Authorization checked for infoObjects even though not relevant to report

Hello guys,
I am facing a problem in BI 7.0 authorization checks.
For a given report the BI team has placed a restriction in the query only for infoObject 0Comp_code (company code) and 0SOLD_TO (sold to party). Accordingly i have created authorization in RSECADMIN and assigned to role--> user.
But when the user runs the report, he gets as authorization error and during analysis in RSECADMIN i see that "list of Authorization relevant charecteristics(infoObjects) for info provider xxxx" contain other infoObjects as well.
Is it a case where infoObjects can be made authorization relevant for the whole  info provider eg-ZSD_M42" (where this is a multi provider)apart from being checked for specific reports eg- ZSD_M42_Q0001?
How do i get around this problem?
Regards,
Prashant

Hi Prashanth,
What Zaheer said was exactly correct.Make sure all the Auth relevant Chaaracteristics of an Infoprovider  are properly authorized through your Analysis Authorization.Suppose if you don't need security on other Characteristics of an InfoProvider give * in your AA which will byepass check on that particular Auth relevant Characteristics..
More over,See to that all the key figures are properly authorized as all the keyfigures are by default auth relevant in BI.
Cheers,,
Ramkumar C

Similar Messages

  • Apple TV will not give me a "password sign in" for iTunes even though it recognizes that my password is wrong (it's new). Help!

      Apple TV will not give me a "password sign in" for iTunes even though it recognizes that my password is wrong (it's new). Help!

    Hi letjimdoit,
    If you are unable to get to the screen that allows you to enter your password on your Apple TV, you may want to first try restarting the Apple TV. Use the steps in this aricle -
    Apple TV: How to restart your Apple TV
    If the same issue continues after restart, you may want to restore the Apple TV. See this article -
    Apple TV (2nd and 3rd generation): Restoring your Apple TV
    Thanks for using Apple Support Communities.
    Best,
    Brett L 

  • How to turn off the authorization checks for a object in infoproviders?

    Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
    I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
    Thanks,
    Raj.

    Hi Raj,
    Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
    In BW3.5, use RSSM transaction to do thins.
    OR
    Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
    If you are using old authorization concept in 3.5 or in 7.0
    Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
    Hope this helps you,
    Best regards,
    Sunmit.

  • TS2755 I'm trying to activate iMessage on my iPad 2 - I keep receiving an error message saying I need to check my connection even though I am already connected through wi-fi and the connection is strong. Please advise.

    I'm trying to activate iMessage on my iPad 2 - I keep receiving an error message saying I need to check my connection even though I am already connected through wi-fi and the connection is strong. Please advise.

    Possibly there's a firewall in the router.  For reasons that I do not understand, that will affect IOS (iPod/iPad) communication but will not affect computers or other devices.
    You will need administrative access to the router.  If a firewall is present, turn it off and test the iPod again.  If it works, turn the firewall back on but weaken it a notch and test the iPod again.  Repeat as required.

  • Authorization check for surveys

    Hello Friends,
    Does anybody know if there is Authorization check for surveys?
    I want to restrict access to surveys, depend on user and status of surveys (answered or not).
    Thanks for any help.
    Lalas

    Dear Lalas,
    Unfortunately the survey runtime itself doesn't check any authorization.
    But for my personal point of view, you might be able to look into the
    following to fulfil your requirement:
    1.add java script into the survey xml file
    Or
    2.define your own function module with additional authorization check,
      and assign it to survey attributes in transaction CRM_SURVEY_SUITE,
      as PBO or PAI function module.
      (relevant steps necessary to activate the customer defined
       authorization obj.)
    Hope these could do help!
    Regards, Gerhard

  • Authorization check For T code

    Hi everyone,
    Can anybody guide to set a  authorization check  for a particular Tcode.
    I have ztable where users are assigned particular numbers.
    I want the users who are assigned some numbers should be able to use this particular t code
    Thanks in advance

    hi
    chk this out
    AUTHORITY-CHECK
    Basic form
    AUTHORITY-CHECK OBJECT object
        ID name1  FIELD f1
        ID name2  FIELD f2
        ID name10 FIELD f10.
    Effect
    Explanation of IDs:
    object
    Field which contains the name of the object for which the authorization is to be checked.
    name1 ...
    Fields which contain the names of the
    name10
    authorization fields defined in the object.
    f1 ...
    Fields which contain the values for which the
    f10
    authorization is to be checked.
    AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
    You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
    The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
    If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
    If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
    The return code value changes according to the different error scenarios. The return code values have the following meaning:
    4
    User has no authorization in the SAP System for such an action. If necessary, change the user master record.
    8
    Too many parameters (fields, values). Maximum allowed is 10.
    12
    Specified object not maintained in the user master record.
    16
    No profile entered in the user master record.
    24
    The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
    28
    Incorrect structure for user master record.
    32
    Incorrect structure for user master record.
    36
    Incorrect structure for user master record.
    If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
    Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
    Note
    Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
    The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
    Example
    Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
    Table OBJ: Definition of authorization object
    M_EINF_WRK
       ACTVT
       WERKS
    Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
    M_EINF_WRK_BERECH1
       ACTVT 01-03
       WERKS 0001-0003 .
    can display and change plants within the Purchasing and Materials Management areas.
    Such a user would thus pass the checks
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' FIELD '0002'
        ID 'ACTVT' FIELD '02'.
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' DUMMY
        ID 'ACTVT' FIELD '01':
    but would fail the check
    AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
        ID 'WERKS' FIELD '0005'
        ID 'ACTVT' FIELD '04'.
    To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK

  • Authority Object? Authorization Check for Period

    We consolidated from R3 to SEM tax reporting. So we now are using a  different authority-check object. However, all of the parameters that were in the 'Authorization Check for Period' in R3 are not in SEM. Can you manually add parameters for to the authority-check. I am not even sure how to change or activate. Is this a Basis thing?
    To be honest I do not know what this object checks when processing. It cannot be debugged?
    I do not think my authorization level will be fully defined with the new object.
    Any suggestions?
              Thanks.
    *In old ERP we used*
    AUTHORITY-CHECK OBJECT 'E_CS_PERMO'
       ID 'PERMO' FIELD '1'   "Open period
       ID 'DIMEN' FIELD g_dimen
       ID 'RVERS' FIELD g_rvers
       ID 'BUNIT' DUMMY
       ID 'CONGR' FIELD g_congr.
    In new SEM system we now need to use:
    AUTHORITY-CHECK OBJECT 'R_UC_PERIO'
               ID 'ACTVT'     FIELD 'PA'          "open period
               ID 'CONS_AREA' FIELD g_congr.
              ID 'TASK_FLD1' FIELD '__________'
              ID 'TASK_FLD2' FIELD '__________'
              ID 'TASK_FLD3' FIELD '__________'
              ID 'TASK_FLD4' FIELD '__________'
              ID 'TASK_FLD5' FIELD '__________'
              ID 'TASK_FLD6' FIELD '__________'
              ID 'TASK_FLD7' FIELD '__________'
              ID 'TASK_FLD8' FIELD '__________'.

    Resolved issue.

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Authorization checks for bank account number in vendor master

    I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
    Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
    Thanks
    -Peru

    HI Peru,
    To supress a field in FK03 u will have to check
    Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
    in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
    But there bank account no is not there.
    Moreover there r no authorization objects for all the fields that u gave.
    So try creating screen variant/ transaction variant in SHD0.
    Regards,
    Kiran

  • ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole

    Hi
    After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
    <i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
    I have not found anything helpfull thusfar.
    Thank you for your help in advance

    Hi,
    We had the same problem after upgrading to 2004s sp13.
    We applied all available patches and it went away.
    Check out this thread:
    <a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
    Best regards,
    Avisahi Zamir

  • Failed to activate authorization check for user SAPSYS

    Hi Experts
    I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
    i am getting a error Failed to activate authorization check for user SAPSYS.
    Please help me to solve this issue.
    Regards
    Venkat

    Hi, Mr. Joe Bo.
    Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
    Basis Patch - 15, Kernel 159
    I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
    Thanks & Regards
    Venkatesan J

  • Authorization check for production order settlement

    Hi All,
    Production order settlement currently can be done by any user of any company code. there is a high risk involved in the same since unauthorized postings may happen. Hence we need to add authorization check for production order settlement. Can we maintain the same at the plant or the company code level?
    Waiting for your replies. Thanks in advance!
    Regards,
    Aman Goel

    hi
    What venki has told abt the exit, its absolutely correct.Even i have used the same exit
    •     From table CAUFV pick Material(PLNBEZ),Basic Start Date(GLTRP),Plant(WERKS) .
    •     Pass parameter Material(PLNBEZ) and Plant(Werks) in table MBEW in respective fields i.e. Material(MATNR) and Plant(WERKS).
    •     Pick the latest record for the current period(LFMON) and year(LFGJA).
    •     Pick Product Cost Estimate number(KALN1) from the record and pass it to table KEKO.
    •     Check if Production Order Basic Start Date(GLTRP)<= BIDAT, if NO post Error Message.
    This is the FS for EXit PPco0007
    Reward if useful
    Amit

  • Authorization Check For Pricing Reference Materail In VA01 & VA02

    Hi Expert, 
    User has requested to do authorization check for pricing reference material in line item in VA01/VA02. currently SAP does not has any authorization check for pricing reference material field at line item in VA01/VA02.  Is there any standard authorization object for this purpose or needs to use user exit to do this checking ie if the pricing reference material entered does not belong to the sales org as entered in sales header data then system will issue warning/error message.  What will be the standard user exit routine if there is no standard authorization object for this purpose ?
    Thanks.
    Regards,
    Tay
    Edited by: Hung How Tay on May 13, 2010 2:48 AM

    Hi,
    Try below in MV45AFZB
    USEREXIT_SOURCE_DETERMINATION
    Best regards,
    Anupa

  • Authorization check for CO88

    Dear all,
    I found  there is no authorization check for plant in CO88, this means if user do not enter the plant, then all the orders will be settled, would anyone tell me how to control this?
    thanks,
    Ben

    Ben,
    You can control this by creating seperate roles and giving plantwise authorization in these roles..  Please check Tcode PFCG for further details...
    Thanks

  • Authorization check for Removing of Delivery block in Sales Order

    Hi,
    I want to have an authorization check for the person removing the delivery block in the Sales Order.
    By Default all Sales Orders will have a delivery block. I want to ensure that the user does not have the authorization to Remove the Delivery block.He should be able to choose any reason in the Delivery block if required.
    Only the user which has the authorization to remove the delivery block should be able to do so.
    I have checked that the Delivery block field does not have an Auth Object.
    I want to enable delivery block removal for some users and restrict the same for others.
    Please Advise

    Hi,
    In object V_VBAK_AAT you can find the activity 43 that is meant for authorisation, that should be removed for the users who are not supposed to release the sales order for any blocks.
    Try that it will work.
    Regards,
    Mann.

Maybe you are looking for