Authorization check on Z report

Hello Experts,
We had a requirement to develop a report which would combine the features of V.14 and V23 with some additional features like removing delivery blocks and billing blocks.
We want to add some authorization checks so that some people are restricted to view information of only some sales organizations and some people like management will have a broader authorization to view details of multiple sales organizations.  How can we acheive this?
For example in SU23 when we run our custom T code we do not see the authorization object which is used in the program. We are currently using VBAK_VKO in our program.
Thanks and regards.
ES.

Hi,
Adding to above replies, are you calling V.14 and V23 in your custom program or you created your own login in Z program? If standard tcodes are being called, make sure that appropriate restrictions are placed in SE97 tcode for the Z tcode.
In SU24, you will have to add the object to the Z tcode. You will not see it automatically. But make sure that the authority check is there in program (can verify by a ST01 trace).
As Anika said, you can create separate roles for each required sales organization.
Thanks

Similar Messages

  • Create authorization check for a report

    Hi,
    I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
    Say the report name is ZHR_TIMEABC.
    Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
    Thanks in advance,
    VG

    Hi,
    Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
    If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
    Your inputs will be helpful to understand this concept.
    Thanks,
    VG

  • Re: Setting Authorization Check in Report Writer

    Hi,
    In ABAP Query or ABAP customized program, it is possible to set authorization object checking.
    In Report Writer, how can I do it?
    <REMOVED BY MODERATOR - REQUEST OR OFFER POINTS ARE FORBIDDEN>
    Thanks
    Edited by: Alvaro Tejada Galindo on Dec 26, 2008 10:59 AM

    Hi Colin,
    I would like to suggest,
    Creating an Authorization object & then using it in the report program is the preffered way.
    I would like to suggest a couple of references, quite similar to your issue,
    [SDN - Reference for using authorization checks at the report level|User authorisation check in ABAP-HR program;
    [SAP HELP - Standard Reference for Programming Autorization checks|http://help.sap.com/saphelp_nw04/helpdata/en/52/6712ac439b11d1896f0000e8322d00/frameset.htm]
    [SAP HELP - Standard Reference for Authorization checks|http://help.sap.com/saphelp_nw04s/helpdata/en/fc/eb3ba5358411d1829f0000e829fbfe/frameset.htm]
    Hope that's usefull.
    Good Luck & Regards.
    Harsh Dave

  • Authorization Check in Ad Hoc Query

    Hi Experts,
    When a user is given access to an infoset via the query user group, he/she will be able to see all infotypes that are associated with the infoset. The user will actually be able to select the fields, construct the query, and only hit the authorization error when they execute the query.
    This is not ideal from a user perspective as the user might spend a lot of time constructing the query only to find out later that they are not able to execute it due to authorization restrictions. Is there a way to restrict upfront to show the user only the infotypes and fields they are authorized to when constructing the query? Please advice.

    You need to do this in your infoset ...
    You can use the following procedures if you want to change the behavior of the SAPDBPNP logical database:
    You can program the logical database not to skip personnel numbers. The data is, nevertheless, only made available to the relevant reports for the authorization check There is no direct way to access the data that was not read by the authorization check. This procedure is meaningful for the first example, but not for the other two examples. The relevant report implements the setting as follows:
    INITIALIZATION.
    PNP_SW_SKIP_PERNR = 'N'.
    It is conceivable in examples 2 and 3 that the evaluation would be possible for a certain period but not for a longer selection period. Normally, the logical database always selects all the data of an infotype and checks the authorization. If you want the system to read and check only the data of the selection period, you can use the RP_SET_DATA_INTERVALL macro (for the START-OF-SELECTION period) for this.
    The data is not requested immediately (addition MODE N for the INFOTYPES statement) and is checked by the report itself. The report uses the HR_READ_INFOTYP and/or the HR_CHECK_AUTHORITY_INFTY function modules from the HRAC group to check the data and decides itself how to react to missing authorizations.
    Procedures 1 and 2 are available for SAPDBPNP and are not supported by SAPDBPAP. Procedure 3 is always available. Procedure 3 is the only way of solving problems with the authorization check if a report requires only one subtype of an infotype and if users should not be able to access the other subtypes of the infotype
    -Saquib

  • Missing authorization check on the IM Reports

    Hi,
    We use RAIMINFO reports (S_ALR_87012805, S_ALR_87012806 u2026 ) to display
    structure and values in Ferrero Spa investment program
    On the initial screen, the value types which have to be output, are
    determined by the authorization checks to be carried out .
    For example in case that an user decides to display the plan or budget
    references to program position, the user has to have the authorizations
    on the Persons responsible (A_IMPR_VER). For us this is OK because we
    define responsibilities through A_IMPR_VER. But if user decides to
    display the appropriation request or measures and he doesnu2019t indicates
    the program position it seems that anything on the A_IMPR_VER will be
    performed. We need that the check on A_IMPR_VER will be performed always(for all objects: measures, appropriation request ).
    We think this is a function missing in RAIMINFO and in all the IM
    reports.
    Could you help us to solve this problem?
    Thanks and best regards,

    Hi,
    If you want use check box in crystal., then you can do this by writing piece of code.
    please try for
    If {Table.Field} = True Then
    'Display the checkbox of your choice here
    Formula = Chr(254).
    thanks.
    Bala

  • Authorization-check in company code for GR55 reports

    Hi to all!
    Created User: ZTESTUSER
    The scenario is this.
    We created a report in GR55(Report Painter) and we want users (ex. ZTESTUSER) to access only company codes 7000 to 7999. How will I be able to do that?
    I am thinking of creating a role or profile then assign it to the user, but I was not be able to locate an authorization object for GR55 reports.
    The authorization object in GR51 is not doing what we want. It only control the create/change/display and execution transactions.
    I tried using validation in GGB0 but I can't find a parameters where the GR55 reports will be checked so the users will be limited by company code.
    Can somebody help me?
    Thanks a lot.

    I programmed a company code check for a report like this.
    ===========================================================
    data: lv_text(4) type c.
      if p_bukrs is not initial.
        select single * from T001
                      where bukrs = p_bukrs.
        if sy-subrc <> 0.
          message e321(FR) with p_bukrs.
        endif.
        AUTHORITY-CHECK OBJECT 'F_SKA1_BUK'
        ID 'BUKRS' field T001-BUKRS
        ID 'ACTVT' field '03'.
        if sy-subrc <> 0.
          clear lv_text.
          lv_text = p_bukrs.
          message e800(FR) with p_bukrs.
        endif.
      endif.
    ============================================================
    but I was not able to do that in GR55 reports because the program is automatically generated by SAP named GPXXXXXXXXXXXXXXXXXXXXXXXXXXXX.

  • Authorization checked for infoObjects even though not relevant to report

    Hello guys,
    I am facing a problem in BI 7.0 authorization checks.
    For a given report the BI team has placed a restriction in the query only for infoObject 0Comp_code (company code) and 0SOLD_TO (sold to party). Accordingly i have created authorization in RSECADMIN and assigned to role--> user.
    But when the user runs the report, he gets as authorization error and during analysis in RSECADMIN i see that "list of Authorization relevant charecteristics(infoObjects) for info provider xxxx" contain other infoObjects as well.
    Is it a case where infoObjects can be made authorization relevant for the whole  info provider eg-ZSD_M42" (where this is a multi provider)apart from being checked for specific reports eg- ZSD_M42_Q0001?
    How do i get around this problem?
    Regards,
    Prashant

    Hi Prashanth,
    What Zaheer said was exactly correct.Make sure all the Auth relevant Chaaracteristics of an Infoprovider  are properly authorized through your Analysis Authorization.Suppose if you don't need security on other Characteristics of an InfoProvider give * in your AA which will byepass check on that particular Auth relevant Characteristics..
    More over,See to that all the key figures are properly authorized as all the keyfigures are by default auth relevant in BI.
    Cheers,,
    Ramkumar C

  • Report for authorization check

    Hey Masters
    Need your help
    How do I generate a report which will give all the changes made in which infotype & by whom
    I have checked the standard report s_ahr_61016380 but it does not give any output
    How do i configure this report
    Plz help
    Jayeeta

    hello
    go to
    Personnel Management
    -> Personnel Administration
    -> Tools
    -> Revision
    -> Set up change document
    and follow documentation
    regards
    Stefan

  • Authorization check to users in Report

    Hi frds,
    FI- Posting document created smart form
    My customer is asking Document values greater than RS : 250000/-  restrict to view some users ..........
    How to acheive this requirement...........

    Hi Kabil,
    a third option to the suggestions Nabheet Madan mentioned is to look for a property to recognize the special users.
    This might be a common role or authority, that no other users will own.
    For checking roles you can access table AGR_USERS, for check checking special authorities you need a matching AUTHORITY-CHECK in your report.
    Regards,
    Klaus

  • Authorization check in LDB PNP

    Hi All,
    I am using logical database PNP in my report program and GET PERNR to fill the infotype tables. Infotype level authorization checks are performed but not Org data level (organizational assignments). The role assigned to me has access to data of specific personnel areas but I am able to retrieve data of all personnel areas (this was maintained in the authorization object P_ORGIN).
    I read the level of simplification should have a value 1 in the authorization object P_ABAP for Org Level authorizations to be performed. I have updated my role but still org level authorizations are not performed.
    Can you please let me know if  any special setting are to be done like in Tcode OOAC or set some flags/parameters in the report program to perform org data level authorization.
    Any information provided will be really helpful.
    Thanks,
    Pavan

    Hi,
    A separate ID was created in an environment similar to production and proper authorization were assigned to it (I mean roles with authorization objcts P_ABAP - level of simplfication 1 and P_ORGIN - restricting based on personnel area). Still Org level authorizations were not performed while using the LDB PNP. Is there anything I am missing?
    Thanks,
    Pavan

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Authorization Issue for BI Reports

    Hi All,
    I am running the report with one User, and while running i am getting the error message as "NO AUTHORIZATION"
    I have checked in Su53 and got some logs over there. Pls find below.
    Authorization check failed
       Object Class RS   Business Information Warehouse
         Authorization Obj. S_RS_COMP  Business Explorer - Components
           Authorization Field ACTVT Activity      16
           Authorization Field RSINFOAREA InfoArea 0CRM_SERV_SO_QUOTE
           Authorization Field RSINFOCUBE InfoCube ZLEVAL
           Authorization Field RSZCOMPID Name (ID) of a reporting component ZLEVAL
           Authorization Field RSZCOMPTP Type of a reporting component      REP
       User's Authorization Data PROGRAM
       Object Class RS         Business Information Warehouse
         Authorization Object S_RS_COMP  Business Explorer - Components
           Authorizat. T-B372019300 Business Explorer - Components
             Profl. T-B3720193   Profile for role Z_PROGRAM_LOGIN
             Role Z_PROGRAM_LOGIN Role for Login Program
             Authorization Field ACTVT Activity                  *
             Authorization Field RSINFOAREA InfoArea             *
             Authorization Field RSINFOCUBE InfoCube             *
             Authorization Field RSZCOMPID Name (ID) of a reporting component ASPDEFECTSTOCKDESPATCH, ASP_DEFECT_STOCK_REPORT
             Authorization Field RSZCOMPTP Type of a reporting component
    Thanks,
    Jelina.

    Hi jelina,
    the user has only
    Authorization Field ACTVT Activity 16 >> include 03, 06 also
    Authorization Field RSINFOAREA InfoArea 0CRM_SERV_SO_QUOTE >> try to include the info area the report in or *( all)
    Authorization Field RSINFOCUBE InfoCube ZLEVAL  >> try to include the info cube the report in or * (all)
    Authorization Field RSZCOMPID Name (ID) of a reporting component ZLEVAL >> the technical name of the report should include
    Authorization Field RSZCOMPTP Type of a reporting component REP >> include Query View too
    kris

  • Authorization check failed

    hello experts!
    i created a program via smartforms but when my user try to generate a printed form an error message appear than FORM
    cannot be displayed. when i check Tcode: SU53 Authorization check failed.
    Object Class HR Human Resources
    Authorization Obj. P_ABAP  HR Reporting\
    Authorization Field COARS Degree of simplification for authorizaton check       1
    Authorization field REPID ABAP program name     ZHRPY00018C
    Please help on this one...
    How to fixed this
    Thank you

    hello...
    actually this report has 2 display a List display and via smartforms...
    we laready add this program  in her authorization profile... the only problem
    is when she try to generate the report via smartform she cannot produced the
    the output print docu. because an error appears that my FORM cannot be display.
    But when i check it in the development i can produced a test document.
    please help...

  • Structural authorization check in HR-ABAP

    Hello Friends,
    I am not able to get how to do the structural authorization check, my exact problem was : There is a report where it diplays all the qualifications of the employees and now I should restrict to only the employees who belongs to the organization unit depending upon the user who is running the report belongs to. It should check some more authorization profiles also.
    Regards,
    Yoganand.

    Hi Yoganand,
    if you use logical database PCH in your report, it should work by default.
    Manually search for RHSTRUAUTH in transaction SE37. There
    is a function modul which gives a list with the person the user has authorization.
    With this list you could compare the list with selected persons.
    hope this helps.
    Regards
    Bernd

  • Authority check in the report

    Hi All ,
    I have created a ALV report in that displaying three different reports on three radio buttons.These three reports uses same selection screen except 2-3 fields.
    Now our customer wants to create two t-codes for the same report one for  first radio  button report only and other  will have whole report.My query is how I can put a check in the report so that i can check authorization available for that user or not as he will not able to access other two reports.
    Please suggest.
    Regards,
    Sachin

    your first program event (LOAD-OF-PROGRAM) or 2nd event ( INITIALIZATION ) are good places to 1:, determine which tranacaction was used (sy-tcode), and 2:; to check the user's authorization and shut down before he even sees a selection screen, if he doesn't have authorization for the transaction code and/or the program.
    By the way, you could hide the buttons you don't want the user to see with the AT SELECTION-SCREEN OUTPUT event, which is called before the first appearance of the user screen....  That way, you only need one program for your more-than-one transaction code.  And, by utilizing a authoriztion object, and selection-screen output, you could do it all from one program and one transaction code.

Maybe you are looking for

  • HFM 11.1.2.3 Configuration - Issue with Consolidation Administration

    Hi, This is regarding a new/fresh installation EPM 11.1.2.3 and have an issue with configuration on HFM; the deployment is distributed as below 1) Server 1 : Foundation,WebLogic Admin(/OHS) - Workspace/Shared Services/Planning/Calc Manager/EAS/APS 2)

  • Problem connection to database when opening Crystal Report in VB6 app

    Hi all, first post, so be gentle! I've developed a simple app and database using VB6 and SQL Server 2005 and is seems to be working well when i test it. Problem i have is after i installed the app on another PC. When the user tries to open the report

  • Panther to leopard install

    Have taken a G5 twin out of mothballs and tried to install leopard over panther - error message says no 10.4 or later detected and aborts install - so unable to make it to archive install option. Any suggestions please? Thank you

  • Maximize a Web Template Window

    Again, sorry for what is probably a basic question, but I just can't find the answer and I hope someone can help. I have a Web Template called directly by a URL Link, and the window which the Template is shown in I want to be maximized automatically.

  • AE: Multiple Mitigation controls per risk

    Hi, I am currently setting up mitigation controls in CC and am wondering if it is possible to have 2 mitigation controls for a risk? It does not look possible, because when assigning access in AE and mitigating the risks,  it is only possible to choo