Authorization checked for infoObjects even though not relevant to report
Hello guys,
I am facing a problem in BI 7.0 authorization checks.
For a given report the BI team has placed a restriction in the query only for infoObject 0Comp_code (company code) and 0SOLD_TO (sold to party). Accordingly i have created authorization in RSECADMIN and assigned to role--> user.
But when the user runs the report, he gets as authorization error and during analysis in RSECADMIN i see that "list of Authorization relevant charecteristics(infoObjects) for info provider xxxx" contain other infoObjects as well.
Is it a case where infoObjects can be made authorization relevant for the whole info provider eg-ZSD_M42" (where this is a multi provider)apart from being checked for specific reports eg- ZSD_M42_Q0001?
How do i get around this problem?
Regards,
Prashant
Hi Prashanth,
What Zaheer said was exactly correct.Make sure all the Auth relevant Chaaracteristics of an Infoprovider are properly authorized through your Analysis Authorization.Suppose if you don't need security on other Characteristics of an InfoProvider give * in your AA which will byepass check on that particular Auth relevant Characteristics..
More over,See to that all the key figures are properly authorized as all the keyfigures are by default auth relevant in BI.
Cheers,,
Ramkumar C
Similar Messages
-
Apple TV will not give me a "password sign in" for iTunes even though it recognizes that my password is wrong (it's new). Help!
Hi letjimdoit,
If you are unable to get to the screen that allows you to enter your password on your Apple TV, you may want to first try restarting the Apple TV. Use the steps in this aricle -
Apple TV: How to restart your Apple TV
If the same issue continues after restart, you may want to restore the Apple TV. See this article -
Apple TV (2nd and 3rd generation): Restoring your Apple TV
Thanks for using Apple Support Communities.
Best,
Brett L -
How to turn off the authorization checks for a object in infoproviders?
Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
Thanks,
Raj.Hi Raj,
Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
In BW3.5, use RSSM transaction to do thins.
OR
Go to transaction RSECAUTH ---> Choose the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
If you are using old authorization concept in 3.5 or in 7.0
Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
Hope this helps you,
Best regards,
Sunmit. -
I'm trying to activate iMessage on my iPad 2 - I keep receiving an error message saying I need to check my connection even though I am already connected through wi-fi and the connection is strong. Please advise.
Possibly there's a firewall in the router. For reasons that I do not understand, that will affect IOS (iPod/iPad) communication but will not affect computers or other devices.
You will need administrative access to the router. If a firewall is present, turn it off and test the iPod again. If it works, turn the firewall back on but weaken it a notch and test the iPod again. Repeat as required. -
Authorization check for surveys
Hello Friends,
Does anybody know if there is Authorization check for surveys?
I want to restrict access to surveys, depend on user and status of surveys (answered or not).
Thanks for any help.
LalasDear Lalas,
Unfortunately the survey runtime itself doesn't check any authorization.
But for my personal point of view, you might be able to look into the
following to fulfil your requirement:
1.add java script into the survey xml file
Or
2.define your own function module with additional authorization check,
and assign it to survey attributes in transaction CRM_SURVEY_SUITE,
as PBO or PAI function module.
(relevant steps necessary to activate the customer defined
authorization obj.)
Hope these could do help!
Regards, Gerhard -
Authorization check For T code
Hi everyone,
Can anybody guide to set a authorization check for a particular Tcode.
I have ztable where users are assigned particular numbers.
I want the users who are assigned some numbers should be able to use this particular t code
Thanks in advancehi
chk this out
AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Effect
Explanation of IDs:
object
Field which contains the name of the object for which the authorization is to be checked.
name1 ...
Fields which contain the names of the
name10
authorization fields defined in the object.
f1 ...
Fields which contain the values for which the
f10
authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios. The return code values have the following meaning:
4
User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8
Too many parameters (fields, values). Maximum allowed is 10.
12
Specified object not maintained in the user master record.
16
No profile entered in the user master record.
24
The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28
Incorrect structure for user master record.
32
Incorrect structure for user master record.
36
Incorrect structure for user master record.
If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ: Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK -
Authority Object? Authorization Check for Period
We consolidated from R3 to SEM tax reporting. So we now are using a different authority-check object. However, all of the parameters that were in the 'Authorization Check for Period' in R3 are not in SEM. Can you manually add parameters for to the authority-check. I am not even sure how to change or activate. Is this a Basis thing?
To be honest I do not know what this object checks when processing. It cannot be debugged?
I do not think my authorization level will be fully defined with the new object.
Any suggestions?
Thanks.
*In old ERP we used*
AUTHORITY-CHECK OBJECT 'E_CS_PERMO'
ID 'PERMO' FIELD '1' "Open period
ID 'DIMEN' FIELD g_dimen
ID 'RVERS' FIELD g_rvers
ID 'BUNIT' DUMMY
ID 'CONGR' FIELD g_congr.
In new SEM system we now need to use:
AUTHORITY-CHECK OBJECT 'R_UC_PERIO'
ID 'ACTVT' FIELD 'PA' "open period
ID 'CONS_AREA' FIELD g_congr.
ID 'TASK_FLD1' FIELD '__________'
ID 'TASK_FLD2' FIELD '__________'
ID 'TASK_FLD3' FIELD '__________'
ID 'TASK_FLD4' FIELD '__________'
ID 'TASK_FLD5' FIELD '__________'
ID 'TASK_FLD6' FIELD '__________'
ID 'TASK_FLD7' FIELD '__________'
ID 'TASK_FLD8' FIELD '__________'.Resolved issue.
-
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps. -
Authorization checks for bank account number in vendor master
I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
Thanks
-PeruHI Peru,
To supress a field in FK03 u will have to check
Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
But there bank account no is not there.
Moreover there r no authorization objects for all the fields that u gave.
So try creating screen variant/ transaction variant in SHD0.
Regards,
Kiran -
ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole
Hi
After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
<i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
I have not found anything helpfull thusfar.
Thank you for your help in advanceHi,
We had the same problem after upgrading to 2004s sp13.
We applied all available patches and it went away.
Check out this thread:
<a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
Best regards,
Avisahi Zamir -
Failed to activate authorization check for user SAPSYS
Hi Experts
I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
i am getting a error Failed to activate authorization check for user SAPSYS.
Please help me to solve this issue.
Regards
VenkatHi, Mr. Joe Bo.
Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
Basis Patch - 15, Kernel 159
I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
Thanks & Regards
Venkatesan J -
Authorization check for production order settlement
Hi All,
Production order settlement currently can be done by any user of any company code. there is a high risk involved in the same since unauthorized postings may happen. Hence we need to add authorization check for production order settlement. Can we maintain the same at the plant or the company code level?
Waiting for your replies. Thanks in advance!
Regards,
Aman Goelhi
What venki has told abt the exit, its absolutely correct.Even i have used the same exit
From table CAUFV pick Material(PLNBEZ),Basic Start Date(GLTRP),Plant(WERKS) .
Pass parameter Material(PLNBEZ) and Plant(Werks) in table MBEW in respective fields i.e. Material(MATNR) and Plant(WERKS).
Pick the latest record for the current period(LFMON) and year(LFGJA).
Pick Product Cost Estimate number(KALN1) from the record and pass it to table KEKO.
Check if Production Order Basic Start Date(GLTRP)<= BIDAT, if NO post Error Message.
This is the FS for EXit PPco0007
Reward if useful
Amit -
Authorization Check For Pricing Reference Materail In VA01 & VA02
Hi Expert,
User has requested to do authorization check for pricing reference material in line item in VA01/VA02. currently SAP does not has any authorization check for pricing reference material field at line item in VA01/VA02. Is there any standard authorization object for this purpose or needs to use user exit to do this checking ie if the pricing reference material entered does not belong to the sales org as entered in sales header data then system will issue warning/error message. What will be the standard user exit routine if there is no standard authorization object for this purpose ?
Thanks.
Regards,
Tay
Edited by: Hung How Tay on May 13, 2010 2:48 AMHi,
Try below in MV45AFZB
USEREXIT_SOURCE_DETERMINATION
Best regards,
Anupa -
Dear all,
I found there is no authorization check for plant in CO88, this means if user do not enter the plant, then all the orders will be settled, would anyone tell me how to control this?
thanks,
BenBen,
You can control this by creating seperate roles and giving plantwise authorization in these roles.. Please check Tcode PFCG for further details...
Thanks -
Authorization check for Removing of Delivery block in Sales Order
Hi,
I want to have an authorization check for the person removing the delivery block in the Sales Order.
By Default all Sales Orders will have a delivery block. I want to ensure that the user does not have the authorization to Remove the Delivery block.He should be able to choose any reason in the Delivery block if required.
Only the user which has the authorization to remove the delivery block should be able to do so.
I have checked that the Delivery block field does not have an Auth Object.
I want to enable delivery block removal for some users and restrict the same for others.
Please AdviseHi,
In object V_VBAK_AAT you can find the activity 43 that is meant for authorisation, that should be removed for the users who are not supposed to release the sales order for any blocks.
Try that it will work.
Regards,
Mann.
Maybe you are looking for
-
How to install SSMS on for SQL Server 2012 Express, Windows 8.1
I've installed Visual Web Developer 2010 and SQL Server Express 2012 on my Windows 8.1 machine. But there's no SSMS included. When I search the Microsoft web space, I find articles pointing to installers that crash, and downloads that have no ".exe
-
Unable to edit preferences in PSE 10 organizer
Hi all, I have searched to see if this topic has been previously posted, so if I have missed it, please forgive me.,,, Anyone else experiencing not being able to get passed the "loading" msg that appears after attempting to edit preferences in PSE 10
-
How can I delete items in the trash bin when they don't empty?
I downloaded font files and tried to delete them. I tried to empty trash but the items still appear. I tried holding down the optioin key while emptying the trash and the items are still there. How can I empty the trash bin?
-
HT4910 i had pdf files in my ibook icon, ipluged in ipad and lost all the files?
I had pdf files in ibooks, i pluged my ipad2 into my pc. got into itunes and i think i lost them. can i retreave it ??
-
Disk Utility Error - "Underlying task reported failure on exit"
I've been having a problem opening Logic 7.1 (it will crash at startup every time) and I got the advice to repair disk permissions. Both 'verify disk permissions' and 'repair disk permissions' work, but when I go to 'verify disk' I get the following