Authorization check for queries and workbooks

Similar Messages

• Bex Default template for Queries and Workbooks

  Dear All,
  We have a default template for all queries and workbooks.But this default template was created using a AP query and saved as a workbook.Now all the users having AR role are not able to execute queries or workbooks.Since this default template has a AP info provider associated with it.Is it possible convert this default workbook to a generic one without any security restrictions.Please provide a solution.

  In Bex analyzer, you have option to convert a template into a default template.
  Or you can create a copy of the existing template without AP infoproviders and assign it as default template.

• Authorization check for Open and Close Periods ( OB52)

  Dear Experts,
                         We have created ZOB52 for Opening and closing periods. This is replica of Tcode: OB52 with some other developments that we required. Here for resticting user I had tried authorization Object: F_BKPF_BUP for particular company code wise posting. This was however not working. Kindly suggest.

  Hi,
  The last column in OB52 - AuGr (Authorization Group) helps you in restricitng certain users to use a posting period. This field is freely definable.
  If only a limited set of users is to be able to post in a particular posting period, proceed as follows:
  Add the posting period authorization (authorization object F_BKPF_BUP) to the authorizations of the selected users. Assign an authorization group (e.g. '0001').
  In OB52,  in the row with the account type '+', enter the period(s) whose use is to be restricted in the first period, those which are available to all users in the second period, and the authorization group (e.g. '0001') in the last column.
  For company code wise restrictions, you should have a seperate posting period variant for each company code.
  Edited by: Michael Gerard Leo on Jan 12, 2010 2:55 PM
  Edited by: Michael Gerard Leo on Jan 12, 2010 3:01 PM

• Looking for all Queries and Workbooks

  Hi,
  in what table do i find all queries and workbooks ?
  I would like to make a select in my abap programm and list them in an alv grid.
  Thanks
  alto

  Hi,
  Have a look at following code,
  Hope that helps.
  Regards
  Mr Kapadia
  *Assigning points is the way to say thanks.**
  *& Report  ZNTEST
  REPORT  ZNTEST LINE-SIZE 300.
  TYPE-POOLS RSBC.
  TABLES  : RSZCOMPDIR,
            RSZELTDIR,
            RSZELTTXT,
            RSZCOMPIC,
            RSDCUBET,
            RSDODSOT,
            RSDCUBE,
            RSDODSO,
            RSDAREAT.
  DATA : LT_RSZELTDIR TYPE TABLE OF RSZELTDIR,
         LS_RSZELTDIR TYPE RSZELTDIR,
         LV_IFLAG TYPE I,
         LV_CFLAG TYPE I.
  DATA : BEGIN OF ITAB OCCURS 0," with header line,
         INFOAREA TYPE RSDCUBE-INFOAREA,
         INFOAREAT TYPE RSDAREAT-TXTLG,
         INFOCUBE TYPE RSZCOMPIC-INFOCUBE,
         IDESC TYPE RSDCUBET-TXTLG,
         QUERY TYPE RSZCOMPDIR-COMPID,
         QDESC TYPE      RSZELTTXT-TXTLG,
         END OF ITAB.
  SELECT *  FROM RSZELTDIR
      WHERE
           OBJVERS = 'A'
      AND  DEFTP = 'REP'.
    CHECK SY-SUBRC EQ 0.
    SELECT SINGLE * FROM RSZCOMPDIR
         WHERE
             COMPUID = RSZELTDIR-ELTUID
         AND OBJVERS = 'A'.
    CHECK RSZCOMPDIR-COMPID(1)  = 'Y' OR
          RSZCOMPDIR-COMPID(1)  = 'Z'.
    CHECK SY-SUBRC EQ 0.
    SELECT SINGLE * FROM RSZELTTXT
         WHERE
             ELTUID = RSZELTDIR-ELTUID
         AND OBJVERS = 'A'
         AND LANGU   = SY-LANGU.
    CHECK SY-SUBRC EQ 0.
    SELECT SINGLE * FROM RSZCOMPIC
         WHERE
              COMPUID = RSZCOMPDIR-COMPUID
        AND   OBJVERS = 'A'.
    CHECK SY-SUBRC EQ 0.
    CLEAR ITAB.
    ITAB-INFOCUBE =  RSZCOMPIC-INFOCUBE.
    ITAB-QUERY    =  RSZCOMPDIR-COMPID.
    ITAB-QDESC    =  RSZELTTXT-TXTLG.
    SELECT SINGLE * FROM RSDCUBET
           WHERE
                LANGU    = SY-LANGU
            AND INFOCUBE = RSZCOMPIC-INFOCUBE
            AND OBJVERS  = 'A'.
    IF SY-SUBRC NE 0.
      SELECT SINGLE * FROM   RSDODSOT
             WHERE
                  LANGU     = SY-LANGU
              AND ODSOBJECT = RSZCOMPIC-INFOCUBE
              AND OBJVERS  = 'A'.
      ITAB-IDESC    =  RSDODSOT-TXTLG.
      SELECT SINGLE * FROM RSDODSO
             WHERE
                  ODSOBJECT = RSZCOMPIC-INFOCUBE
              AND OBJVERS  = 'A'.
      ITAB-INFOAREA = RSDODSO-INFOAREA.
    ELSE.
      SELECT SINGLE * FROM RSDCUBE
             WHERE
                  INFOCUBE = RSZCOMPIC-INFOCUBE
              AND OBJVERS  = 'A'.
      ITAB-INFOAREA = RSDCUBE-INFOAREA.
      ITAB-IDESC    =  RSDCUBET-TXTLG.
    ENDIF.
    SELECT SINGLE * FROM RSDAREAT
            WHERE
                   LANGU    = SY-LANGU
             AND   INFOAREA = ITAB-INFOAREA
             AND   OBJVERS  = 'A'.
    ITAB-INFOAREAT = RSDAREAT-TXTLG.
    APPEND ITAB.
  ENDSELECT.
  SORT ITAB BY INFOAREA INFOCUBE IDESC.
  LV_IFLAG = 0 .
  LV_CFLAG = 0 .
  LOOP AT ITAB.
    AT NEW INFOAREA.
      LV_IFLAG = 1.
    ENDAT.
    AT NEW INFOCUBE.
      LV_CFLAG = 1.
    ENDAT.
    IF LV_IFLAG = 1.
      LV_IFLAG = 0.
      SKIP.
      ULINE.
      WRITE : / ITAB-INFOAREA COLOR COL_HEADING,ITAB-INFOAREAT COLOR COL_HEADING.
      ULINE.
    ENDIF.
    IF LV_CFLAG = 1.
      LV_CFLAG = 0.
      SKIP.
      ULINE.
      WRITE : / ITAB-INFOCUBE COLOR COL_HEADING,ITAB-IDESC COLOR COL_HEADING.
      ULINE.
    ENDIF.
    WRITE : / "ITAB-INFOCUBE, ITAB-IDESC,
              ITAB-QUERY   , ITAB-QDESC.
    AT END OF INFOCUBE.
      SKIP.
      ULINE.
    ENDAT.
  ENDLOOP.

• Disabling authorizations checks for transactions SU53 and/or SU56.

  Greetings.
  I seem to remember reading that there was either a system profile parameter or a table entry that can be used to disable all authorizations checks for transactions SU53 and/or SU56.
  Any truth in this or is my mind playing tricks on me?

  Hi,
  I guess theres is profile param auth/tcodes_not_checked(I guess thats right), this will exclude SU53/SU56 from checks on transaction code.
  This can be done using RZ10 and need to restart the system.
  Rakesh

• Authorization checks for PNP LDB

  question    : how to validate authorization checks for pnp logical database?
  2 nd question: hr report
  this report is basically for salary survey. in this i had so many fields can any body let me know how
  can i form the internal tables. and i have to display overall 150 fields in csv file for that
  how can i take in to the final internal table.
  what is the logic behind this:
  T71JPR09-JOBCODE
  PA0000-PERNR
  HRP1000-STEXT
  P0006-PSTLZ
  PA0008-ANSAL * 100 / PA0008-BSGRD
  PA0015-BETRG
  PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
  PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
  like that i had.
  please give me the steps how can i proceed.

  Hi,
  The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
  Hope this helps.

• Create authorization check for a report

  Hi,
  I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
  Say the report name is ZHR_TIMEABC.
  Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
  Thanks in advance,
  VG

  Hi,
  Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
  If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
  Your inputs will be helpful to understand this concept.
  Thanks,
  VG

• Authorization Check for Special Stock Indicator in IE02

  Dear Gurus,
  Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
  For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
  Would appreciate your help.
  Thanks.

  Hi,
  This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
  Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
  Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode.

• Authorization check for a program/table

  Hi ,
  Can anyone help me out in
     How to do authorization check for an abap program and also a table.
     I have no idea about the authorizations.
  My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
  1. should be able to execute the program
  2. View of the entries of the table.
  Thanks & Regards,
  Keerthi

  Hello Keerhi ,
  I got you wrong at first!
  If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
  First find the role
  second add the user in the role ( PFCG T code---> USers tab)
  Raj

• Authorization checks for bank account number in vendor master

  I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
  Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
  Thanks
  -Peru

  HI Peru,
  To supress a field in FK03 u will have to check
  Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
  in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
  But there bank account no is not there.
  Moreover there r no authorization objects for all the fields that u gave.
  So try creating screen variant/ transaction variant in SHD0.
  Regards,
  Kiran

• How to turn off the authorization checks for a object in infoproviders?

  Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
  I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
  Thanks,
  Raj.

  Hi Raj,
  Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
  In BW3.5, use RSSM transaction to do thins.
  OR
  Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
  If you are using old authorization concept in 3.5 or in 7.0
  Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
  Hope this helps you,
  Best regards,
  Sunmit.

• No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document

  In EP we are trying to access bsp
  and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
  How to give authorization please help
  venkateswararao

  First Check is the ICF service is active using the SICF transaction.
  Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
  and SAP_HR_HAP_MANAGER.
  Add the above roles to your user , it should work

• ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole

  Hi
  After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
  <i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
  I have not found anything helpfull thusfar.
  Thank you for your help in advance

  Hi,
  We had the same problem after upgrading to 2004s sp13.
  We applied all available patches and it went away.
  Check out this thread:
  <a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
  Best regards,
  Avisahi Zamir

• RSZDELETE - Delete queries and Workbooks problem

  Hi
  in BW 3.x we were able to delete the queries and workbooks with transaction RSZDELETE ;however in NW2004s we are not able to delete this,is there any limitation or this feature has been changed to another transaction ??
  Please help.

  Hi Kevin,
  It's still there.  As Prakash has suggested, the note must be applied.  On a similar topic for the tcode rszc please bear in mind this will be enhanched in SPS 10.
  Oss note 981104.
  Cheers,
  Pom

• Migration of bex 3.x queries and workbooks to Bex 7.1 queries and workbooks

  Hi,
  Migration of bex 3.x queries and workbooks to Bex 7.1 queries and workbooks.
  For instance when you edit,open an 3.x query in 7.0 query designer it is automatically migrated.Would it be same if we open it in 7.1 query designer?Is it possible to migrate queries and workbooks without any fail or deletion or loss?
  Thank you.

  I will add to the already excellent suggestions made above that the migration from Bex 3.x to Bex 7.0 is VERY laborious. There are no automated tools.
  All queries and workbooks must be identified (use this as an opportunity to get rid of unused objects)
  Each query must be converted to BI 7 and repairs done as needed.
  Each Workbook must be converted to BI 7 and repairs done as well. The "Automated" conversion tool that SAP provides (it's behind the scenes Visual Basic) presents problems with at least 50% of the workbooks, and so they have to be manually fussed with.
  If you've used Visual Basic at all in your Workbooks, you'll have to change 'em all. The On Refresh event no longer exists.
  And of course, test... test.. test.. and test.
  And don't forget to retrain your users. The User interface is dramatically different.
  Good luck ! We're 3 months in to a five month conversion project.