Authorization issue in a role

Hi Everyone,
Theres a role in which user is not able to access tcode SE11, i asked him to run SU53. Su53 says to add the TCODE SE11 in the authorization field TCD in Authorization object S_TCODE. I did that but still the user is nlot able to execute the tcode.
Thanks in advance.
Avneesh

Hi Avneesh,
You have to add the transaction in PFCG at menu area. Because adding directly a Tcode under Auth. Object will not add the Auth. Object of tcode into profile.
So add the Tcode at Menu area by following below steps.
Execute PFCG -> Give the Role Name -> Click on Change option -> Click on Menu -> Click on Transaction
Add the Tcode SE11 and confirm by clicking on Assign Transaction.
Click on Authorisation Tab ->Click on Change button.
This will add all the auth. object. now generate the profile and ask user to check.
Thanks
Lokendra

Similar Messages

Authorization issue - need to know the Role providing this access

Hi,
User is facing an authorization issue below:
"You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
"You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
Kindly let me know what Role is missing from the user's profile?
Thanks and Regards,
Sachin
SAP Security Consultant

Hi Murali,
It helped.
I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
I did user comparision and then user is able to view the below DataSources....
Thanks for your help, it triggered to find the root cause.
Thanks
Sachin

BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

Hi All,
This is regarding BI 7.0 Analysis Authorization issue.
Overview:
we have restricted some queries at infoobject level.
Issue:
a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
d. Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
e. But when we execute the same report with Auditors ID then we get a blank page.
Any idea why this is so?

Hi Neha,
I tried the below also,
GL Acnt
I EQ 0000134010
I EQ :
but still it didn't work.
No Infoobject is missing in Authorization Object.
For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
As mentioned earlier also it is giving me the below message,
""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION RS_EXCEPTION 301CL_RSR_RRK0_AUTHORIZATION AUTHORITY_02"
Kindly suggest, since this is a show-stopper for us!
Thanks,
Ishdeep Kohli.

Authorization issue - help request

Hi guys,
One of the consultants is having an authorization issue ( He is not abele to run a t-code)
I ask him to run a su53 report and i am not sure how to proceed with this.
Please help.
Here are the details from the SU53 report.
DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
User : VYXXX                       profile parameter authorization buffering    4
Authorization Object: F_KNA1_GRP
Description
Authorization check failed:
      + Authorization object F_KNA1_GRP Customer Account Group Authorization
            Activity                                08
            Customer Account Group     ZM01
Users Authorization Data :
      + Authorization object F_KNA1_GRP Customer Account Group Authorization
               Authorization T-PD19002300
              Authorization T-UG39000900
              Authorization T-UG39001000
Please help me guys what need to be performed.
Regards,
Vamsi.

Hi Vamsi,
SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
Then check-> which auth object is failing.
RC=4 means a object value is failing.
RC=12 means an object is missing!
Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
You can check the SAP documentation on running traces on the help portal of SAP. I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
Let me know if you have any questions
EOD for me :P . take care
Abhishek

Authorization issue after the Support packs upgrade

We're having problem on authorization issue after the SP upgrade.
One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
And the SU53 showing problem on S_TCODE FAGLL03.
How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
Thank you in advance.

How can i send you the trace file? What is your email address?
If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
Anyhoo... (copy right @ David)
What are the objects been caught in category RC=4, RC=12?
Relate them with functional aspect of the transaction (error screen)
Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
Regards,
Arpan Paik
Edited by: P Arpan on Aug 23, 2011 2:36 PM

Authorization issue to view cube contents

Hi Gurus,
I am getting Authorization issue to view cube contents in Production server, When I execute the cube it is showing me the following statement.
"You do not have sufficient authorization for the infoprovider ZMMG_C05".
Please provide me a possible solution for this.
Thanks,
Jackie.

Hi,
Two things to be checked with respect to authorization for this one.
1) Functional Roles: Check whether Info cube is present in the functional roles that are assigned to you.
                              If not you need to get the functional role in which the Infocube is assigned.
2) Data Access Roles: Check in the data access roles assigned to you, whether you have the access
                                  to the selection that you are using to see the data in the info cube. Else, request
                                  BASIS team to assign the appropriate data access roles to you.
Hope this helps.
Regards,
Bharat

Authorization Issue with ODS

Dear all,
I have an authorization issue with two ODS.
One I activated for BEx reporting --> Is working fine in Dev, but I get error with
missing authorization in QUA, althought some authorizations.
Same issue with a newly created ODS, which works in Dev, but gives an error
with missing authorization in QUA.
What can be the reason for this? Any input is highly appreciated!
Cheers,
Claudia

Hi,
check that the role(s) are transported from your DEV and your QA, and that the user has the correct role(s)
Check as well in your QA transaction RSSM for your ODSs objects; it might be that by transporting the ODS, some authorizations have been applied by default.
hope this helps...
Olivier.

Authorization issue "No authorization"

Dears gurus,
I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
Please let me know what is missing.
Best regards,
Pilar Infantas.

Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
Check box -->with Log option
select RSRT option
hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
if not
again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
Hope it Helps
Chetan
@CP

Authorization issue in BI system.

Hi,
Having a authorization issue in BI system.
user trying to run a query in and attempt to drill down by customer, he gets customer details but some of the customers are missing...
Does the authorization granted in BI system based on customers? Is it a security issue?
pls help...
Thanks...

Hi,
Please execute the query with your id(developer id who will be having access to all data) first. Check if you are able to see all the customer data. If you are able to see all the data then the user is restricted with some authorizations. ( usually the authorizations are done on sales organization, company codes, plant..etc.. please check how it is in your project...)
If you are not able to see all the customer data, then check in the infoprovider on which the query is built and do your analysis.
Check in the roles assigned to the user.
Hope it helps.
Edited by: Maddy on Apr 21, 2011 6:42 AM

ABAP dump on authorization issue

hello,
I am not sure if this is the correct forum for this or not.
I have an ABAP program that was written before I got here that performs the following statement
<b>OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.</b>
where w_file is a file on the app server. the users that run this program have no issues.
I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
Runtime Error      OPEN_DATASET_NO_AUTHORITY
Except.               CX_SY_FILE_AUTHORITY
I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
thanks in advance for your help

I believe you can use FM to check if user has sufficient authorization.
NOTE: authority-check uses PROGRAM NAME, so it looks like your profile should be updated with new program name.
Here is what help says :
                                                                                Check file access authorization
Functionality
This function module allow you to check the user's authorization to
    access files (with the key words OPEN DATASET, READ DATASET, TRANSFER and
    DELETE DATASET). A check should be performed before opening a file.
The authorization check is performed uwing the authorization object
    S_DATASET.
Description of function parameters:
o PROGRAM: Name of the ABAP/4 program that contains the file access. If
       no program name is specified, the system assumes the current program.
o ACTIVITY: Access type. The possible values are:
- READ:              Read file
       - WRITE:             Change file
       - READ_WITH_FILTER: Read file with filter function
       - WRITE_WITH_FILTER: Change file with filter function
       - DELETE:            Delete file
o FILENAME: Name of accessed file
Example
TYPE-POOLS SABC.
CALL FUNCTION 'AUTHORITY_CHECK_DATASET'
         EXPORTING PROGRAM          = 'ZDATASET'
                    ACTIVITY         = SABC_ACT_READ
                    FILENAME         = '/tmp/sapv01'
         EXCEPTIONS NO_AUTHORITY     = 1
                    ACTIVITY_UNKNOWN = 2.
Notes
The values to be passed as the ACTIVITY are defined as constants in the
    TYPE-POOL SABC.

Regarding BI Authorization Issue

Dear Friends,
can anyone help me to solve this issue..
I have a Authorization Issue, u201CNO Authorization u201C
Error : EYE 007 ( Insufficient Authorizations )
I have follow this stepsu2026
Steps 1 :-
Define Authorization-Relevant Characteristics ( ZCUSTOMER )
Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
ZCUSTOMER
Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
ZCUSTOMERrestricted with value C100.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
Steps 4 :-
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZTESTA1
S_RS_AUTH
Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
S_RS_COMP
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea : ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
S_RS_COMP
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo :ZTEST_Q0001
Type of a reporting component :Query
S_RS_COMP1
Activity Display, Execute
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component :All values
Owner (Person Responsible) for *
S_RS_COMP1
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo ZTEST_Q0001
Type of a reporting component All values
Owner (Person Responsible) for :*
S_RS_ICUBE
Activity Create or generate
Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
S_RS_IOBC
Activity Create or generate
InfoArea :ZDEMO_ MIHI
Infoarea Catalog : zioc_test, Zkf_test
S_RS_IOBJ
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
Steps 5 :-
AND Assign this Role to User.
Steps 6 :- ERROR
When I execute the Report it is showing u201CNO Authorization u201C
u201C Insufficient Authorization u201C
EYE 007.
Regards
Siva

Hi,
In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
Hope that helps.
Regards
Mr Kapadia

Authorization issue in WAD when executing planning function

Hi All,
I am facing the bellow authorization issue-
Termination message sent
WARNING BRAIN (800): You do not have the authorization for component !!AZF2PO_AGR
MSGV1: ZF2PO_AGR
MSGV2: REP
MSGV3: !!AZF2PO_AGR
MSGV4: 16
ABEND RSBOLAP (002): No Authorization
I am getting this issue When Calling Planning function from WAD application using button. This authorization fail is happening in portal when the Planning function is executed.
Error explains that there is no authorization for component u201C!!AZF2PO_AGRu201D.Where as in actual we donu2019t have any component as stated.
Instead we have an aggregation level with technical name ZF2PO_AGR.
We have already Assigned the below Planning objects-
S_RS_ALVL
S_RS_PLENQ
S_RS_PLSE
S_RS_PLSQ
S_RS_PLST
To Summarize-There is a web application with button linked to planning functuion.When clicked on this button after execution of web template we get the above error.
Have found note 1000006,but it says Support package 12 and all but we in support package 20

Hi Guys,
I know this thread is answered but I have a similar problem I think.
I have a WAD that is published to the portal. I have added the WAD to a page via a hyperlink, the page resides in KM. When a user opens the page, via a URL iView, the see the page, but when they click on the link to open the WAD, I get the following error:
Portal runtime error.
An exception occurred while processing your request. Send the exception ID to your portal administrator.
Exception ID: 07:19_26/02/10_0067_18934750
Refer to the log file for details about this exception.
When I assign the Super Admin (UME Role) to the user, they can execute the WAD no problem.
I am not an Authorizations person, so any pointers as to where I should start looking would be greatly appreciated.
Thanks.
Freddie.

Authorization Issue in SM50

Hi All,
One of our user is facing authorization issue in SM50. He goes to SM50 and tries to open a work process. This is where he gets message "You are not authorized to use function Work Process List".
When I check the trace, I see only missing access for SM04. I checked trace for my own id (with no error) and found that SM04 is not even checked for my id and rest all authorization checked are same for both ids.
I assigned a BASIS role to this user and that resolved the issue. But strange thing is still that user's trace shows SM04 missing. (SM04 is not there in that Basis role).
Now I don't understand what exactly is the missing authorization for this user. Definitely SM04 is not the one and I can't assign this basis role to him. Could any one guide with this issue? Below is the trace for the user in both cases (without Basis role assigned and with this role assigned).

Hi Julius,
I created a test id with same rights as the user. My id has SAP_ALL assigned. Now I am doing exactly same activity (double click on same work process). But I don't see SM04 access being checked for my id.
Even if I assume that I am doing something different than the user. The thing which is strange to me is: when I assigned a basis role which doesn't have SM04 access, to the test user, I still see the same trace results but this time there is no authorization error. I don't think there are authorization checkes which are not recorded in ST01 trace.
There could be one tiny possibility that SM50 is throwing an error message (authorization error) but its not triggered through failed authorization check, instead based on some other condition. For that I would need to bedug the tcode. But that doesn't seem likely as this is a standard and widely used tcode.
Thanks

Authorization Issue to Upload file in Integrated Planning

Hi All
I have included the planning role for the user...which is the same as mine..I can execute and upload the file..when I login with the user iD, it says you are not authorize to upload zFILE_SEQ/...in my role..there is Z* values also..
No idea how to rectify as I dont see any problem??
pppls help..

Hi,
Could you please look into the authorizations that restrict data selection for the user, say if he control one or two costcenters and you have access to all costcenters. Also you need to have that object in the Aggregation level that allow the user selection. You need to include that info object restriction based on authorization value in the aggregation level and in the upload file.
Also try to execute the input ready query from RSECADMIN T-CODE . Use the 3rd tab and choose the user id and choose with log .Then on the next screen will be RSRT and choose your input ready query and execute. Then choose back button and the pervious screen choose display log, which will give you detail log on the authorization issue ...
hope it helps...
cheers,
Balaji
Edited by: Balaji NS on Jun 4, 2011 1:47 AM

Authorization issues after generating PFCG profile using CRMD_UI_ROLE_PREPA

Dear expert
We create a navigation bar profile and a business role. Then, we generated a PFCG profile for this business role to gather all the authorization object required to meet the functionality provided in this business role. For that, we used the program CRMD_UI_ROLE_PREPARE and then, imported file in our PFCG profile.
But after assigning the user to this business role and PFCG profile, we still have authorization issues. For example, the result lists are not displayed.
The kind of error we get is:
+Cannot display view BP_CONT/ContactDetails
An exception has occurred Exception Class CX_BSP_DLC_CONFIG_GENERAL_ERR - Error creating configuration model
Method: CL_BSP_DLC_VIEW_DESCRIPTOR=>LOAD_APPL_MODEL
Source Text Row: 14
Cannot display view BP_ADDR/StandardAddress
An exception has occurred Exception Class CX_BSP_DLC_CONFIG_GENERAL_ERR - Error creating configuration model
Method: CL_BSP_DLC_VIEW_DESCRIPTOR=>LOAD_APPL_MODEL
Source Text Row: 14 +
Thanks in advance for your help
Best regards
Stephanie

Hi,
It is not a short dump but an exception raised in the new UI:
Cannot display view BP_CONT/ContactDetails
An exception has occurred Exception Class CX_BSP_DLC_CONFIG_GENERAL_ERR - Error creating configuration model
Method: CL_BSP_DLC_VIEW_DESCRIPTOR=>LOAD_APPL_MODEL
Source Text Row: 14
Stephanie
Edited by: Stephanie Blouin on Oct 23, 2008 7:48 AM

Authorization issue in a role

Similar Messages

Maybe you are looking for