Authorization check for queries and workbooks
Hi Gurus,
I want help in BW(3.5 version) authorization to restrict the user not to display queries but he can display workbooks.
And I want to create a role where I can publish my workbooks. Like we have two business lines and I want to create the two roles.
I tried with
S_USER_AGR
S_USER_TCD
S_GUI
S_BDS_DS
This authorization objects are related to save the workbooks but my requirement not to save and as well as not to display the queries.
Please advise me what needs to be done to achieve this requirement.
Thanks
Robert.
Hi,
you required to query related authorization and work book related authorization.
query
s_tcode
s_rfc(for bex analyzer access)
s_rs_comp
s_rs_comp1
s_rs_fold(if user wants to see infoarea then only u have provide this authorization object)
s_rs_icube
s_rs_mpro
work book
if u want to save query results in work book
S_GUI
S_BDS_DS
if u want to save work book in roles
S_USER_AGR
S_USER_TCD
if u maintaint all the autozation object then you can able to save .
Similar Messages
-
Bex Default template for Queries and Workbooks
Dear All,
We have a default template for all queries and workbooks.But this default template was created using a AP query and saved as a workbook.Now all the users having AR role are not able to execute queries or workbooks.Since this default template has a AP info provider associated with it.Is it possible convert this default workbook to a generic one without any security restrictions.Please provide a solution.In Bex analyzer, you have option to convert a template into a default template.
Or you can create a copy of the existing template without AP infoproviders and assign it as default template. -
Authorization check for Open and Close Periods ( OB52)
Dear Experts,
We have created ZOB52 for Opening and closing periods. This is replica of Tcode: OB52 with some other developments that we required. Here for resticting user I had tried authorization Object: F_BKPF_BUP for particular company code wise posting. This was however not working. Kindly suggest.Hi,
The last column in OB52 - AuGr (Authorization Group) helps you in restricitng certain users to use a posting period. This field is freely definable.
If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
In OB52, in the row with the account type '+', enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
For company code wise restrictions, you should have a seperate posting period variant for each company code.
Edited by: Michael Gerard Leo on Jan 12, 2010 2:55 PM
Edited by: Michael Gerard Leo on Jan 12, 2010 3:01 PM -
Looking for all Queries and Workbooks
Hi,
in what table do i find all queries and workbooks ?
I would like to make a select in my abap programm and list them in an alv grid.
Thanks
altoHi,
Have a look at following code,
Hope that helps.
Regards
Mr Kapadia
*Assigning points is the way to say thanks.**
*& Report ZNTEST
REPORT ZNTEST LINE-SIZE 300.
TYPE-POOLS RSBC.
TABLES : RSZCOMPDIR,
RSZELTDIR,
RSZELTTXT,
RSZCOMPIC,
RSDCUBET,
RSDODSOT,
RSDCUBE,
RSDODSO,
RSDAREAT.
DATA : LT_RSZELTDIR TYPE TABLE OF RSZELTDIR,
LS_RSZELTDIR TYPE RSZELTDIR,
LV_IFLAG TYPE I,
LV_CFLAG TYPE I.
DATA : BEGIN OF ITAB OCCURS 0," with header line,
INFOAREA TYPE RSDCUBE-INFOAREA,
INFOAREAT TYPE RSDAREAT-TXTLG,
INFOCUBE TYPE RSZCOMPIC-INFOCUBE,
IDESC TYPE RSDCUBET-TXTLG,
QUERY TYPE RSZCOMPDIR-COMPID,
QDESC TYPE RSZELTTXT-TXTLG,
END OF ITAB.
SELECT * FROM RSZELTDIR
WHERE
OBJVERS = 'A'
AND DEFTP = 'REP'.
CHECK SY-SUBRC EQ 0.
SELECT SINGLE * FROM RSZCOMPDIR
WHERE
COMPUID = RSZELTDIR-ELTUID
AND OBJVERS = 'A'.
CHECK RSZCOMPDIR-COMPID(1) = 'Y' OR
RSZCOMPDIR-COMPID(1) = 'Z'.
CHECK SY-SUBRC EQ 0.
SELECT SINGLE * FROM RSZELTTXT
WHERE
ELTUID = RSZELTDIR-ELTUID
AND OBJVERS = 'A'
AND LANGU = SY-LANGU.
CHECK SY-SUBRC EQ 0.
SELECT SINGLE * FROM RSZCOMPIC
WHERE
COMPUID = RSZCOMPDIR-COMPUID
AND OBJVERS = 'A'.
CHECK SY-SUBRC EQ 0.
CLEAR ITAB.
ITAB-INFOCUBE = RSZCOMPIC-INFOCUBE.
ITAB-QUERY = RSZCOMPDIR-COMPID.
ITAB-QDESC = RSZELTTXT-TXTLG.
SELECT SINGLE * FROM RSDCUBET
WHERE
LANGU = SY-LANGU
AND INFOCUBE = RSZCOMPIC-INFOCUBE
AND OBJVERS = 'A'.
IF SY-SUBRC NE 0.
SELECT SINGLE * FROM RSDODSOT
WHERE
LANGU = SY-LANGU
AND ODSOBJECT = RSZCOMPIC-INFOCUBE
AND OBJVERS = 'A'.
ITAB-IDESC = RSDODSOT-TXTLG.
SELECT SINGLE * FROM RSDODSO
WHERE
ODSOBJECT = RSZCOMPIC-INFOCUBE
AND OBJVERS = 'A'.
ITAB-INFOAREA = RSDODSO-INFOAREA.
ELSE.
SELECT SINGLE * FROM RSDCUBE
WHERE
INFOCUBE = RSZCOMPIC-INFOCUBE
AND OBJVERS = 'A'.
ITAB-INFOAREA = RSDCUBE-INFOAREA.
ITAB-IDESC = RSDCUBET-TXTLG.
ENDIF.
SELECT SINGLE * FROM RSDAREAT
WHERE
LANGU = SY-LANGU
AND INFOAREA = ITAB-INFOAREA
AND OBJVERS = 'A'.
ITAB-INFOAREAT = RSDAREAT-TXTLG.
APPEND ITAB.
ENDSELECT.
SORT ITAB BY INFOAREA INFOCUBE IDESC.
LV_IFLAG = 0 .
LV_CFLAG = 0 .
LOOP AT ITAB.
AT NEW INFOAREA.
LV_IFLAG = 1.
ENDAT.
AT NEW INFOCUBE.
LV_CFLAG = 1.
ENDAT.
IF LV_IFLAG = 1.
LV_IFLAG = 0.
SKIP.
ULINE.
WRITE : / ITAB-INFOAREA COLOR COL_HEADING,ITAB-INFOAREAT COLOR COL_HEADING.
ULINE.
ENDIF.
IF LV_CFLAG = 1.
LV_CFLAG = 0.
SKIP.
ULINE.
WRITE : / ITAB-INFOCUBE COLOR COL_HEADING,ITAB-IDESC COLOR COL_HEADING.
ULINE.
ENDIF.
WRITE : / "ITAB-INFOCUBE, ITAB-IDESC,
ITAB-QUERY , ITAB-QDESC.
AT END OF INFOCUBE.
SKIP.
ULINE.
ENDAT.
ENDLOOP. -
Disabling authorizations checks for transactions SU53 and/or SU56.
Greetings.
I seem to remember reading that there was either a system profile parameter or a table entry that can be used to disable all authorizations checks for transactions SU53 and/or SU56.
Any truth in this or is my mind playing tricks on me?Hi,
I guess theres is profile param auth/tcodes_not_checked(I guess thats right), this will exclude SU53/SU56 from checks on transaction code.
This can be done using RZ10 and need to restart the system.
Rakesh -
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps. -
Create authorization check for a report
Hi,
I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
Say the report name is ZHR_TIMEABC.
Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
Thanks in advance,
VGHi,
Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
Your inputs will be helpful to understand this concept.
Thanks,
VG -
Authorization Check for Special Stock Indicator in IE02
Dear Gurus,
Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
Would appreciate your help.
Thanks.Hi,
This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode. -
Authorization check for a program/table
Hi ,
Can anyone help me out in
How to do authorization check for an abap program and also a table.
I have no idea about the authorizations.
My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
1. should be able to execute the program
2. View of the entries of the table.
Thanks & Regards,
KeerthiHello Keerhi ,
I got you wrong at first!
If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
First find the role
second add the user in the role ( PFCG T code---> USers tab)
Raj -
Authorization checks for bank account number in vendor master
I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
Thanks
-PeruHI Peru,
To supress a field in FK03 u will have to check
Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
But there bank account no is not there.
Moreover there r no authorization objects for all the fields that u gave.
So try creating screen variant/ transaction variant in SHD0.
Regards,
Kiran -
How to turn off the authorization checks for a object in infoproviders?
Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
Thanks,
Raj.Hi Raj,
Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
In BW3.5, use RSSM transaction to do thins.
OR
Go to transaction RSECAUTH ---> Choose the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
If you are using old authorization concept in 3.5 or in 7.0
Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
Hope this helps you,
Best regards,
Sunmit. -
No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
In EP we are trying to access bsp
and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
How to give authorization please help
venkateswararaoFirst Check is the ICF service is active using the SICF transaction.
Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
and SAP_HR_HAP_MANAGER.
Add the above roles to your user , it should work -
ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole
Hi
After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
<i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
I have not found anything helpfull thusfar.
Thank you for your help in advanceHi,
We had the same problem after upgrading to 2004s sp13.
We applied all available patches and it went away.
Check out this thread:
<a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
Best regards,
Avisahi Zamir -
RSZDELETE - Delete queries and Workbooks problem
Hi
in BW 3.x we were able to delete the queries and workbooks with transaction RSZDELETE ;however in NW2004s we are not able to delete this,is there any limitation or this feature has been changed to another transaction ??
Please help.Hi Kevin,
It's still there. As Prakash has suggested, the note must be applied. On a similar topic for the tcode rszc please bear in mind this will be enhanched in SPS 10.
Oss note 981104.
Cheers,
Pom -
Migration of bex 3.x queries and workbooks to Bex 7.1 queries and workbooks
Hi,
Migration of bex 3.x queries and workbooks to Bex 7.1 queries and workbooks.
For instance when you edit,open an 3.x query in 7.0 query designer it is automatically migrated.Would it be same if we open it in 7.1 query designer?Is it possible to migrate queries and workbooks without any fail or deletion or loss?
Thank you.I will add to the already excellent suggestions made above that the migration from Bex 3.x to Bex 7.0 is VERY laborious. There are no automated tools.
All queries and workbooks must be identified (use this as an opportunity to get rid of unused objects)
Each query must be converted to BI 7 and repairs done as needed.
Each Workbook must be converted to BI 7 and repairs done as well. The "Automated" conversion tool that SAP provides (it's behind the scenes Visual Basic) presents problems with at least 50% of the workbooks, and so they have to be manually fussed with.
If you've used Visual Basic at all in your Workbooks, you'll have to change 'em all. The On Refresh event no longer exists.
And of course, test... test.. test.. and test.
And don't forget to retrain your users. The User interface is dramatically different.
Good luck ! We're 3 months in to a five month conversion project.
Maybe you are looking for
-
Having trouble syncing music videos and playlists to my new iPod classic, already have an iTunes account, have an iPod nano, what am i doing wrong?
-
What Ram do I need for my iMac?
Hello I have an iMac 21.5-inch, Mid 2011, and I want to add more ram, and I think I have found the right type here:http://www.amazon.co.uk/Crucial-200-pin-SODIMM-PC2-5300-memory/dp/B000F7QRTG/ref =sr_1_1?ie=UTF8&qid=1420986001&sr=8-1&keywords=iMac+Ra
-
My Mac book pro shows this grey distorted screen during startup. Any ideas?
Looks like the above for a few minutes but then will go to the login screen like normal and work perfectly.
-
Problem linking to a third party application
Hi I wrote a link with SAP and a document management system. They have just upgraded their software so it is .net compliant. I have recoded my link but the problem I have is that when I call a routine to search and display a document it just shows a
-
Satellite L350 - Access code for the router
Dear Sirs I have a Toshiba Satellite L350 running Windows 7 Ultimate. For the first 5 months it remembered the wireless access code for the router. I then installed a BT Home Hub which I subsequently removed and from then on the Windows 7 machine wil