Authorization for excuting reports

Similar Messages

• Report S_ALR_87013105 : no authorization for the report/ table 7KU6_001

  Hi Gurus,
  While executing the program S_ALR_87013105 (Detailed Reports 
  For Sales Order : Plan/Actual Comparison ) system showing the selection log.
  "Have no authorization for the report/table  7KU6_001 and 7KU6_002".
  But for the user the authorization check through SU53 was successful.
  Pl can any one suggest on this issue.
  Thanks in advance,
  Vijay

  Hi,
  Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
  Regards,
  Sankar

• Authorization for the report

  Hi
  I have made one report,  I needed to check the authorization for the report, how to do it.
  Eg.  One employee is executing the report, he only needed to select his transaction
  If somebody from one sales organisation, they only needed to take the data belongs to the sales office.
  SELECT-OPTIONS: p_vkorg  FOR tvkot-vkorg.
  SELECT-OPTIONS: p_pernr FOR pa0001-pernr
  for example two selection parameter is displaying. if my employee no is 100, while trying to enter execute the report for 200 employee no. no data should show. like that vkorg filed also should work.
  Please let me know how it possible.
  Regards
  Sebastian John

  Hi,
  You can change the code below
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZFNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  This code does an authorization check at company code level and removes all the company codes that user has entered but is not authorized to look for. After that we pass the filtered list of company codes for which user is authorized to in the select query and fetch the results. You can first select all the records from database for PERNR and VKORG. Then filter them and prepare new list of VKORG and PERNR after performing authorization check and pass it further to select queries in your program.
  KR Jaideep,

• Authorization for Web report

  Hello Experts,
  One of my user wants to see a report in the web and wants an authorization for the same. When he is trying to execute the query in the WEB he is facing the follwoing error.
  User SCANESIN has no RFC authorization for function group SDIFRUNTIME.
  What steps do i need to follow to resolve this issue.
  Regards,

  Hi,
  You can solve this problem with the help of your basis person.
  Go to the role of that use using RSECADMIN. Find the authorisation object S_RFC. Include SDIFRUNTIME in
  'Name of RFC to be protected' field. Activate the role.
  Regards
  Githen

• Roles & Authorizations for Web Reports...

  Hello Experts,
  We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
  We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
  I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
  And also how to call a function from web applications.
  This is a kind of urgent issue any quick ideas would be greatly appreciated.

  I apologize for the difficulty in reading this  I will repost.
  We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
  With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
  The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
  Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
  To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
  Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
  <Font ID="UserID",,,textelement....</Font>
  Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
  [<SCRIPT language = "JAVASCRIPT">                       
    function fnRepOnLoad()
      var user_ID=document.getElementById("UserID").innerHTML;
      if (user_ID=='USER123')
        document.all["HEADTMPLT1"].style.visibility = 'hidden';
        document.all["HEADTMPLT1"].style.position = 'absolute';
      else         
        document.all["HEADTMPLT2"].style.visibility = 'hidden';
        document.all["HEADTMPLT2"].style.position = 'absolute';
  </script>
  The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
  We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
  As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
  Var User_template=document.getElementById("UserTmplt").innerHTML;
  If UserTmplt = HeaderTemplate1
  -->  make all header templates other than HeaderTemplate1 invisible
  else
  -->  make all header templates other than HeaderTemplate2 invisible
  etc...
  I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
  Best Regards,
  Larry

• Authorization for BI Reports

  Hi All,
  I am new to BI Authorizations. In my Project there are 150 Users are there.So for each user,Authorization Object
  is created in RSECADMIN and Roles are created in PFCG Tcode.
  Initially we have created 9 Reports and it is running in BI PRD. In all 9 reports we are using the Info Object
  "0CRM_PRCTYP - Business Transaction Type" and Authorization Relvent is Unchecked in this Case.
  Now the Client wants some more reports and need to provide Authorization for this Field "0CRM_PRCTYP - Business
  Transaction Type".And these new reports will be used by "New Users".
  So i have Checked the Authorization Relvent for the Info Object "0CRM_PRCTYP - Business Transaction Type" and
  Created Authorization Variable in Reporting Level.After doing this, I have executed the report by logging with new
  Users and it is working fine for new reports.
  Then i have checked the Old reports (9 Reports) ion RSRT and found that the error "NO AUTHORIZATION" for all 150
  users.
  Can you please help me how to rectify this error.
  Thanks,
  Jelina.

  Hello Jelina,
  First, try to check the reports by running them with the user account in transaction RSECADMIN -> tab Analysis -> Execute as user.
  If this will return an error please go with transaction SU53 and check what role/authorisation has generated the error. Afterwards, launch PFCG, go to Authorisation tabs, Display authorisation and add the reports BOTH under -> Business Warehouse-> Business Explorer Components  and ->Business Warehouse -> Business Explorer Components - Enhancement to the Owner.
  After this press the Generate button (looking like nuclear hazard but in red&white) and SAVE. Go to the TAB Users in PFCG and press the button USER COMPARISON and afterwards SAVE.
  Now it should work. Let us know if you still have problems.
  br,
  Dan

• Authorizations for WEBI report based on BPC data model

  Hi All,
  We are strugelling with setting up authorisations for the reporting on BPC data model.
  We created Bex query on top of Multiprovider that consists of BPC cube. The Bex query is source for WEBI output. The authorisations has been set up on BPC data model (cube) in BPC application but they are not passed nor to Bex query nor to Webi. Example: The query is build on top of OPEX BPC data model, this data model is restricted based on Oranizational Unit. My test user is allowed to see only Org Unit = 'Australia' in the OPEX BPC data model, however when I'm running the report I can see absolutely everything.
  We are not connecting/using any BI cubes itself for this reporting. We are intrested only in the WEBI report based on BPC data models.
  We were trying to use BPC data model (without any extra settings) as the source for BEx report, we were also trying to use virtual BPC data model as the source for Bex transient query - but non of these have helped.
  Can you please advise how the authorisations should be set up for WEBI reporting on BPC data models?
  Kasia

  Anybody can help with this issue please?

• Authorization for specific report

  Hello friends ,
  I want to give authorization to user specific to only one report , can anybody tell me the specific object and values fro it ?
  Regards
  Nilesh Vakil

  Hi,
        You can add this purticular Query in the Role which is assigned to that user. First you assign that role to your User ID and then you can add this object in the Role by opening the Query in BEx--> Click on publish in Role.
  Now that report will be accessable for all the users where that role is Allocated.
  Regards
  Karthik

• Authorization for running report based on Remote Cube

  Hi ,
  I have created a report based on Remote cube in BI 7.0
  I have created a DTP with Direct access to load the Remote cube.
  While running the report based on Remote cube , I am getting error
  'You are not authorized for the DTP '
  The report is running only when I assign the '*' value  to the authorization objects for the role in which the report is stored:
  S_RS_DTP = * (For DTP)
  S_RS_TR = *   (For Transformation)
  S_RS_DS = * (For datasource)
  I want to restrict the values to the objects related to my report only rather than * which means ALL.
  Please help what values to assign for these authorization objects for the Role.
  Thanks.

  Hi,
  You need to make necessary settings in RSECADMIN for the Authorization Objects. The default values will be * . You have to customize them to suit your requirement.
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/101fb4f5-eb7c-2c10-5daa-b479c47f0a14
  Regards,
  Suman

• How set authorizations for sales reports and other reports in SAPB1

  Hi, I'm currently working in SAP Business One Version 8.82
  The issue I'm facing is that I want to set it up so that certain users cannot see other users' sales information.  I know that I can turn on or off the Sales Analysis Report for various users for instance, but what I really want specifically is this.  Suppose we have 3 different teams: Team A consists of (Angie, Angela, and Anita the manager), Team B consists of (Bob, Barbara, and Ben the manager), Team C consists of (Cat, Charlie, and Courtney the manager).  I would like to make it so that everyone can view the individual sales order documents of everyone else (in case a customer calls and needs information, but the salesperson who created that document isn't there); however, Angie should only see her own orders when she does a Sales Analysis while Anita, the manager of Team A, should see the the orders of Angie, Angela, and herself of course.
  To summarize, I'd like to see the following
  1.  Each salesperson can lookup and view any sales order.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders.
  What's the best way to approach this?  Is it best if I create my own report?  I haven't created any reports from scratch yet, so I'm not sure exactly how that works.  I'd like to be able to group the salespeople up by location if possible.  The sales analysis report doesn't really do that, but it is useful.  I just don't want everyone to be able to see the numbers on their peers.
  Thank you I appreciate any help or advice.

  Hi,
  1.  Each salesperson can lookup and view any sales order.
  Answer:
  Create own report by using query and save under query manager and the assign for all group. So that all sales person can run this query  and can get sales order detail.
  2.  Each salesperson can run an sales report to view all his/her own open sales orders.
  Answer:
  Create individual query ( add condition in where clause slpname = 'XXX') for each sales person and save it under query manager and assign to particular user group
  3.  Each manager can run a sales report on his/her subordinates, but not on the other managers or their subordinates.
  Answer:
  Create query for only particular team (  condition is slpname = XXX OR YYY OR ZZZ) and save under query manager. Make schedule report on this and send it to only particular manger
  Same way create for another manager and schedule report.
  4.  The boss or other people working in corporate are able to run a report on all open sales orders
  Answer.
  Create query for all sales person and schedule report to big boss.
  Hope you can get an idea.
  Let me know if you need sales report ( advice required field)
  Thanks & Regards,
  Nagarajan

• Guys! help me in creating authorization for my report

  can any one help me in assigning  authorization to a particular user group to
  1. view my zee tranasaction and
  2. to use my transaction to create or change data in it.
  help me please asap.

  UTHORITY-CHECK OBJECT 'Z:object'
  ID 'ACTVT' FIELD '16' ( execute )
  ID 'PROGRAM' FIELD SY-REPID.
  IF SY-SUBRC NE 0.
  MESSAGE E900 WITH SY-REPID.
  STOP.
  ENDIF.
  and you have to diefine this object in roles of users : in Tr.PFCG . So the user who has role only can execute transaction or program .
  Also check thread
  Authorization object ??

• Reg: Multiple authorization level for HR Report

  Dear Experts,
  I have a customized report for the payroll area, I need to have authorization for this report.
  The requirement is  as below
  For Ex: i have 5 payroll areas, 1000 personnel numbers, the multiple users and one customized report.
  The user has access for 2 payroll areas, the user should select the personnel numbers which has access to the same payroll area.
  The same user should not be authorized to access the other payroll areas and the personnel numbers.
  One customized report is being executed by the mulitple users, one user will have access only for one payroll area and he needs to select the personnel area for which payroll area he has access.
  Similar concepts follows for the other users.
  Can anyone help me to achieve this authorization concept. It would be grateful.
  Awaiting for your suggestions.
  Thanks in advance.
  Regards,
  Abdur Rafique

  hi,
  You can use sy-uname. Such that if some other user enters you can pop up the message you are not authorized.
  Regards,
  Pawan.

• Object level authorizations for reports

  HI
  I have 20 charactesr in cube , around 15 have navigational attributes.
  i need to give authorizations for 5 objects only .( navigational attributes).
  i have 10 reports, i need 2 reports only authorizations relavant.
  if i restrict 5 objects authorizations , its effect all queris? in this scenerio i need to create 2 cubes?
  ple let me know

  hi suneel,
  As you said you require authorization for 2 reports, you can restrict those Infoobjects with the authorization variables and in the other 3reports use that object but do not restrict to the authorization variables..
  So, the user will be able to see whole data for 3 reports where authorization is not used.
  Hope it is clear.
  Thanks
  Lavanya

• RRMX for web report?

  Hi,
  Just busy defining authorizations for web reports based on BEx queries. In the role is the S_TCODE=RRMX REALLY needed? And if so does that entail that the users can use BEx query designer as well?
  Thnx for thinking.

  Thnx.
  Do you refer to the "change local/global definition" in "excel" via the BEx query designer? Because that is the functionality that I would like to restrict, web access only.
  By different "auth objects" you refer to the S_RS_COMP etc?
  Thnx in advance.

• How to give user authorizations for a Program or an ICF service

  Hi,
     1)How to give user authorizations for a report program or an ICF service.
     2)How to create an user authorization object.
  Regards,
  Vinay.

  check this online help for more info on authorization object creation
  http://help.sap.com/saphelp_nw04/helpdata/en/52/67168c439b11d1896f0000e8322d00/frameset.htm
  for question no1.
  ICF - you either maintain the auth obj relevant at the icf service level itself or you can code call authority object and block access
  for abap programs:
  you maintain auth object at the tcode or code the call authority object within the program
  Regards
  Raja