Authorization in BPS

Similar Messages

• Issue with authorizations for BPS

  Hi Experts,
  There was an issue with authorizations for BPS. We have a large number of agents that need to enter plan data via a layout. In order to control the necessary authorizations, we would like to filter via something similar to a user exit using a function module in order to avoid having to define authorization objects for each of the agents who have access to the systems. Right now, we are not sure if there is user exit concept available as it is for BW variables. Any body experienced similar issue may share their experience.
  Regards,
  Ankit

  Hi,
  In BPS, you can use user specific variables or you can set up a Variable of type exit. You can also have a variable of type authorization which uses the security / authorization of the BW system.
  Hope it helps...
  Cheers,
  Tanish

• Authorizations for BPS planning interface with global planning sequence

  Hi Experts,
  I am creating authorizations for BPS project. I have a web interface with BPS layout (excel) and after users enter data there is a global planning sequence to be triggered. However there is some authorization missing in my concept as I receive "no authorization to display data" message.
  I have found authorization objects for BPS and put full access everywhere but it is still happening:
  <b>R_AREA
  R_PLEVEL
  R_PACKAGE
  R_METHOD
  R_PARAM
  R_BUNDLE
  R_PROFILE
  R_PM_NAME</b>
  On different web interface without global planning sequence everything is ok and data is saved. If I use SAP_ALL I am able to save data also with the sequence so obviously I am missing some authorization. RSSM su53 and st01 don't show anything.
  If you know something please advise.
  Thank you.
  Pavol

  Pavol
  Take a look at this, might help you...
  http://help.sap.com/erp2005_ehp_02/helpdata/en/c8/ad8438619a7c51e10000009b38f842/frameset.htm
  R_BUNDLE should do it but maybe this would throw some ideas.
  Srikant

• BW authorizations in BPS layout

  Dear all,
  My question may seem basic, but I don't have any experience with authorizations.
  I need to use already existing BW authorizations in my BPS layouts, so well, I created auth. variables on the needed characteristics and assigned it to my layout.
  ==> nothing changes when I'm launching the layout.
  I wonder if I need to ask the modification of the already existing BW roles in order to add field ACTVT? Will this have an impact on already existing BW reports for the users?
  Also, does something need to be done in RSSM (or other T-code) in order to activate the auth. for my planning cubes?
  Thank you in advance for your help!!

  Ravi,
  The objects you mentionned talk about area, planning, etc,... so they are usefull when a user wants to launch a layout in order to let him launch/plan it or not, etc... . That's the first step, and that doesn't interest me.
  Second step is that when launching, the user will get his layout. This layout will be generated regarding the design I made in BPS0 and then also the variables I've used.
  If I've restricted my planning level by using variables of type authorization on an char. that is in the lead column of my planning layout, it should restrict the diplayed/available rows regarding that authorization (ex : only company code 1000 for user A; company code 2000 for user B ; company code 1000 and 2000 for user C ==> coming from reporting authorizations in BW)
  So I really think we don't speak about the same thing... or it's me that doesn't understand! (that's also possible )

• How SEM BPS works with SAP BW

  Hi,
  How SEM BPS works with SAP BW.
  how to save planned in SAP BW.
  how to work with the data in Basic cubes and Transaction cubes.
  what is the relation between these two cubes.
  Thanks,
  cheta.

  hi,
  chk the link for BPS
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/7c85d590-0201-0010-20b5-f9d0aa10c53f
  Can any body send the material for BPS?
  Authorization for BPS
  Ramesh

• Value of variable  cannot be determined

  Hi Guys,
  We are using authorization values for the BPS planning template. The user gives the value for COSTCENTER, the background checks the authorization and fills the rest of the values.
  The variable is set with check on restrictions of values required by the user.
  The variables are working in the UAT system but not in the development for a ID with similar authorizations. The error message says
  ===================================================================
  Value of variable ZCOSTCNT cannot be determined
  Message no. UPC_FW149
  Diagnosis
  You are using variable ZCOSTCNT, but the system cannot determine the value of variables. The replacement type 'user-specific values' is set up for the variable, but no values are maintained for your user ID. In addition, the indicator 'Input allowed by user' is not set for the variable. This means the variable cannot be used.
  System Response
  The action desired by you cannot be executed.
  Procedure
  Contact your administrator in order to have one of the following changes carried out:
  Input of values for variable ZCOSTCNT and your user ID.
  Set the indicator 'Input allowed by user' for variable ZCOSTCNT. This means you can enter the desired values yourself when you call up the function. You can possibly also use another variable for the characteristic.
  ====================================================================
  I dont see any difference in the systems excpet the hierarchies used in the authorization object.
  CaValue of variable ZCOSTCNT cannot be determined
  Message no. UPC_FW149
  Diagnosis
  You are using variable ZCOSTCNT, but the system cannot determine the value of variables. The replacement type 'user-specific values' is set up for the variable, but no values are maintained for your user ID. In addition, the indicator 'Input allowed by user' is not set for the variable. This means the variable cannot be used.
  System Response
  The action desired by you cannot be executed.
  Procedure
  Contact your administrator in order to have one of the following changes carried out:
  Input of values for variable ZCOSTCNT and your user ID.
  Set the indicator 'Input allowed by user' for variable ZCOSTCNT. This means you can enter the desired values yourself when you call up the function. You can possibly also use another variable for the characteristic.
  ====================================================================
  I dont see any difference in the two systems, excpet the hierarchy for cost center used in the authorization object. When I checked RSECADMIN, I can see the ID is properly authorized
  Appreciate if anyone can throw some light on the issue.

  RSECADMIN will not help with this issue: the system is complaining about User-specific authorization within BPS.
  You can check the athorization from the Planning Workbench: look at the entries for the ZCOSTCNT in your planning area for the required user. If necessary add the required authorization; though you need exclusive access to the planning area to do it from the workbench.
  You can also check the assigned values by browsing the table (from Tcode SE16) UPC_VAR_CHA_SEL . It possible also to maintain the values from text file uploads using program Z_BPS_VAR_UPLOAD (from "How to ... Upload User-specific Variable Selectins in BW-BPS)., which is useful in the live environment when there are many settings to maintain.
  Stephen

• Authorization issue in BPS

  Hi guys,
  I've the authorization issue in a BPS application, where a user can upload a flatfile into a BPS-cube, but only when I select in the authorization object S_RS_AUTH 0BI_ALL.
  Without selecting 0BI_ALL (another analysis authorization) yields to the message, that the user has not enough authorization...
  Now the user gets access to data in the BW reporting to all the organizational marks like the organization unit (0ORGUNIT).
  How is it possible to design the authorizations / analysis authorization, that the same user can upload data via flatfile, but gets only access to transaction data for organizational data which he should see???
  How should the analysis authorization should be designed? Has it something to do with the techn. char. like 0TCAACTVT?
  THX in advance!
  Clemens

  Hi,
  Have you tried creating Authorization Variable for organizational Unit ?
  This will give restricted access to data based on the authorization assigned .
  Thanks
  Pratyush

• Analysis Authorization with SEM-BPS

  Hi,
  We have performed technical upgrade from BW 3.5 to BI 7.0. We want to migrate to BI 7.0 functionality phase wise.
  We have SEM-BPS and now we want to migrate to Analysis Authorization of BI 7.0.
  Once we have igrated to Analysis Authorization, will there be any impact on SEM-BPS? Can we still use SEM-BPS with New Analysis Authorizations? We do not want to move to BI-IP in near future?.
  Please advise.
  Best Regards,
  UR

  Dear UR,
  Iu2019m going to try helping you,
  In difference of reporting functionality, in planning, the data of an InfoCube is not just read; it is also changed or created.
  There are two planning tools in BI: BW-BPS (Business Planning and Simulation), and BI Integrated Planning.
  There are two main tcode: BPS0 and RSPLAN
  There are three authorization objects to manage Integrated Planning:
  S_RS_PL_ADMIN - Planning Administrator
  S_RS_PL_PLANNER u2013 Planner
  S_RS_PL_PLANMOD_D u2013 Planning Modeler (Development System)
  The main object in the planning scenario is InfoCube real-time, where can available writing in small package that arrive in parallel. In some cases the security requirements for reporting and planning can be merging. In this case you need authorization object for checking planning, as authorization object above, and you need authorization object for using a query for planning requires as S_RS_COMP.
  In addition to authorization for displaying data, the authorizations for changing data you need analysis authorization (the analysis authorization focus in the InfoProvider, no in Aggregation Level).
  In your analysis authorization design for reporting stuff, you should use in 0TCAACTVT characteristic 03 value. In the planning stuff, you should use in 0TCAACTVT characteristic 03 and 02 values. As explain following:
  Using the characteristics 0TCAACTVT (activity), you can restrict the authorization to different activities. Read (03) is set as the default activity; you must also assign the activity Change (02) for integrated planning.
  http://help.sap.com/saphelp_nw70ehp1/helpdata/en/b1/0c9441b8972e7be10000000a1550b0/frameset.htm
  I hope this suggestion can help you answer question,
  Luis

• BPS You have no authorization for the requested data

  We are implementing Hierarchy node based security for our BPS.
  When the user tries to display the planning layout, they get the error message "You have no authorization for the requested data "
  I have given authorization to the relavant Infocubes, also checked the all the Authorization Relavant Info Objects and added theses Info Object to the custom authorization created in RSECADMIN.
  Also added the info objects 0TCAACTVT, 0TCAIPROV, 0TCAVALID to the custom authorization.
  In pfcg, this authorization has been added to S_RS_AUTH. I have also given activity 02, 03, 16 values and a * to planning areas, functions, packages, groups, levels, folders, ... to the objects R_AREA
  R_BUNDLE
  R_METHOD
  R_PACKAGE
  R_PARAM
  R_PLEVEL
  R_PM_NAME
  R_PROFILE
  But still we get the same error.
  Has anyone encountered this problem? Can you please provide me some clues to resolve this issue

  Thank you very much Grevaz, but that template does not help.
  I did run both ST01 trace and BI RSECADMIN trace.  RSECADMIN Trace shows the below authorization failure
  Subselection (Technical SUBNR) 1  
  Supplementation of Selection for Aggregated Characteristics
    No Check for Aggregation Authorization Required  
  Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Quantity 
  Characteristic  Contents 
  0FUNDS_CTR
  0TCAACTVT
  SQL Format:
  FUNDS_CTR BETWEEN '4012001000'
  AND '4012001999'
  AND TCAACTVT = '03'
  Characteristic  Contents 
  0FUNDS_CTR  Node 1 I EQ #
  I EQ :
  0TCAACTVT  I EQ 02
  I EQ 03
  Partially Authorized (Average)   Characteristic  Contents 
  0FUNDS_CTR
  0TCAACTVT
  SQL Format:
  FUNDS_CTR > '4012001000'
  AND FUNDS_CTR <= '4012001999'
  AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
  AND TCAACTVT = '03'
  Value selection partially authorized. Check of remainder at end
  Following Set Is Checked  Comparison with Following Authorized Set  Result  Remaining Quantity 
  Characteristic  Contents 
  0FUNDS_CTR
  0TCAACTVT
  SQL Format:
  FUNDS_CTR > '4012001000'
  AND FUNDS_CTR <= '4012001999'
  AND NOT FUNDS_CTR IN ('4012001001','4012001002','4012001003','4012001004','4012001005','4012001006','4012001007','4012001008','4012001009','4012001010')
  AND TCAACTVT = '03'
  Characteristic  Contents 
  0FUNDS_CTR  Node 1 I EQ #
  I EQ :
  0TCAACTVT  I EQ 02
  I EQ 03
  Not Authorized   
  All Authorizations Tested
    Message EYE007: You do not have sufficient authorization  
    No Sufficient Authorization for This Subselection (SUBNR)  
  Following CHANMIDs Are Affected:
  206 ( 0FUNDS_CTR )
    Authorization Check Complete  
  We have created custom authorization and trying to restrict based on hierarchy node.
  One point I observed is, when I give access to all nodes with a wildcard * in the custom authorization, then the error disappears and the layout is visble. But our point here is to try to restrict based on the nodes and we cannot give display access to all nodes.

• Authorizations in SEM-BPS (Web Layouts)

  Hi all,
  I have a question that hopefully somebody can help me in solving it.
  We have a bps application, with authorizations maintained in the sap normal way: pfcg, rssm, etc.
  The question is that we started to build some web (alv) layouts, and need to maintain the same authorization schema.However, the authorizations are not verified in the web layouts.
  Can somebody provide some hint in solving this problem ?
  Best Regards,
  Ricardo

  Hi Raman,
  Sorry but your tip doesn't work
  That's precisely our problem: the authorization scheme we implemented in the "SAP GUI side" doesn't work in the web side". Using web layouts, I still can acess some layouts I shouldn't be allowed to (user dependent)
  Thank you anyway
  Regards,
  Ricardo

• Authorizations for BW reportings and BW BPS

  Hello,
  The project we are working on contains two aspects : one in BPS and one in BW reporting
  First the user needs to input or change data in the BPS application and then he can check his figures in a BW Report. We want each user to have authorizations only for his company and his business unit.
  So we created authorization objects (RSSM) with a typical user profile (does not have SAP_ALL and all profiles required to customize anything).
  In this authorization object we put different characteristics such as : Company, Business Unit, Activity and Version.
  In the (PFCG), for company and business unit we put the values needed for the user. For Activity, we put "change" and "display". And for version we put "*".
  We can then change values in the BPS layouts but we do not have access to the concerned report in BW.
  Could somebody help us on this matter ??? Or does somebody have informations on how to implement this kind of authorizations ?
  Thank you very much for your help

  Hi Jacques,
  I hope the following links and documents ll be useful to u.
  <u>BUSINESS PLANNING AND SIMULATION –BPS:</u>
  go to https://websmp103.sap-ag.de/bi
  -> SAP BW 3.5 -> SAP BW Business Planning and Simulation
  Here you can find "HOW TO... Guides - BPS", "SEM-BPS ASAP" and other useful section with many documents...
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ae9fba90-0201-0010-d490-cbf9a364de95
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/enhancements bw-bps formerly sem-bps in sapnetweaver 04.ppt
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/frequently asked questions - planning with sap netweaver bi.faq#q-6
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/5d90209f-0501-0010-59a2-9243ac94a4d7
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/s-u/sap bw business planning and simulation - how to guides list.htm
  http://help.sap.com/saphelp_sem40bw/helpdata/en/05/242537cedf2056e10000009b38f936/frameset.htm
  <u>Hierarchies in BPS appln :</u>
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/ae9fba90-0201-0010-d490-cbf9a364de95
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/d-f/enhancements bw-bps formerly sem-bps in sapnetweaver 04.ppt
  <u>for BEx-reporting</u>
  http://searchsap.techtarget.com/searchSAP/downloads/chapter-august.pdf
  http://searchsap.techtarget.com/featuredTopic/0,290042,sid21_gci1121728,00.html?bucket=REF
  Hope it helps...let me know
  regards,
  R.Ravi

• BPS / BW authorizations

  Hi All,
  I have the following scenario in SEM 3.50:
  <u>BW</u>
  Characteristic Company is authorization relevant
  Activity is included in the authorization object
  The test-user has reading rights for all companies, writing is restricted.
  <u>BPS:</u>
  Company is not included in the planning level
  Company is derived using characteristic relations (Attribute)
  Problem:
  If Company is not included in the level, I have to set ':' within BW authorization object for company - else I will receive an auth. error.
  If ':' is set writing is not restricted to specific companies.
  Does anyone have a coule whats my problem?
  Tanks in advance
  Steffen

  Hi,
  Do you need to store the actual value of Company or just display it for informational purposes in the layout? If it's just as an information you can change the following:
  - Don't derive company code
  - Change your layout
  - Click on the tab: Lead column in step two
  - Click on Attribute button
  - Select Company code
  - Save/run layout
  Company code is only displayed in the layout and you don't have to worry about write access to data.
  Hth.,
  -Jacob

• BPS Hierarchy Authorizations

  Hi All,
  We are implementing hierarchy node based authorizations for our BPS and related queries and it works fine. We have 300+ nodes and for this we would require a role for each node of the hierarchy (that would be 300+ roles).
  Now we are planing to use a hierarchy node exit varaible so that we end up with only one role. Can someone please let me know if there are complications in this approach or, if anybody has implemented this, can you please share your experience.
  Thanks,
  Jay
  Message was edited by:
          jayaroop gullapalli

  Marc,
  Thanks a lot for the solution.
  Firstly pardon me for my ignorance.
  Do I really not need any roles at all? How would the users get access to the planning functions related to their fund centers (its a fund centers based hierarchy)?
  Please correct me if I am wrong, I think I will need one role that gives access to the planning functions and the authorizations in RSECADMIN will restrict to fund center nodes. But this way, half the burden of building 300+ roles is now decreased. Thanks for this solution.
  Our fund center hierarchy is based on the characteristic 0FUNDS_CTR and not on 0TCTAUTH. It looked like the second option in point 4 of the link you provided will not serve my case.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/e3/fc8b41b5b3b45fe10000000a1550b0/frameset.htm
  Would I have to build 300+ authorizations using RSECADMIN for each node?
  Again thanks a lot for your guidance
  Message was edited by:
          jayaroop gullapalli

• BPS Authorization

  Hi all,
  Need your valuable input to resolve this.
  I intend to restrict BPS users to access BPS data pertaining to their cost centers only. I am creating BPS hierarchy node variable with user defined values. My expectation is that if a user with defined node in the variable execute the planning layout, all cost centers within the defined node will be made available for combination navigation.
  The problem is that when the user is assigned to an authorisation profile with access to the right planning area, level and folder, the user is getting the following errror message.
  Characteristic combinations: No values could be found for chara. Cost Center
  Message no. UPC527
  When I assign this user with SAP_ALL profile, this problem is gone.
  I have no authorization objects (via RSSM) created for both cases.
  Any input to solve the issue will be awarded points. Thanks
  Regards.

  Can't you get the necessary input when doing SU53?
  D

• Authorization to run a bps function from web

  Hi gurus,
  We have a layout that the users will access from web. For this we have created a Web Interface. This layout has also a planning function that calls an abap program.
  We have created a profile and the user is able to access and run that function from GUI, however from WEB that fuctions does not run the abap.
  The user already have the following authorization objects: S_ICF, S_DEVELOP, R_BUNDLE, R_PLEVEL, R_WEBITF, S_RS_ICUBE, S_RS_IOBJ, but it looks like something is still missing.
  I´d appreciate any help
  Thanks,
  Pablo

  You may want to run Su53 and see the error.
  You need to grant authorizations for the BPS objects that may be called when the web inyterface executes.
  PL take a look at the link:
  http://help.sap.com/saphelp_sem350bw/helpdata/en/05/242537cedf2056e10000009b38f936/frameset.htm
  Ravi Thothadri