Authorisation report

Similar Messages

• List of users with authorised reports and tables.

  hi all
  i have another requirement, that is List of users with authorised reports and tables in SAP.
  that means user wise which reports and tables have authorisations to execute.  for that what is the tcode or table name?.  please help me in this..
  Thank you.

  Hi,
  In SUIM tcode expand transactions node der ull have for users..........
  Cheers,
  jose.

• Read user in Vendor Authorisation Report

  Hi All ,
  Could you please tell me is there any Function Module to read User which does not exit , actually there is a requirement in the report of Valid user before it is going to select user Bname from USR02 Table , the user data is there in table usr02 but when i check the user in su01 Transaction the message says the user does not exit ,
  actually in my Vendor Authorization(Basis Report) these users are also coming which does not exit , so i  want to that the users which does not exist should not come up in the report , so could you please tell what check or FM should i put to stop these users display , sorry i am not having too much experience ,
  it is very urgent  any help will be appreciated ,
  thanks ,
  Jaitely

  Hi Arun
  Why dont you try the following FM
  SUSR_USER_DISPLAY_WITH_AUTHS
  you could also go to SE80 and under package give SUSR
  This would give you a variety of Function Modules related to users
  Note Award Points for Helpful answers

• Set Authorisation ---- Report Layout Manager

  Hi experts
              Recently i upgraded my SAP B1 2007 B to SAP 8.8 PL:12 and when i tried to set the authorization for using crystal report an .dmp file get created and error msg box get displayed and SAP client get closed.
              Administration -
  >Setup----->General -
  > Report and layout manager -
  >(Specified report is chosen)Set Authorization button is clicked the .dmp file get generated. Please give me a solution

  hi poongundran
  follow these steps
  first delete client set up from add/remove programms
  secondly delete sap business one folder form program files from c drive whre sap is installed
  now delete %temp%,prefetch,recent and recycle bin
  and restart ur system and now install sap client setup and now u will not get any dmp errors
  i think this will solve ur prob
  regards
  Jenny

• Vendor Authorization

  Hi All,
  We have a requriment, wherein we have to provide vendor autorization at query level.
  User accounts will be attached to a particular vendor autorization group. Which in turn will be assigned to each vendor and this autorization needs to be used at query level.
  We have R3 field BEGRP in 0VENDOR_ATTR DS which can be used for this purpose, but we are not how to use this field at query level for autorization.
  Please provide inputs.
  Thanks in advance.
  Hariprasad V

  Hi
  R/3 Field to be mapped with the relevant Info Object and you have to include the same to Cube then you can use the same for query Designing part too.
  But before that try at PFCG-- Roles & Authorisations for the users.
  http://help.sap.com/saphelp_nw04/helpdata/en/de/4885403e1b6e1de10000000a1550b0/frameset.htm
  Read user in Vendor Authorisation Report
  Hope it helps.

• OM - Moving Org Unit don't change relat 002 between my Position

  Hi,
  I have a problem with my OM system,
  I have five org unit (A B C D E) everyone with one position head of own organizational unit, a b c d e.
  this is my hierarchy
  A
  (a)
       B
        (b)
            C
             (c)  
       D
        (d)
            E
             (e)
  I have this relat in HRP1001
  Org Unit     Positions
  A 002 B     a 002 b
  A 002 D     a 002 d
  B 002 C     b 002 c
  D 002 E     d 002 e
  I'm moving (with ppome transaction) org unit C with its position c, under org unit D.
  A
  (a)
       B
        (b)             
       D
        (d)
            E
             (e)
            C
             (c)
  After the moving in HRP1001, relationship between org unit has changed B 002 C (is delimited) D 002 C (is new).
  But, I don't have relationship between Position d and c (d 002 c), and relationship between position b and c (b 002 c ) is still valid!!!
  Org Unit     Positions
  A 002 B     a 002 b
  A 002 D     a 002 d
  D 002 C     b 002 c d 002 c
  D 002 E     d 002 e
  Could someone help me?
  regards
  Fede

  Hi Frederica,
  if I understand your problem correctly, I'm afraid there is a major design flaw in your OM.
  You have an Org-hierrchy with leader positions assigned to each orgunit and the "normal"positions also assigned to those orgunits. This is absolutely sufficient for the system to know, who is reporting to whom and standard reports, evaluation paths, structural auth., workflows all can be set up to work with this correctly. And this is best practise.
  BUT you also seem to be using a position hierarchy in parallel. A position hierarchy is really only meant to be a quick and chaep alternative for an Org hierarchy, if you don't want to create orgunits. There is no new information in there. It's completely redundant. And your problem is proof for why this redundancy is damaging: you get inconsitencies.
  I"ve seen this before. Whilst their might be good resons for it (I"ve never seen one), thsi is usually done by consultants, who don't understand orgmanegement or do understand that what they are doing is wrong, but rather have teh customer do double manual work with almost guaranteed inconsistencies than make an effort to properly understand struc. authorisations, reports or workflows. If you have no clue about OM, the extra position hierarchy can make some things easier.
  So, my recommendation is:
  1) check our, where the position hierarchy is used for reporting, workflow, authorisations or other things in your system
  2) replace this by the org hierarchy
  3) delete the position hierrchy (i.e. the 002 relationships between positions)

• CRM Web UI - Authorisation error for Dashboard report

  Hello
  I am accessing CRM specific BI reports on CRM Web UI for areas like Lead Analysis, Marketing and Campaign Analysis etc, and most of the reports are working fine. But when I try to access a dashboard report (I am not really sure if it is called daashboard report beside the report name- it gives me an Authorisation error saying that the 'User does not have proper authorisations'.
  I have tried by assigning the role SAP_CRM_OR_USER suggested by a colleague, but even then I get the same error. Our Basis team does not have an idea on the exact role to be used.
  Could anyone of you please tell me the exact role to be used in order to see those report on Web UI. Thanks.

  Hi Sven
  I have tried that option of the transaction ORDYWB to activate the reports (this was also suggested in a SAP note i.e. to create a Z report and the code for which was given in the SAP note and upon executing the report, it showed a number of activities which have to be performed and had to implement those activities one by one). But in that transaction all the reports and InfoTypes are active with status 'OK'
  If you could give me the exact role which you have used for those reports, I will give it a shot. Also, in the CRM Web UI, I am unable to see the technical name of the report of the interactive report (dash board report?). If the report was executing in the CRM Web UI, we could see the technical name of the report, but for the non-executing reports, could you please tell me how to see the technical name?
  I have raised this to SAP and looks like even they are having a hard time finding the solution. Thanks.

• Lots and lots of authorisation checks in a listbox and a report

  Hello,
  I have an usual situation in one page here (Apex 3.0, Oracle 10g r2). I tried to find a solution for it searching the forum but no luck.
  It is a very simple page with an HTML region with some parameters and a plain report region below it. In the HTML region there is a list box based on a LOV, and when I turn the debug on what I see is:
  Hospital <<-- List box label
  0.18: Authorization Check: "60517010643704468" User: "LCABRAL" Component: ""
  0.18: Authorization Check: "60517010643704468" User: "LCABRAL" Component: ""
  0.18: Authorization Check: "60517010643704468" User: "LCABRAL" Component: ""
  0.18: Authorization Check: "60517010643704468" User: "LCABRAL" Component: ""
  0.18: Authorization Check: "60517010643704468" User: "LCABRAL" Component: ""
  The output goes on and on... it is like the authorisation is being checked for each row in the LOV.
  Same thing in the report itself (it has a column which display format is lookup LOV, based on the same LOV above):
  0.21: show report
  0.22: determine column headings
  0.22: activate sort
  0.24: parse query as: ENQUIRY_LOG
  0.24: binding: ":P400_START_DATE"="P400_START_DATE" value="23/09/2009"
  0.24: binding: ":P400_ADVISOR"="P400_ADVISOR" value="-1"
  0.24: binding: ":P400_HOSPITAL"="P400_HOSPITAL" value="34"
  0.24: binding: ":P400_SHOW_BOOKED"="P400_SHOW_BOOKED" value="Y"
  0.24: binding: ":P400_END_DATE"="P400_END_DATE" value="30/09/2009"
  0.24: print column headings
  0.24: rows loop: 50 row(s)
  0.24: Authorization Check: "100484744444833563" User: "LCABRAL" Component: ""
  0.25: Authorization Check: "100484744444833563" User: "LCABRAL" Component: ""
  0.25: Authorization Check: "100484744444833563" User: "LCABRAL" Component: ""
  0.25: Authorization Check: "100484744444833563" User: "LCABRAL" Component: ""
  0.25: Authorization Check: "100484744444833563" User: "LCABRAL" Component: ""
  This is not causing any problems per se, but I am a bit suspicious about it... Any ideas?
  Thanks!
  Luis

  Luis,
  The Hospital select list item's LOV query is:
  SELECT name, bu_id FROM
  WITH access_level AS (SELECT pkg_cel.is_authorized('NEC') nec,
  pkg_cel.is_authorized('MULTI') multi,
  pkg_cel.is_authorized('Users') users FROM dual)
  SELECT name, bu_id
  FROM commons.co_business_units BU
  , access_level AL
  WHERE bu.group_bu = 1
  AND bu_type = 'H'
  AND ((al.users = 1 AND BU.BU_ID = v('USER_BU_ID'))
  OR (al.multi = 1 AND (BU.BU_ID
  IN (SELECT BU_ID
  FROM NEC_USER_BUSINESS_UNITS
  WHERE USER_ID = v('USER_ID'))
  OR BU.BU_ID = v('USER_BU_ID')))
  OR al.nec = 1)
  ) order by 1
  See the reference to pkg_cel.is_authorized('NEC'). This is probably calling apex_application.public_role_check which invokes the authorization scheme logic.
  Let me know if that doesn't get you on the right track.
  Scott

• Different authorisations in different reports?

  Hello,
  I'd like to ask: how can I assign different authorisations for the same user for different reports?
  Example:
  I have a report of sales by customer, additionally groupped by Key Account Manager (KAM)
  KAM
  ....\_____ Customer
  and another one, where data is presented for Customers, groupped by Consultants (CON):
  CON
  ....\_____ Customer
  Both reports are based on the same multiprovider.
  Moreover, both KAM and CON are IObjects which have Customer as a reference char. I'd like to present reports to Key Account Managers and Consultants, showing their sales to respective Customers. But only theirs, not other KAMs' or CONs' sales.
  The point is - one person can be a KAM for one sale, and a CON for another one (although, those are two separate IObjects, they share master data with Customer).
  I have therefore made an authorisation for one user, giving him rights to view 'his' KAM, and ":" CON. After that, I have used this authorisation in a role, and assigned it to the user. This way, the report No. 1 provides correct data - only sales where KAM is the chosen user, regardless of values of CON (the IObject itself is not even present in the query, therefore the ":" has been used).
  How can I arrange the authorisations, so that this user can open the second report, presenting him sales to customers for which he was assigned as a CON?
  To put it shortly:
  How can I give user 001 rights to view all objects AA and only one value of object BB in report ABC1
  but give him rights to view only one value of object AA and all values of object BB in report ABC2?

  Hi,
  OK! try this following work around:
  Make it language dependent again . and unmap in transfer rules  ( cross symbol ).
  remove the info object in right panel too. and write the routine as follows.
  IF TRAN_STRUCTURE-sprache = ' '. ( write code of japanese langauge )
  And tran_structure-sprache = ' ' ( write code for chinese langauge )
    RESULT = 'e'.
  else.
  RESULT = TRAN_STRUCTURE-sprache.
  endif.
  activate the transfer rules and try uploading data again!
  Thanks,
  Ravi

• Authorisation check in report

  Hi ,
  we have developed a z report which is fetching grade from infotype 8 .All the users here dont have authorisation for infotype 8.Is it possible somehow that the users who don have authorisation for infotype 8 can rum that report.Right now when they are trying to run the report its showing 'No Authorisation for infotype 8'.Or is there some other place from which grade can be retrieved .
  Regards
  Saurabh

  Create an authorisation object (SU21)
  Put an authorisation check for this object in your report (AUTHORITY-CHECK)
  Create a role that contains this object (PFCG)
  Assign this role to all the users who require access to the report (SU01).
  <REMOVED BY MODERATOR>
  Edited by: Alvaro Tejada Galindo on Feb 27, 2008 2:07 PM

• Authorisation in Z-report

  Hi All
  I have created Z-report, i want to restrict  Access in Z-report using authosrisation object on field plant.
  I want to use standard authorisation object only.   This report must be used by specific business unit  plants users.
  I dont want to hardcode  users plant in program.
  How to achieve it?

  Hi,
  Can you let us know what information is being displayed in this Z report ?
  You will have to use the abap syntax
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <werks> FIELD <value>.
  There are quite many standard objects, so depending on which data you're reading / displaying we need to pick the object accordingly.
  Hope it clarifies.
  Regards,
  Vivek

• Authorisation Group and Reports

  Hi experts,
  I need to maintain a new authorisation group for a new report that I am creating. I know authorisation group can be maintained in the table TPGP and can be assigned from there. But I wanted to know if there is any other way of linking a report to a particular Authorisation group.
  Thanks,
  Kumar

  Hi Max,
  Thanks for the reply. An already created Authorisation group can be assigned in the attributes. But what I wanted to know was to create that authorisation group, Is the only way possible is maintain it in table TPGP or is there any other way?
  Thanks,
  Kumar

• AUTHORISATION REQUIRED FOR REPORT LEVEL POP UP WINDOW

  RESPECTED ALL
  I HAVE CREATED ONE REPORT AND CREATED ONE CHARACTERISTIC AND DUE TO WHICH WHEN I AM EXECUTING, IT FIRST ASK THE SELECTION CRITERIA WINDOW LIKE POSTING DATE AND MATERIAL SELECTION. BUT WHEN  I AM DOING THE SAME THING THROUGH THE DIFFERENT USER, THE SYSTEM IS NOT ASKING ME THE SELECTION WINDOW.
  I THINK THERE MUST BE SOME AUTHORISATION RELEVENT ISSUE. PLS GUIDE ME.
  THANKS ALL
  REGARDS
  ABHAY

  Hi
  I think the user has made the  selection as personalized . Remove the same. this will work fine.
  Cheers
  Chanda

• BW reporting authorisation using customer exit

  Hi,
  We are planning to implement BW reporting authorisations using customer exit, so that authorisations can be filled at the run time, this is to avoid maintaining huge number of authorisations.
  If any one has implemented this before, Please send me  some documentation for the same. We have BW 3.50 environmnet.
  Regd,

  Hi Anil,
  What kind of authorization do you need for your BPS layout? Please explain this requirement further and I will try to help.
  Your second question is quite good, where do I find the values to fill the user exit too do authorization correctly for each user, right?
  I think this depends heavily on your source system, but a good approach (if possible) is to compare the master data available in the BW system to the logged on user in the system. If not, you will have to maintain data, i.e. in an ODS (like you suggest) in order to have something to work with in the CMOD exit.
  For instance, consider this simple scenario (we can discuss it further if you give more details on your scenario and requirements):
  User ABC belongs to plant 10. User DEF belongs to plant 20. You have an ODS with mapping between usernames and plants.
  <pseudo code>
  In CMOD:
  data: lv_user(8) type c.
  data: lv_plant(10) type i.
  lv_user = sy-uname. "this will give you user's login id
  select single plant into lv_plant from <your ODS>
  where ods_userid eq lv_user.
  L_S_RANGE-LOW = lv_plant.
  L_S_RANGE-SIGN = 'I'.
  L_S_RANGE-OPT = 'EQ'.
  APPEND L_S_RANGE TO E_T_RANGE.
  User ABC will see plant 10 and user DEF will see plant 20.
  Do you have any master data (i.e. 0username) available to map between username and an user number (such as business partner)?
  Hope this helps,
  Petter

• Reports in Data Ownership Authorisations

  Hi,
  The Data Ownership Authorisations was defined In the system.
  The sys administrator does not like that in Sales Analysis Report, employees see the results of other branches.
  Hi would like that the employees from various locations seen the values in the Sales Analysis Report, only from the documents which they own.
  Are the reports will be included in the Data Ownership Authorisations in the next version of SAP
  Thanks & Regards,
  Michal

  Hi Michal,
  Welcome you to the forum.
  Your question is not very clear. If you want to have a DRQ, post it here: /community [original link is broken]
  Thanks,
  Gordon