Authorization for User to Jump the Query

Similar Messages

• How many ways we can create authorization for user groups in sap query reports

  Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change  the users .So please suggest me how to restrict users outside of the user group.
  Please send me if u have any suggestions and useful threads.
  Thank You,
  Suneel Kumar.

  I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
  http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
  Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
  Use AUTHORITY-CHECK to restrict access to the database based on user.
  Press F1 on AUTHORITY-CHECK to find out how to use it in the code

• Defining Authorizations for User to restrict the data in report.

  Hi Gurus,
  I have no idea on authorization concept in BI. Please give me anyone steps to creating authorization objects, roles and profiles to restrict the data for users.
  Ex.
  i have functinal location info object checked as authorization relavent with below data.
  FL001
  FL002
  FL003
  FL004
  FL005
  FL006
  FL007
  FL008
  FL009
  We have users like below.
  User1
  User2
  User3
  Now, if User1 is analysing a report he can see only FL001, FL005, FL009 only, remaining have to be omited.
  If User2 is analysing that report he can see only FL002, FL003, FL009. And like wise.
  So, Please help me providing the completed steps. I have done somting but failed.
  Thanks in advance
  Peter.

  Hello Peter,
  Please go through the following links
  Authorization :
  http://help.sap.com/saphelp_nw70/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  SAP Authorization Concept :
  http://help.sap.com/saphelp_nw70/helpdata/en/52/671285439b11d1896f0000e8322d00/frameset.htm
  Thanks.
  With regrads,
  Anand Kumar

• How to Control authorization for users with certain status for level 2 WBS Element

  Dear All,
  Is there any standard way or enhancement available to control authorization for users with certain status for WBS Element i.e. for example
  Pre-requisite:
  There is only 2 level of project i.e.
  Lev_ WBSE_______Description
  1___ 7-14.E_______summay outage controller
  2___ 7-14.E.2310__ Plant/unit # 2310
  2___ 7-14.E.2310__ Plant/unit # 2220
  Project Controller  (authorization role assigned "Z_PS_OP7_OTGCON_C") have all project level authorization
  Plant/Unit Controller (authorization role assigned "Z_PS_OP7_PLNTOTG_C_2310") have only level 2 authorization with enhancement that we did in system by Z table.
  User ID_ Plant #
  123345_ 2310
  122455_ 2220
  Issue:
  After System Status released and User Status approved the WBS basic date for Plant/Units should be restricted from updating/changing by Plant/Unit Controller level and only project controller should have this authority.
  Solution required: 
  Can any one tell how to control this scenario either by standard or enhancement available to control authorization
  BR
  Saqib Usman   

  Hi,
  Did you explore SAP Enhancement CNEX0002 Using Transaction CMOD?
  Thank you and regards,
  Varshal Kachole
  The SCN Rules of Engagement

• Hi all, i'm new and facing a problem while creating a new file for Xcode. I can't select the box "with XIB for user interface" if the subclass is "UIViewController".this problem happen after i upgrade Xcode to 4.6 version.Appreciate for any help rendered.

  Hi all, i'm new to Mac book & Xcode. I'm learning and facing problems while creating a new file for Xcode. Before i upgrade the software, i have no issue to create simple steps in apps. After upgrade Xcode to 4.6 version, i'm facing lot's of issue eg.
  1) "the identity "iphone developer" doesn't match any valid certificate/ private key pair",
  2) can't select the box "with XIB for user interface" if the subclass is "UIViewController"..
  Appreciate for any help rendered.

  Mikko777 wrote:So what is the best?
  I wouldn't judge. I've been to Arch for a week, you know? But as said, it's VERY close to it.
  What I dislike after a week is makepkg not handling dependencies automatically (which would be overhead, so probably not appropriate).
  Mikko777 wrote:Also theres KDEmod for modular kde, dunno if its for 64 bits tho.
  Don't actually need that as said ... I see no real benefit of having that other than not beeing a KDE user or having Gentoos useflags.
  Mikko777 wrote:PS:You produce a lot of text and welcome smile
  Yeah. Wonder why I'm still employed? So do I ...

• Curerency conversion for a Formula in the query designer

  Hi
  I have a ' Financial Loss Formula' in the report. I want to convert this 'Financial Loss' into USD Currency at query designer level.
  Source Currency = SAR
  Target Currency = USD
  So how can i do the curerency conversion for a Formula in the query designer.
  pls let me kow
  kumar

  Hi,
  If you define your query conversion in BW then it is easy to do currency conversion through Bex.What you need to do is use calculated key figure instead formula and do a right click select properties there at the currency translation area you ca select defined currency conversion in BW and your target currency.
  /people/rasim.manavoglu/blog/2007/04/30/currency-currency-currency
  Regards.

• How to display header title for 0MATERIAL texts in the query output?

  Dear Bwers,
  I have a requirement where i need to display headers titles for 0MATERIAL texts in the query output. (example "Material description"). Any ideas on how to do this?
  Thanks
  Raj

  Kamal,
  Its is as below:
  <b>Vendor</b>    <b>Vendor Name</b>
  1001 ---            Bright Industries
  1002 ---            Glow Industries
  I want to display the header title "Vendor Name" as the  title in the column instead of displaying the text without any header title.
  Thanks
  Raj
  Message was edited by:
          Raj Singh
  Message was edited by:
          Raj Singh

• Authorizations for Profit center in a query for a TEST user

  Dear SAP BI Gurus
  I have a query which has to be tested by the different user based on the region & the profit center that they belong to in SAP BI 7.0
  for this i have to create a user id for the test user under he/she should be able to view only his/her profit center data.
  The following are the steps that  i  tried out.
  1.created a role .
  2. in the change role - authorization , i have added authorization object "ZPROFIT" to the RSR . & restricted the ZPROFIT for the given values of the profit centers.
  3. Added this role to the User ID.
  But still the user is able to view all the profit center in the query.
  This is bugging me up.....
  Can anyone help me out.
  Best Regards,
  Ramesh

  Dear chetan/ravi
  i did create all the authorization objects & filled in the values in them.
  Also a authorization variable has been created in the Query.
  But i dont know how this variable has to be linked to the Auth Objects in Rsecadmin.
  Can you explain me the steps involved in it.
  Best Regards,
  Ramesh

• Authorizations for user db2 sid after systemcopy  with DB2 V9.7 on AIX

  Hello,
  I made a homogenous systemcopy from the system PRD to ENT with an redirected restore. I had the following system environment:
  AIX 5.3 TL10 SP1
  DB2 V9.7 (without any fixpack)
  After the restore and the recovery were finished, I was able to start the database manager and to activate the database.
  I tried to execute a script for cleanup some tables according to the systemcopy guide but I got the following SQL messages:
  SQL0551N, SQL0552N for the user db2ent. I checked the authorization for this user and got the following information:
  db2 => get authorizations
  Administrative Authorizations for Current User
  Direct SYSADM authority                    = NO
  Direct SYSCTRL authority                   = NO
  Direct SYSMAINT authority                  = NO
  Direct DBADM authority                     = NO
  Direct CREATETAB authority                 = NO
  Direct BINDADD authority                   = NO
  Direct CONNECT authority                   = NO
  Direct CREATE_NOT_FENC authority           = NO
  Direct IMPLICIT_SCHEMA authority           = NO
  Direct LOAD authority                      = NO
  Direct QUIESCE_CONNECT authority           = NO
  Direct CREATE_EXTERNAL_ROUTINE authority   = NO
  Direct SYSMON authority                    = NO
  Indirect SYSADM authority                  = YES
  Indirect SYSCTRL authority                 = NO
  Indirect SYSMAINT authority                = NO
  Indirect DBADM authority                   = NO
  Indirect CREATETAB authority               = NO
  Indirect BINDADD authority                 = NO
  Indirect CONNECT authority                 = NO
  Indirect CREATE_NOT_FENC authority         = NO
  Indirect IMPLICIT_SCHEMA authority         = NO
  Indirect LOAD authority                    = NO
  Indirect QUIESCE_CONNECT authority         = NO
  Indirect CREATE_EXTERNAL_ROUTINE authority = NO
  Indirect SYSMON authority                  = NO
  db2 =>
  The user db2ent was/is in the group dbentadm and the group dbentadm is configured as SYSADM:
  SYSADM group name                        (SYSADM_GROUP) = DBENTADM
  SYSCTRL group name                      (SYSCTRL_GROUP) = DBENTCTL
  SYSMAINT group name                    (SYSMAINT_GROUP) = DBENTMNT
  The only solution was to grant the authorizations with an other user to db2ent.
  For the restore I created an new instance with the following command (as user root):
  /db2/ENT/db2_software/instance/db2icrt -a SERVER_ENCRYPT -s ESE -u db2ent db2ent
  I set the correct DBM configuration and created an empty database as user db2ent with the following command
  db2 create db ENT on /db2/ENT
  The restore was executed with db2 -tvf restore_prd.clp as user db2ent.
  Is there a bug in the db2 software or is there any other solution? I did not changed the environment for the user db2ent.
  The authorization concept has been changed in DB2 V9.7
  http://www-01.ibm.com/support/docview.wss?uid=swg21385801
  Kind regards,
  Christian

  Hello All,
  I finished restore using redirect method, but i did not know about this security issue.
  Now I tried creating db2<oldsid> user and tried granting dbadm secadm priv.
  but i get this error
  db2 => GRANT DBADM to USER DB2P60
  DB21034E  The command was processed as an SQL statement because it was not a
  valid Command Line Processor command.  During SQL processing it returned:
  SQL0707N  The name "DBADM" cannot be used because the specified identifier is
  reserved for system use.  SQLSTATE=42939
  Please help me.
  I need a solution at the earliest possible.
  Thanks,
  Sree

• Authorization for user in ECC while creating source system in RSA1 in BW

  Hello All..
  We are trying to create source system from BW(7.0) system using transaction code rsa1 to R/3 Production server.
  After providing details in RSA1->Source system ; Remote logon screen of Production server pops up ...and ask to login thru admistrator Id..
  To achieve the above task,, what authorization user should have in R/3 system..
  Thanks

  Hi,
  Hope you are using the RFCUSER with these profile SAP_ALL , SAP_NEW , S_BI-WX_RFC in SAP ECC. Please create the RFCUSER with above profiles in ECC and BW (SAP_ALL , SAP_NEW and S_BI-WHM_RFC).
  Pls follow the below steps for source system connection
  In ECC side
  1.) Client administration SCC4 ( select your client and allow changes to repository and cross client customizing)
  2.) Define a logical system in ECC
  3.) Assign a logical system in ECC
  4.) Creating RFC user with system user type and give these profiles SAP_ALL, SAP_NEW, S_BI-WX_RFC
  In SAP BI Side
  1.) Client administration SCC4 ( select your client and allow changes to repository and cross client customizing)
  2.) Define a logical system
  3.) Assign a logical system
  4.) Creating RFC user with system user type and give these profiles SAP_ALL, SAP_NEW, S_BI-WHM_RFC)
  5.) Define RFC user as default (Click RSA1> Global Settings/Customizing dialog box> Glob. Settings)
  Connection of SAP BI with ECC
  RSA1> Source System>SAP>create>Enter the below entries
  Target computer (server)                        Server of the SAP ECC
  System ID System ID of the SAP ECC
  System number System number of the SAP ECC
  Background user in source system RFCUSER
  Password for source system Password
  Background user in BW RFCUSER (can not be changed in this activity)
  Password for BW user Password
  Select unicode in RFC destination and don't select the checkbox in logic screen.
  On the dialog box Please log on as an basis administrator in the following screen choose Continue.
  Log on to the Source System with your administrator user. Choose the correct client.
  On the Replicate Metadata dialog box, choose Only Activate.
  Make sure ECC client will allow changes in cross customizing client. It is one time activity once success then deselect the entry.
  Hope this will help you to connect the system.
  Rgs,
  Ambuj Kathuria

• Authorizations For User Defined Forms

  Hi Experts !!!
  I have created a user form , and would like to apply authorization for that user form.
  Whether it is possible.I tried using standard method,but it seems that no such provision available ,
  And also I have created UDT . and would like to provide series for that UDT . My client wants that particulat UDT should be by 2 different users .and they need Series for that .
  Suggestions are appreciated
  Regards
  Krishna Vamsi

  Hi,
  You Can give authorizations to your customized (user developed) screens.
  Administration --> System Initialization --> Authorizations --> Additional Authourization Creator
  In right hand side you can find the structur.
  There defaultly XL reporter autorization will be there select the any one and click add same level button in bottom of the screen.
  Then in Right hand Side
  Authorization ID - give some unique id
  Name --> Description of Authorization
  In Option --> Select Full/read/None
  Item --> Tick as Item
  Then Come down you can find big text box, near to that you can find edit button, just click that it will open a popup window.
  In that window you please enter the Form Id of your user form
  to find the form id --> Just Enable the system information menu in menu bar and move the cursor to any item in your user screen, you can find the form id.
  Just type that form id in that pop up box.
  then Add the window.
  now Open the General Authorization.
  There in last row you can find the user authorization. just expand that you can find your authorization id and name there which you have created.
  Give your authorization there.
  thats it.
  There is no need for SDK Developement for Authorization.

• Authorizations for users to change their own data

  Hi
  All the employees are given the userids to logon to sap when these employees log on to sap with the particular userids they should be able to change /Display only the details pertaining to them not others
  We have not implemented ESS but this is in pipeline but only after 3 -4 months But Authorizations are required for users now only
  How to design role which should apply to all user requirements and they should get their Personnel no by default
  Kind Regards
  Vinod

  Hi,
     For your requirement goto transaction SU21 and select the object P_PERNR and click DOCUMENTATION. Refer the Documentation for the steps to be followed.
  (i.e)  For a user to be able to maitain his or her own data. You should assign the user an authorization for the HR: Master data - Personnel number check object (P_PERNR), with the following specificatons:                   
  1. Authorization level:  *               
  2. Interpretation of assignment
     User - personnel no:  I  
  3. Infotype           :  0002
  4. Subtype            :  *
  A related link http://www.sapfans.com/forums/viewtopic.php?p=502235&sid=cd1bde22eb24059e4d5a2eae086b7c96

• Roles/authorizations for user to Solman Diagnostics.

  We have a need to have non-administrator persons access our Sol Man
  Diags environment. We do not want them to access with j2ee_admin
  account.
  How / what roles or authorizations do I assign to restricted users so
  users cannot see the administration and setup tabs and not be able to
  turn traces on?

  The roles for the end users are mentioned in the standard SMD guide  pleas go thuroug it

• Authorization for User Table (User-Defined Windows)

  Hi Experts
  I want to restrict access for specific users to User Defined Tables. Is this possible?
  Regards
  Nabeel

  You can do it by using Additional Authorization Creator Winow
  1. Open Additional Authorization Creator Window.
  2. Click on 'Add Same Level ' Button
  3. On the Right side window, Type in
  Authorization ID = 'Activity Subject'
  Name = 'Activity Subject'
  Option = 'Full/ ReadOnly/ No Authorization"
  4. In form ID, press 'Edit Butto' and type Form Id of the UDT
  5. press OK to close this window
  6. Open 'General Authorization' Screen
  7. On the Right Side, navigate 'User Authorization'
  8. Scroll down ''Activity Subject' and select the user and Set appropriate authorization('Full/ ReadOnly/ No Authorization")
  9. Now Log off and Login with user.
  You can see the authorization in effect.
  Similarly you can do for any window which are missing in 'General Authorization'

• Authorization for user to release a PRQ

  Hi,
  I would enable in SU01 the authorization so that only users allowed to release PRQ can do this
  What is the authorization to add in SU01 for PRQ ?
  Thanks
  Best Regards

  - create a role(approver role) with Tcode ME55(collective release) and ME54N(individual release) if its only for PR,if you want for PO, add ME28(collective release) and ME29N(individual release).
  - when you create the role in PFCG, you can also see the authorization objects when you add the TCODES, so you can restrict even for plant level or purchase organization level.
  - In PFCG, assign the specified users to the role and also "check and compare users"
  Now authorization for approval is restricted