Authorization check activation for infoprovider

Similar Messages

• Authorization Check Failed for HR P_ORGIN on VDSK1

  Hi Experts,
  We have an issue where an HR secretary is making an address change to an employee via pa30.  She is successfully able to save the change with no warning on the screen.  However, when we run /nsu53 immediately after, we see that there was an authorization check failed.  The check failed is in class HR, object P_ORGIN.  The field is VDSK1.  We have values defined there, whereas SAP is requesting a *.  We do not want to use the *, but the value in VDSK1 is correct and should not be failing.
  Anyone ever see this issue before?
  Thanks
  Shane

  Hi Shane,
  Since the secretary was able to save the record I assume there is no issue with the role. SU53 always shows last failed authorisation check. Even if transaction has been succesful you normally find failed authorisation checks from SU53. In your case I assume that PA30 checks first that if user happens to have P_ORGIN with * value in VDSK1. If not then it checks employees infotype 0001 and organisational key and tries to match that to the value in the role. If you pass this check SU53 will still show failed check where VDSK1=*.
  So this is normal behaviour for SU53 and nothing to be worried about. Annoying is when SU53 gives something sill as last check after error. Annoying are SU53 reports from users to add S_DEVELOP with Debug object because programmer has decided to leave break-point to program.
  cheers, s

• Unicode Check Active For SAP Script

  How to set Unicode Check Active attribute for SAP Script and Smartform

  Hello,
  the Unicode Check Active flag is a program attribute. You can set this flag to check the syntax of an ABAP program. It is not available for SAPScript forms or SAP Smartforms. The attached screenshot shows how the flag is set in the attributes of an example program.
  Best Regards

• Authorization checked for infoObjects even though not relevant to report

  Hello guys,
  I am facing a problem in BI 7.0 authorization checks.
  For a given report the BI team has placed a restriction in the query only for infoObject 0Comp_code (company code) and 0SOLD_TO (sold to party). Accordingly i have created authorization in RSECADMIN and assigned to role--> user.
  But when the user runs the report, he gets as authorization error and during analysis in RSECADMIN i see that "list of Authorization relevant charecteristics(infoObjects) for info provider xxxx" contain other infoObjects as well.
  Is it a case where infoObjects can be made authorization relevant for the whole  info provider eg-ZSD_M42" (where this is a multi provider)apart from being checked for specific reports eg- ZSD_M42_Q0001?
  How do i get around this problem?
  Regards,
  Prashant

  Hi Prashanth,
  What Zaheer said was exactly correct.Make sure all the Auth relevant Chaaracteristics of an Infoprovider  are properly authorized through your Analysis Authorization.Suppose if you don't need security on other Characteristics of an InfoProvider give * in your AA which will byepass check on that particular Auth relevant Characteristics..
  More over,See to that all the key figures are properly authorized as all the keyfigures are by default auth relevant in BI.
  Cheers,,
  Ramkumar C

• Budget check not active for commitment & actual budget

  Budget check runs  fine while checking budget limits for Production order and vendor invoices i.e does not allow to further create production order and vendor invoices if budget limits exceeds the released budget.
  But  this budget check does not work on procurement processes ( PR, PO &GR).
  No warning or error message pop out and the system allows to further create PR/PO/GR  beyond  released budget
  What  config changes are required to make budget check active for procurement processes.

  Hi vishal,
  Check the Transcation groups in Budget tolerance limits.
  PScostsbudget---define tolerance limits.
  If you assign ++ All Activity groups it will activate the Budget avaliability control for all Transcation.
  Check the avaliability control in OPS9 whether the activation type is 1 or 2 . If  2 run the avliability control CJBN.
  Hope this will helpful,
  Regards,

• Unicode Check Active

  Hi All,
           I want to know about "Unicode Check Active" in ABAP Editor Program Attributes.I don't know anything about this.I want to know
  What is Unicode Check Active.
  How to Activate this Check Box.
  what is meant by Code Pages.
  What is UTF-8 UTF-16 & UTF-32.
  What is the Use of It.
  In ABAP Code the Unicode Check Doesn't Support the some syntax like Open Data set and Describe Lines like that what are all the syntax in ABAP it doesn't support.
  Can anybody give me the clear idea about this.So, it will be very helpful to me.This is very urgent.Surely i will reward more points.
  Thanks,
  Swapna.

  Hi,
  Unicode Check is one of the latest enhancement in SAP which has been done so as to provide SAP product in almost all the language that is spoken in the world.
  A program as to be made Unicode check Active in its attribute so that it can be used in Unicode enabled SAP system.
  what is unicode?
  From Release 6.10, ABAP supports multi-byte coding for characters in Unicode. Prior to Release 6.10, ABAP used only character sets that were based on single-byte codes – such as ASCII and EBCDIC – or double-byte codes, such as SJIS and BIG5.
  what is unicode enabled program?
  A Unicode-enabled ABAP program is a program in which all Unicode checks are effective. Such a program returns the same results in a non-Unicode system as in a Unicode system .In order to perform the relevant syntax checks, you must activate the Unicode flag in the screens of the program and class attributes.
  Type of errors in unocode check.
  This switch to Unicode affects all statements where an explicit or implicit assumption is made about the internal length of a character. If you use these statements in a program that is designed to exploit the Unicode capabilities of the runtime environment, they must be checked and changed if necessary. Once a Unicode-enabled program has been changed accordingly, it behaves in the same way in both Unicode and non-Unicode systems. You can develop programs in a non-Unicode system (NUS) and then import them into a Unicode system
  UNICODE CHECK ACTIVE:
  You need to use the transaction UCCHECK.
  The report documentation is here
  ABAP Unicode Scan Tool UCCHECK
  You can use transaction UCCHECK to examine a Unicode program set for syntax errors without having to set the program attribute "Unicode checks active" for every individual program. From the list of Unicode syntax errors, you can go directly to the affected programs and remove the errors. It is also possible to automatically create transport requests and set the Unicode program attribute for a program set.
  Some application-specific checks, which draw your attention to program points that are not Unicode-compatible, are also integrated.
  Selection of Objects:
  The program objects can be selected according to object name, object type, author (TADIR), package, and original system. For the Unicode syntax check, only object types for which an independent syntax check can be carried out are appropriate. The following object types are possibilities:
  PROG Report
  CLAS Class
  FUGR Function groups
  FUGX Function group (with customer include, customer area)
  FUGS Function group (with customer include, SAP area)
  LDBA Logical Database
  CNTX Context
  TYPE Type pool
  INTF Interface
  Only Examine Programs with Non-Activated Unicode Flag
  By default, the system only displays program objects that have not yet set the Unicode attribute. If you want to use UCCHECK to process program objects that have already set the attribute, you can deactivate this option.
  Only Objects with TADIR Entry
  By default, the system only displays program objects with a TADIR entry. If you want to examine programs that don't have a TADIR entry, for example locally generated programs without a package, you can deactivate this option.
  Exclude Packages $*
  By default, the system does not display program objects that are in a local, non-transportable package. If you want to examine programs that are in such a package, you can deactivate this option.
  Display Modified SAP Programs Also
  By default, SAP programs are not checked in customer systems. If you also want to check SAP programs that were modified in a customer system (see transaction SE95), you can activate this option.
  Maximum Number of Programs:
  To avoid timeouts or unexpectedly long waiting times, the maximum number of program objects is preset to 50. If you want to examine more objects, you must increase the maximum number or run a SAMT scan (general program set processing). The latter also has the advantage that the data is stored persistently. Proceed as follows:
  Call transaction SAMT
  Create task with program RSUNISCAN_FINAL, subroutine SAMT_SEARCH
  For further information refer to documentation for transaction SAMT.
  Displaying Points that Cannot Be Analyzed Statically
  If you choose this option, you get an overview of the program points, where a static check for Unicode syntax errors is not possible. This can be the case if, for example, parameters or field symbols are not typed or you are accessing a field or structure with variable length/offset. At these points the system only tests at runtime whether the code is sufficient for the stricter Unicode tests. If possible, you should assign types to the variables used, otherwise you must check runtime behavior after the Unicode attribute has been set.
  To be able to differentiate between your own and foreign code (for example when using standard includes or generated includes), there is a selection option for the includes to be displayed. By default, the system excludes the standard includes of the view maintenance LSVIM* from the display, because they cause a large number of messages that are not relevant for the Unicode conversion. It is recommended that you also exclude the generated function group-specific includes of the view maintenance (usually L<function group name>F00 and L<function group name>I00) from the display.
  Similarly to the process in the extended syntax check, you can hide the warning using the pseudo comment ("#EC *).
  Applikation-Specific Checks
  These checks indicate program points that represent a public interface but are not Unicode-compatible. Under Unicode, the corresponding interfaces change according to the referenced documentation and must be adapted appropriately.
  View Maintenance
  Parts of the view maintenance generated in older releases are not Unicode-compatible. The relevant parts can be regenerated with a service report.
  UPLOAD/DOWNLOAD
  The function modules UPLOAD, DOWNLOAD or WS_UPLOAD and WS_DOWNLOAD are obsolete and cannot run under Unicode. Refer to the documentation for these modules to find out which routines serve as replacements.
  Reward Points if found helpfull..
  Cheers,
  Chandra Sekhar.

• BW 3.5 which authorization objects available rssm (checks for infoprovider)

  Hi all,
  How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
  Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
  thanks for your help.

  Based on which criteria?
  Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
  Thanks,

• Authorization Check for Update Rules Modify during Scheduling of InfoPackag

  Hello Everyone....
  We have recently upgraded our Testing Environment to NW2004s SP10, and the system is currently Non-Changeable and all the other changes have been brought in via transports.
  After SGEN has completed, when I try to open up an existing InfoPackage and click on the "Start" button it gives me the "You have only authorization to display the "InfoProvider" name".
  If it is the load into DSO it complains about Activity 23 not available for the Subobject UPDATERULE of the object S_RS_ODS and if it is an InfoCube it complains about Activity 23 again for the Subobject UPDATERULE of the object S_RS_ICUBE.
  Which doesn't really make sense as the Activity 23 would allow the change to the Update Rules for the InfoProviders.
  Please advice if there is any other Role or Profile which needs to be maintained or a system setting to avoid this Auth Check.
  Also, the same when repeated in the Development environment shows the message "Generating the Update Program" in the status bar below and once that has completed, the extract works fine.
  Please advice......
  Any help would be really appreciated as we are kind of stuck on this issue.
  Thanks
  Dharma.

  Hi,
  You should use transaction ST01 then you can see the objects asked for with the value needed. Also transaction SU53 gives you information about the object you want to use. The new transaction RSECADMIN with the tab analyses gives you information that is not in SU53 and releated to the data selection. If it is an analyses authorization problem add authorization object 0BI_ALL to a role in the autorisation object S_RS_AUTH. I think you can get the information you need this way.
  Bye Jan

• User does not have authorization for InfoProvider

  Hi,
       We are in BI 7.0 and want to display the data in the cube that I created and loaded data to. In RSA1, I am do a right click on the cube and select "display data". I am getting to selection screen and after selecting the output fields and executing, I am getting the following error:
  User XXX does not have authorization for InfoProvider ZFREDC
  The long text is like this:
  You do not have sufficient authorization
  Message no. EYE007
  Diagnosis
  You do not have sufficient authorization for the requested data records.
  Procedure
  Either select other data or get the required authorizations from your administrator.
  I did a authorization check in SU53 after I got the error and it says the last authorization check was successful.
  Can somebody suggest me what to do. If there are any authorization objects that I need to have in my role?
  Thanks.

  Hi,
  Be sure to have authorisation object S_RS_ICUBE assigned with at least activity 03 (execute) and subobject data and agregate for the respective cube(s) or infoarea(s).
  Regards, Patrick Rieken.
  Message was edited by:
          Patrick Rieken - BI-Formance B.V.

• Authorization check when searching for transactions

  Hi all,
  We have a requirement to show only those activities for which a user is authorized. A custom authorization object has been maintained and the check in CRMD_ORDER has been extended accordingly. When opening an activity, the check is executed correctly, but when searching for activities, ALL activities are still shown, so the check is not performed at that particular moment. I have tested with standard authorization objects as well, but none of them are taken into account. Does anyone of you know how we can have the authorization check executed before or during the search, so that only those activities are shown, that the user may maintain as well.
  Thanks in advance!
  Regards,
  Joost

  Hello Joost,
  Check if BADI CRM_ORDER_INDEX_BADI could not map your requirement.
  Regards,
  Frédéric

• Authorization checks for bank account number in vendor master

  I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
  Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
  Thanks
  -Peru

  HI Peru,
  To supress a field in FK03 u will have to check
  Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
  in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
  But there bank account no is not there.
  Moreover there r no authorization objects for all the fields that u gave.
  So try creating screen variant/ transaction variant in SHD0.
  Regards,
  Kiran

• Authorization check for links on a page

  We are trying to control whether links on a JSP page are displayed or hidden based on an authorization check.
  We've already got the checks working on individual pages but not for the links within a page, because the security framework does not list links as their own Resource.
  Is there a way to call the Authorization security provider ourselves, for each link on our JSPs? This call would be outside of the initial security check for the main JSP.

  It's not going to be easy without DOM. Parsing HTML is a real pain, since there's all kinds of optional tags and quotation marks (pre-XHTML, that is). That makes any kind of ad-hoc parsing using regular expressions difficult, and less accurate than pulling the entire file into a DOM representation.
  Why don't you want to use DOM? Are you just making up silly requirements?
  EDIT:
  I guess you could use an event-based HTML parser (HTML::Parser in Perl works this way. Is there a Java equivalent?) Set up an event for IMG and A start tags, and extract the href/src attributes there. Finding out if they are valid or not will require either:
  1) Simply validate that the URL is well-formed by creating a URL object from it. This won't tell you if the link is active or not
  2) Validate the URL by connecting to it with an URLConnection. However, the URL will be marked invalid if the server is down or the URL is otherwise unavailable.
  Brian
  Message was edited by:
  [email protected]

• How to turn off the authorization checks for a object in infoproviders?

  Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
  I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
  Thanks,
  Raj.

  Hi Raj,
  Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
  In BW3.5, use RSSM transaction to do thins.
  OR
  Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
  If you are using old authorization concept in 3.5 or in 7.0
  Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
  Hope this helps you,
  Best regards,
  Sunmit.

• No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document

  In EP we are trying to access bsp
  and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
  How to give authorization please help
  venkateswararao

  First Check is the ICF service is active using the SICF transaction.
  Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
  and SAP_HR_HAP_MANAGER.
  Add the above roles to your user , it should work

• CL_GOS_SERVICE - Authorization check before activating GOS

  Hi,
  I am trying to figure out if it is possible to restrict the activation of GOS button depending on the user authorization for the selected object.
  Based on my very basic level understanding of abap, i think that we would need to inherit a class from CL_GOS_SERVICE And then status of service VIEW_ATTA would be set to active or inactive/invisible based on the authorization check.
  Scenario detail:
  Transaction: PA20 or PA30
  Authorization object in user's profile:P_ORGINCON
  When user enters the transaction PA20, the GOS button is not visible by default. After entering any personnel number (whether authorized or not) and pressing enter key, the GOS button becomes visible. I want to prevent this when the personnel number entered by user is not authorized based on the values contained in authorization object P_ORGINCON in the user's profile.
  Apprecaite if someone can guide me whether this is possible or not.
  Many thanks
  Regards,
  Zubair Naseer

  HI,
  Please check this sap note 491271 might be helpfull.
  Regards
  Hiren K.Chitalia