fine except that they are <b>not able to create FOLLOW UP transactions</b>
The standard sales representative role is working perfect, Please help & let me know if there is any authorization object required which iam missing..i've tried everything.
thnx,
Jacobany replies plzz iam in urgent need of a solution ??
thnx
Jacob.
Maybe you are looking for
-
OSX 10.5.8 Mail App 3.6 - sent mails are gone
After 16 years of using Eudora, I migrated to Mail 3.6 on 10.5.8. That was yesterday. Today I sent some emails with Mail 3.6 as reply to emails I received a few minutes before. The mails were sent correctly, as people told me so by phone. But, the se
-
Content based routing in receiver determination.
hi, how to do content based routing in receiver determination based on value of of a variable of target structure? Miten.
-
Does anyone know how to bold a text in one of the column of a JTable for example ID | NAME | STATUS| 1| me | away | so how do i bold the word 'away'??
-
3d parametric surface VI: I need some explanatio​n
I refer to the 3d graph which in input wants 2d arrays for x, y, z. Actually I cannot understand the Labview help, where it says: x matrix is a 2D array of data that determines the surface in relation to the x plane. (same for y and z) I cannot un
-
Exact meaning of IL offset within a stack trace.
I understand that when an exception is thrown (and there's no PDB around) the stack trace exposes the IL offset of where the exception arose (in the lowest frame). I'm not very clear though on what this means, is it the IL offset of IL operation that