Authorization Concepts  on Interface Level

Similar Messages

• BPS_WIF0 authorization concept

  Authorization object R_PM_NAME can be used to control the access to different planning folders within UPSPL. What is a similar object for Web folders of the kind that can be executed from BPS_WIF0 or directly from the appropriate BSP. How is this same type of authorization concept applied, or does it need to be integrated directly into portal roles?

  Blake,
  there is no special authorization object for BPS web interface. You have to restrict access to the generated BSP application by using roles. However, even if someone had access to the BSP application, the next level of authorizations should be fully sufficient (BW auth. on transaction data, RSSM, or R_AREA, R_PLEVEL, etc).
  Regards
  Marc
  SAP NetWeaver RIG

• Switching BW authorization concept back and forth on the fly

  After upgrading to BW 7.0, we are currently developing the BW authorizations from scratch with the new analytical authorizations. The system is currently set to the legacy RSR authorization objects. The idea is now to define two timeframes on our development system, one for the users working with old authorizations, and a second timeframe for testing the new analytical authorizations.
  Can we switch the authorization concept back and forth on the fly, or are there any obstacles?
  Thanks in advance!

  Andreas,
  The latest version of BW is 7.3 which is also Analysis authorization concept like 7.0. So please clarify from the system status what level are you upgrading to.
  Under 7.0, the RSR objects were still available i.e. you can switch the concept back and forth on the fly, it will trigger a transport. AFAIK - In 7.3 however there is no support for RSR anymore in fact even the object class is not visible and so does the switch for the concept and even RSR objects (Z-objects) do not show up in PFCG either.
  So if you are moving to 7.0 switch is possible, 7.3 it is not. But in either case, you should be upgrading using a dual landscape with upgrade work being done & tested in separate boxes than daily production support landscape. It will come in handy at the time of testing also.
  Regards,
  Shivraj Singh

• Not clear with the Authorization concept for Marketing Plan

  Hi All,
  I am new to CRM and was going through some of the prescribed document for CRM marketing
  when i encounter with the authorization concept in marketing plan,for example how
  can i restrict a user with a campaign manager role from changing marketing plan.please
  provide the step by step procedure.
  Regards,
  Sanju

  Hi Sanju
  User with a campaign manager role can be restricted for changing marketing plan using authorization group.
  We define authorization groups for use in the Marketing Planner. Authorization groups can be maintained at both marketing plan level and campaign or trade promotion level. Authorization groups enable us to control which users are authorized to change which of these two types of marketing project. We could, for example, define one authorization group to be assigned to a marketing plan, then define further authorization groups to be assigned to the different campaigns within the marketing plan. In the Marketing Planne.
  Follow below steps
  1. Define authorization group using following IMG Path
  Customer Relationship Management / Marketing / General Settings / Define Authorization Group.
  2. In authorization object CRM_CPGAGR of the role Campaign manager maiantian activity 01, 02, 03 ,06 (this will allow user to create, change, display and delete)
  3. IMG defined authorization group ex: ABC can be seen under the tabstrip Basic Data of marketing plan.
  4. Now user have to choose the Authorization group ABC from the drop down in Basic tab to create a marketing plan. User will get the change access for all the marketing plan which have the authorization object ABC.
  Hope this will help...
  Rgds
  Mallikarjun

• Basic Authorization  concept

  Hi Friends,
  I want to be clear in basic authorization terminologies.
  Can any one give the definition for the each below mentioned basic authorization terminologies with some example?
  1.Object class
  2.Authorization
  3.Authorization Object
  4.Authorization Field
  5.Field Value
  6.Profile
  7.Role
  8.Composite role
  9.Reference role
  10.Derived role
  Thanks in advance.
  Regards,
  Venu

  Hi Venu,
  Lets come from the top to bottom ...
  at the highest level you have the Role. A role can be defined as follows.
  <b>Role</b>
  The collection of activities that a person performs to participate in one or more business scenarios in an organization.
  Access to the transactions, reports, Web-based applications, and other objects contained in roles is through user menus.
  Also in a simple manner can be defined as a set of transaction codes in one bundle.
  Note : when a Tcode is assigned to a Role hte related authorization objects get autmaticaly assigned to the role. I hope its clear until now.
  So every Tcode i sassigned to a specific set pof Authorization objects and every authorization object has a set of Auth fields assigned to it. They can be che3cked in any role in transaction PFCG.
  for better programming SAP has classified a set of authorization objects into OBJECT classess. its not much of importance to you as its a system thing.
  One more thing is every role has a profile assigned to it when its created and Generated. Usually profiles are the concept until 4.0 system of SAP...later the roles concept came into existence and hence they are defunct exept a few standard SAP profiles like SAP_ALL and stuff which can be assigned to Users directlky. Else Profiles are also automatic assignment and get linked to a uswer once a user is assigned a particular properly generated role.
  Coming to other terms, a group of single roles can be bundles into a single <b>composite role</b>. Hence its justa group of single roles.
  In authorization concept, wehave the Parent Child relations hip in roles.
  That is... when a Role is created we call it the master role and its properties can be inherited by a cild role.
  the scenario is if we r having 4 company codes in an org, and i am supposed to create roles for each comp code seperately..so i try to create a master role and create 5 child roles with inheritance properties. this way any change to master role gets drilled down to child roles without having to change all the rolese seperately.
  This is the concept of <b>derived roles</b>.
  i wish this info has helpfed you...
  Br,
  Sri
  Thanks for the points...

• Authorizations concept in SAP BI

  Hi All,
  Can you please tell me about Authoriions concepts in SAP BI ?
  Regards
  Syed

  hi ,
  About Authorizations Concept in SAP BI .....
  SAP BI 7.0 Authorization concept (analysis authorization) change a lot in accessing, analyzing and displaying BI information. The approach allow to restrict data access on Key figure, Characteristic, Characteristic value, Hierarchy node, and InfoCube levels. It enables more flexible data access management.
  Check this links
  http://help.sap.com/bp_bw370/documentation/Authorization_BW_Proj.pdf
  and
  check this two links too
  http://www.bwarea.com/2009/01/sap-bi-70-authorization-part-1.html
  http://www.bwarea.com/2009/01/sap-bi-70-authorization-part-2-creating_18.html
  Regards
  ChandU
  <removed by moderator>
  Edited by: Siegfried Szameitat on Jun 1, 2011 2:26 PM

• SAP Authorizations Concept Project

  Hello,
  Before, i would like to say that this thread will stay open, with questions and answers. Thanks
  I am starting a little project on authorizations. The company has only 9 users, and all of them have the SAP_ALL, SAP_NEW profiles, wich after an audit generated the need to have them removed and the need to implement an Authorization Concept from the root.
  The first step and most important is to get the profiles fixed before the next audit, wich i think will only give me time to create generic profiles based on a List of Transactions and Reports, that each one of them, or a group, executes. I've been reading the ADM940 module, and i have some experience in SAP BI Authorizations, but no experience in Authorizations at a higher level.
  My questions are, Recomendations and attentions i must have to implement this concept i've described and
  Is the automatic profile generator, based only on transactions and reports enough to fullfil the needs i described before enough? Or after that i'll have to maintain some Authorizations objects manually?
  Thank you very much
  JO

  Closing the thread, as it has a lot of days by now

• Variable Scope at package or interface level

  Hi,
  Can we set the ODI Project variable scope to package or interface level
  because in my project im using a last rundate refresh variable this variable value will be changed at the time of execution of each package.
  Thanxs
  Madhavi

  you can create it as "Not Persistent" and then its value exist per ODI session.
  In this way, several sessions can keep independent value to the same variable.

• Authorization at profit center level

  Dear All,
  In FI Module we have a requirement of Authorization at Profit Center
  Level.
  For Example : in FB50 transaction we want to allow some users to enter
  only for "1001" profit center.
  We have tried the following :
  We have create authorization object for PRCTR - Profit Center field and
  assing that object manualy to role. But it is not working. After assigning this authoization object, profit center also comes in "Organization Level". But at transaction level no effect.
  Thanks  in adanace,
  Nirav

  Hi Nirav,
  You will only invoke additional authorisation checks if the code for the transaction is changed to include the relevant AUTHORITY-CHECK code + subsequent logic.
  From memory for FB50 you will need to look into an appropriate user exit or enhancement point to code this additional check.  Alternatively you could use an alternative control such as random sampling for those users.

• Authorization at Folder Tab level

  Hello Experts
                               I have design a form which has lots of folder tabs , but now i want authorization at folder tab level, so that only authorized user has access to those tab, while unauthorize user is not able to see content inside the tab
  ex
  user1 - Full authorization
  user2 - No authorization on tab level
  Is it possible
  Plz suggest

  Hi,
  Yes u can write a small logic like that, for a specific user some folders will not be avaliable, for that i suggest u create a new UDT with some cols like user name, and folder item UID to restrict, so that the end user admin can update this table with the required folder item ID and user code as the users can change in the future,
  So u can have a logic like
  If loggedInUser = restrictedUser Then
  msgbox("Not authorized to view this information")
  bubbleevent = false
  End If
  U need to execute this logic in the item click event.
  Hope this helps,
  Vasu Natari.

• Authorization Concept - BI7

  Hi ,
  I'm working on authorization concept for BI7 which seems to be having a conflicting statement.
  User : Mary
  InfoObject : ZORDER
  Set 1 : Queries built on multiproviders within infoArea ZSALES should display ONLY order number 123.
  Set 2 : Queries built on multiproviders within infoArea ZPROJECT should display ALL order numbers.
  Its a conflicting scenario.
  Its giving an output for ALL orders for both set 1 and set 2 queries.
  Appreciate if anyone could provide some ideas if this is feasible to achieve within RSECADMIN.
  Thank you.
  Regards
  Maili
  Edited by: Maili06 on Jan 12, 2012 1:19 PM

  hi,
  plz try creating the analysis auth objects for the mentioned scenarios can be:
  1)1st auth object can have  infoarea=ZSALES and order number=123
  2)2nd auth object can have infoarea=ZPROJECT and order number=*
  Both these analysis authorization objects can be assigned to the user via RSECADMIN.
  In the auth profile, S_RS_AUTH = Inactive, read analysis auth from RSECADMIN and manual assignement.
  regards
  laksh

• Concept of capacity levelling

  dear gurus,
          can any body explains the concept of capacity levelling with t-codes.i already posted the same thread.but i require some more light.if any body explains it will be better for begginers.if anybody is having any doccuments regarding please send to [email protected]
                                           -guna

  Hi,
  The following points will be useful to understand the concept of Capacity Levelling.
  Capacity levelling is only relevant for inhouse manufactured products and the existing capacity over load in work center with in a plant can be overcome by shifting the operation performed on the overloaded work center to a future period where capacity is avialable by using CM22
  Example :
  1) An order consist of 4 opns let us suppose ( opn 10,20, 30 & 40)
  2) Opn 30 is being performed on a work center " WC1"
  3) Assume Capcity load on this work center WC1 is 150% (TCode : CM05)
  4) Shift some of the orders in the over loaded work center to a future period where capacity is available . When we are shifting Opn30 to a future period say 15th october , this opn date will be taken as reference & for all the preceeding operations backward scheduling carried out (ie for opn 10, 20). For all the succeeding operations (opn 40) Forward scheduling will be carried out.
  5) Capacity levelling by shifting the operation can be used for MTS items with out any problem. In the case of MTO we should take in to account the customer requirement date while shifting the opn/orders to a future period.
  Regards,
  Ramasamy

• How we can show authorization object  at infoprovider  level

  hi all
  how we can show authorization object at infoprovider level..
  shalini

  S_RS_ICUBE:
            Auth objects for working with Infocubes and their sub-objects. For example,
            protecting users who can define the Infocube, applying update rules, and
            looking at the data in the Infocube.
  In order to execute any query, u must have access to R_RS_ICUBE and S_RS_COMP. S_RS_COMP is
  a powerful object that enables u to make choices on how to secure.

• Concept Of Interface

  Hi,
  As per my understanding interfaces have only method signatures but not code for the methods.And the class implementing the interface needs to define the method.
  Now my doubt is, we use registerOutParameter() method of interface CallableStatement directly.
  How's this possible.
  Thanks.

  Hi,
  First: Your code isn't correct regarding several points.
  See inline:
  Hi,
  Take This is code for example
  DB = new DBConnectionWrapper();What is this DBConnectionWrapper()? I don't know such an element of the standard APIs.
  conn = DB.getConnection();
  CallableStatement conn = DB.getConnection();A callable statement is not returned by getConnection(), but by prepareCall() as you are doing it below.
  strPrepareString = DB.getStrPrepareString("PRC",66);
  csmt = conn.prepareCall(strPrepareString);
  Here we have made an object of interface
  CallableStatement, then we are calling prepare call
  method.
  But as per my understanding the interface contains
  only method signature and no code.Then how this
  works.Coming to your question: It's quite simple - prepareCall() returns a complete object which implements (!) the Interface CallableStatement.
  All things we are executing is always in objects of some classes, but we are accessing the objects via an interface.
  From this point of view the class definition of a class not implementing a specific interface is an interface itsself.
  (I left out static methods in this description, because static methods are breaking the the concept of Interface based programming.)
  Hope this helps
  Martin

• New Authorization concept

  Hi experts,
  what is new Authorization concept in NW2004s.
  All of our queries are created in Query Designer 3.x and our generic Authorization objects are created in RSSM.
  Is it necessary to use new Auth.concept ?
  What are the advantages or disadvantages of new concept?
  Thanks

  Hi there again,
  If you have that entry in RSCUSTV23 it means you're using the old concept of RSSM authorization not mantained anymore by SAP:
  I recommend (as well as SAP) to use the new concept. For that, since you've already the old authorizations, you can do a migration of authorizations with a standard report (transaction se38) called RSEC_MIGRATION.
  This report is of ease to use and does the migration of the old concept to the new one, therefore you can after running the migration use the new concept.
  The worst part, is that is recommended (and you should) do an exaustive battery test, to ensure, no errors are encountered with the new authorization concept after migration.
  You can also read about the migration of authorizations (and the detal of how to use the standard migration report) in here:
  [http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea&overridelayout=true]
  Diogo.