Authorization issue on comapay code in BI 7.0

Hi All,
We are facing some issue with the company code authorization.We have created analyses auths and these are included in the respective roles. These  roles are assigned to the users based on the requirement. We have used a exit variable for comapny code in the analyses auth and following code is used to populate the company code from DSO where we maintain the authorizaiton values for differernt users.
We hav restricted the users only on the company code,activity and infoproviders. Users have access to all the info providers.
we have given * access for all others objects.
The below code was working fine till last month. But now users are getting the error message "you don't have analyses authorization for any of the char values of char 0comp_code" irrespective of the query they execute. Only BW consultants (have vast access) are able to execute the query.  we are unable find a single user id who cacan access so that we can comapare the other ids. We have checked the logs. No one has changed the code.
Any pointer on this is highly appreciable.
*& Report  ZBWI_YLQU01                                              *
REPORT  zbwi_ycompcod.
*--- Mandatory local variable for the User exit program
TYPE-POOLS: rro01,                                   "Do not delete
            rrs0,                                    "Do not delete
            rsr,                                     "Do not delete
            sbiwa.                                   "Do not delete
DATA: l_s_range     TYPE rsr_s_rangesid,             "Do not delete
      loc_var_range TYPE rrrangeexit.                "Do not delete
--- local data definition         (if any) -
TYPES : BEGIN OF st_compcode,
    comp_code LIKE /bic/azal_comp00-comp_code,
    /bic/zauth_val LIKE /bic/azal_comp00-/bic/zauth_val,
END OF st_compcode.
DATA : t_compcode TYPE st_compcode OCCURS 0 WITH HEADER LINE.
*&      Form  variable_user_exit
      text
     -->I_VNAM         text
     -->I_VARTYP       text
     -->I_IOBJNM       text
     -->I_S_COB_PRO    text
     -->I_S_RKB1D      text
     -->I_PERIV        text
     -->I_T_VAR_RANGE  text
     -->I_STEP         text
     -->E_T_RANGE      text
     -->E_MEEHT        text
     -->E_MEFAC        text
     -->E_WAERS        text
     -->E_WHFAC        text
     -->C_S_CUSTOMER   text
FORM variable_user_exit
                         USING  i_vnam        LIKE  rszglobv-vnam
                                i_vartyp      LIKE  rszglobv-vartyp
                                i_iobjnm      LIKE  rszglobv-iobjnm
                                i_s_cob_pro   TYPE  rsd_s_cob_pro
                                i_s_rkb1d     TYPE  rsr_s_rkb1d
                                i_periv       TYPE  rro01_s_rkb1f-periv
                                i_t_var_range TYPE  rrs0_t_var_range
                                i_step        TYPE  i
                                e_t_range     TYPE  rsr_t_rangesid
                                e_meeht       LIKE  rszglobv-meeht
                                e_mefac       LIKE  rszglobv-mefac
                                e_waers       LIKE  rszglobv-waers
                                e_whfac       LIKE  rszglobv-whfac
                                c_s_customer  TYPE  rro04_s_customer.
  CHECK ( i_step = 0 ).
  REFRESH t_compcode.
  SELECT comp_code /bic/zauth_val FROM /bic/azal_comp00
  INTO CORRESPONDING FIELDS OF TABLE t_compcode
  WHERE username EQ sy-uname
    AND tctiobjnm EQ '0COMP_CODE'.
  LOOP AT t_compcode.
      CLEAR l_s_range.
      l_s_range-low = t_compcode-/bic/zauth_val.
      l_s_range-sign = 'I'.
      l_s_range-opt = 'EQ'.
      APPEND l_s_range TO e_t_range.
  ENDLOOP.
ENDFORM.                    "execute_user_exit

Hi Meghana,
As Mohan suggested take the screenshot of SU53 Tcode and send it to Basis to add the respective company code Authorisation object in the role.
Thanks & Regards,
Dinakar.

Similar Messages

  • Authorization issue with Company code/ Cost center combination

    Hi,
    I am currently trying to restrict user access by company code and cost center combination.
    We have roles defined for each user and I am trying to use the standard authorization object A_S_KOSTL in this role . It seems that since it is not a 'maintianed' object no activity can be assigned to this autorization object.
    currently the values are :
    company Code : 1110 , 1112, 1114
    Cost Center : *
    i am getting sy-subrc as 0 even when i test for company code : 1110 for a user with the above role.
    My code is :
    AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
        ID 'BUKRS' FIELD '1110'.
    F sy-subrc EQ 0.
      AUTHORITY-CHECK OBJECT 'A_S_KOSTL'
      ID 'KOSTL' FIELD '*' .
      IF sy-subrc EQ 0.
        MESSAGE 'Success with KOSTL also' TYPE 'S'.
      ELSE.
          MESSAGE 'Success with BUKRS only' TYPE 'S'.
      ENDIF.
    ELSE.
          MESSAGE 'Failure' TYPE 'S'.
    ENDIF .
    I get a subrc NE 0 for the KOSTL part. The test passes for BUKRS.
    Please advise on how to proceed.
    Thanks and Regards
    Soumya

    Okay, I misread the "NE". Sorry.
    Have you done a syntax check on it?
    Also compare to:
    AUTHORITY-CHECK <object>
    ID 'KOSTL' '*'.
    I cannot confess to ever have done a "full" AUTHORITY-CHECK myself, but it is most likely the same as with DUMMY ->  you should not use the FIELD statement as '' value if the data element does not know what a '' is...
    Cheers,
    Julius

  • Authorization Issue for Transaction Codes PA10,PA20,PA30 &PA40

    Hi Experts,
    I have created Custom role for accessing ALL HR Transaction codes in IDES System and added to the user & Tested.
    All transactions codes are working except PA10,PA20,PA30 &PA40
    Please help me regading this.
    Advance Thanks,
    BBC

    Hi,
    I had check with basis Team, they told that I have all authorizations.
    This is New Installation for R/3 HR IDES System. even basis Team  also created role for above transaction code but not getting access.
    We can accesss all transaction codes except these.
    All are new for HR. here anything needs to  be configure for access PA10 to PA40 Transaction codes.
    Please advice me.
    Thanks & Regards,
    BBC

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • Authorization issue in BI system.

    Hi,
    Having a authorization issue in BI system.
    user trying to run a query in and attempt to drill down by customer, he gets customer details but some of the customers are missing...
    Does the authorization granted in BI system based on customers? Is it a security issue?
    pls help...
    Thanks...

    Hi,
    Please execute the query with your id(developer id who will be having access to all data) first. Check if you are able to see all the customer data. If you are able to see all the data then the user is restricted with some authorizations. ( usually the authorizations are done on sales organization, company codes, plant..etc.. please check how it is in your project...)
    If you are not able to see all the customer data, then check in the infoprovider on which the query is built and do your analysis.
    Check in the roles assigned to the user.
    Hope it helps.
    Edited by: Maddy on Apr 21, 2011 6:42 AM

  • Authorization issue with VA02 radio buttons

    Hello All,
    We are stuck at one authorization issue. The user navigates using tcode VA02.
    1)     Execute Tcode -VA02=>
    2)     2) puts order number # 100001 =>
    3)     press enter =>
    4)     press enter =>
    5)     Screen: Change (Company Name) Return 100001: Overview =>
    6)     Option: Display doc. Header details (looks like a magnifying glass beside PO_date) =>
    7)     This bring us to Change (Company Name) Return 100001: header Data =>
    8)     select status tab =>
    9)     on Status tab lower end there is a button u201CObject Statusu201D =>
    10)     Press it => 
    11)     Come to Change Status :
    12)     On this screen There is Status with status no. on the right side with 7 options
    e.g:
    u2022     1 BLK Approval Required for,
    u2022     2 BL1 Approval for Credit,
    u2022     3 BL2 Approval for material Replacer
    We need to restrict the radio button access for user for which we are unable to find the authorization object.
    Could any one help.
    Thanks & Regards
    gab

    Hi,
    Use ST01 to trace the user activities and check which objects its hitting when you click on those buttons, then you can restrict radio buttons using those objects.
    I have'nt run the tcode myself and performed the steps you mentioned, but if you think its calling other transaction from those buttons you can manage tht in SE97, or add the t-code VA02 in the S_tcode auth object in PFCG.
    Hope this should get you going
    Thanks,
    Vijay

  • Authorization issue in BI 7.0 query

    Hi,
    The user has the authorization for the company code 0001, 0002 and 0003. The three different roles for each respectively company code 0001, 0002 and 0003 has been assigned to this user.
    When the User executes the query for only one company code, he has no problem. When he executes the query for ranges 0001 u2013 0003 (in Variable), he gets the error message: no authorization.
    Our System is SAP NetWeaver BI 7.0 (Support Package SAPKW70016).
    Thanks for the answer.

    Hello Moha,
    Yes it is stupid, but that's how the Analysis authorization of SAP works!! Incredible hum?
    I've seen an OSS note stating exactly that:
    Having 3 authorizations for values 1, 2 and 3 respectively for the same characteristic is different than having authorization for the range 1 - 3, and therefore you receive a lack of authorization.
    You should tell your users not to put the range (or use authorization variables, this will automatically fill the values the user has authorization), or you must create a new authorization for the range values instead of single values.
    I once had to do that with mass generation, i.e., created a program that trys to find sequential values and creates new authorization with the range values, to fix that issue.
    Diogo.

  • S_CTS_ADMI Authorization issue

    Hi Experts,
    Every now and again a user sends me a SU53 with the error requesting access to S_CTS_ADMI field TABL. The user of this morning is trying to release a purchase order using transaction ME29N. Why would the SU53 indicate that the user want to maintain the control tables of the Change and Transport System in Production when they are trying to release a purchase order? I am running a trace ST01 but it's not helping.
    Could you please help me to resolve issue.
    Thanks
    Pavel

    Hi
    Gowri is perfectly ok. Below Objects checked.
    M_BEST_BSA
    M_BEST_EKG
    M_BEST_EKO
    M_BEST_WRK
    Along with that M_EINK_FRG also get checked.
    Check for access to all of the above Objects in user master records. Before that check with MM team to get these values of the PO that the approver is trying to release.
    1) Document Type : Relate with M_BEST_BSA
    2) Purchasing Group : Relate to M_BEST_EKG
    3) Purchasing Organization : Relate to M_BEST_EKO
    4) Plant : Relate to M_BEST_WRK
    5) Release code & release Group : Relate to Object M_EINK_FRG
    You also can get these information through ME23N
    If all of the above matches with user master record and PO then there is no further authorization issue. Rest on MM team !!!!!
    Best of luck...
    Arpan

  • Regarding BI Authorization Issue

    Dear Friends,
    can anyone help me to solve this issue..
    I have a Authorization Issue, u201CNO Authorization u201C
    Error : EYE 007 ( Insufficient Authorizations )
    I have follow this stepsu2026
    Steps 1 :-
    Define Authorization-Relevant Characteristics ( ZCUSTOMER )
    Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
    Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
    Eg: 0TCAACTVT
    0TCAIPROV
    0TCAVALID
    0TCAKYFNM
    ZCUSTOMER
    Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
    For example : ZAUTH In That I have taken
    ZCUSTOMERrestricted with value C100.
    0TCAACTVT with 3 ( Display )
    0TCAIPROV with * ( Astric )
    0TCAVALID with *
    0TCAKYFNM with *
    Steps 4 :-
    Assign Authorizations to Roles
    Use authorization object S_RS_AUTH for the assignment of
    authorizations to roles.
    Maintain the authorizations as values for field BIAUTH
    Ex: ZTESTA1
    S_RS_AUTH
    Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
    S_RS_COMP
    Activity Create or generate, Change, Display, Delete, Execute <...>
    InfoArea : ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
    S_RS_COMP
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    Name (ID) of a reporting compo :ZTEST_Q0001
    Type of a reporting component :Query
    S_RS_COMP1
    Activity Display, Execute
    Name (ID) of a reporting compo : ZTEST_Q0001
    Type of a reporting component :All values
    Owner (Person Responsible) for *
    S_RS_COMP1
    Activity Change, Display, Delete, Execute, Enter, Include, Assign
    Name (ID) of a reporting compo ZTEST_Q0001
    Type of a reporting component All values
    Owner (Person Responsible) for :*
    S_RS_ICUBE
    Activity Create or generate
    Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
    InfoArea :ZDEMO_ MIHI
    InfoCube : ZCUBET
    S_RS_IOBC
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    Infoarea Catalog : zioc_test, Zkf_test
    S_RS_IOBJ
    Activity Create or generate
    InfoArea :ZDEMO_ MIHI
    InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
    Steps 5 :-
    AND Assign this Role to User.
    Steps 6 :- ERROR
    When I execute the Report it is showing u201CNO Authorization u201C
    u201C Insufficient Authorization u201C
    EYE 007.
    Regards
    Siva

    Hi,
    In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
    Hope that helps.
    Regards
    Mr Kapadia

  • Authorization issue when using MB1B

    Hello to all,
    Please help me identify why the user is having authorization issue on MB1B...there's an error message that displays
    "no authorization for delivery from shipping pont 1234"
    Please advise on how to proceed with this error.  What are the checks needed?
    Thanks.

    Dear Patvin
    BASIS consultant is the one who helps in your project for authorization
    related,transporting related.
    See the problem which you are facing is due to authorization ,so a BASIS
    consultant can solve this issue,or just convey the same to your Team Leader.
    The problem is for that T code you can not deliver from Shipping point 1234,you
    can try for some other option.
    Regards
    Mangal

  • Authorization Issue to Upload file in Integrated Planning

    Hi All
      I have included the planning role for the user...which is the same as mine..I can execute and upload  the file..when I login with the user iD, it says you are not authorize to upload zFILE_SEQ/...in my role..there is Z* values also..
    No idea how to rectify as I dont see any problem??
    pppls help..

    Hi,
    Could you please look into the authorizations that restrict data selection for the user, say if he control one or two costcenters and you have access to all costcenters. Also you need to have that object in the Aggregation level that allow the user selection. You need to include that info object restriction based on authorization value in the aggregation level and in the upload file.
    Also try to execute the input ready query from RSECADMIN T-CODE . Use the 3rd tab and choose the user id and choose with log .Then on the next screen will be RSRT and choose your input ready query and execute. Then choose back button and the pervious screen choose display log, which will give you detail log on the authorization issue ...
    hope it helps...
    cheers,
    Balaji
    Edited by: Balaji NS on Jun 4, 2011 1:47 AM

  • Authorizations Issue in BI7

    Dear Gurus,
    I am having an issue with regard to Authorizations.  In BW3.x  with respect to query designer an end user can just change the local view of a query.  How about the same thing in BI7?  What are the procedures i need to follow to give an user authorizations to only the edit query local view.  Is there any BC role or Profile that i can just add to get the desired result.  Kindly give the inputs in a detailed manner as I am new to BASIS part.
    Your Kind Inputs will be definitely rewarded with a great honour.
    Regards
    Mohan Kumar
    Message was edited by:
            mohan kumar

    Did you tried defining authorization objects using transaction code RSECADMIN, as this is working of me for Profit Centers.
    Thanks.
    Sachin

  • Authorization issue regarding Bex Query

    Hi All,
    User Requirement: When ever the user is executing the report in Design Studio, user can able to see all the company codes (summary data) in the main page of the dashboard. If user wants to drill down to a particular Comp code, then user should access only which are authorized. Ex: If the user Test4444 is executing the report, then he/she can able to see all the comp codes data in the main page of the dashboard. If the user wants to drill down further to see the comp code wise data, then he/she should not allowed to see except comp code-4444 or what and all authorized .
    Back ground work:
    I have a Bex query, which is using the Design Studio. In this query, "0COMP_CODE" is a char InfoObj and I have created a Auth variable on this InfoObj. There are 4 autho objects created based on this "0COMP_CODE". And also 4 Roles and 4 users have created.
    Each autho_Objet has assigned to that corresponding Role and that Role is assigned to that correspond User. Details are as follows.
    Autho_Objet
    Role
    UserID
    ZTEST_MAIN (which includes all - 23 compny codes)
    ZMain_Role
    All users have to access this role
    ZTEST_1111 (which includes only CC- 1111
    Z1111_Role
    Test1111
    ZTEST_2222 (Which Includes only CC - 2222)
    Z2222_Role
    Test2222
    ZTEST_3333 (Which Includes only CC - 3333)
    Z3333_Role
    Test3333
    ZTEST_4444 (Which Includes only CC - 4444)
    Z4444_Role
    Test4444
    To achieve this requirement, I have created 1 auth.object for all Comp.Codes and assigned to one main role and this role is assigned to all users. This looks fine and hopefully it will work.
        The problem is the next step of drill down to comp.code. Here I have created individual autho.object per Role per User and mapped accordingly. Unfortunately, user can able to access all the comp.codes data because of the main role assigned. I got stuck here in this second level restriction. Could some one can through a light how we can achieve this in authorization. It would be a great assistance if some one help here. I would be much appreciated and grateful to your assistance and inputs. Thank you in advance!
    BR
    Venkat...

    In the role ZTEST_MAIN,
    You need to remove all company codes as this is overriding the rest
    Then add aggregate authorization, ie "0COMP_CODE" = ":"
    This is a special authorization which grants authorization to see the summation of all the 0COMP_CODE without giving detailed authorization to any.
    The rest of your design is fine.
    You should then use RSECADMIN to check any authorization issue you have.

  • Authorization Issues with fresh Installation of BWI 3.10

    Experts,
    I did fresh installtion of BWI 3.10. After installtion I've loged on client 000 with sap* user and created new client. To the new client I've assigned sap_all profile.  Under this new client I've created a user and assigned sap_all, s_new_46a0, s_new_50a0 profile. Loged on to BWI with the new user and trying run RSA1. It's giving me arror "You are not authorize to run transaction code RSA1". Matter fact this new user does not have any authorization to run any transaction codes.
    Would appriciate any help in resolving this issue.
    Regards

    Hi  I  Am Having the same problems as you  My HP Laserjet 1012 stop working after the update windows10.not only that I have some games that not working .                                                                                                              So you are not the only one                                                                                                                      Me tooI my go back to windows 7 I was very satesfied.   Thanks    ZAG

Maybe you are looking for

  • Removing the CORRECT iTunes files from a hard drive

    Help! Does anyone have any idea how to remove the old iTunes files. I want to delete them to free up space on my computer. I tried to move my library from this computer to a laptop. See below. I went through all the steps to move my iTunes library us

  • Allowing only ONE instance of a PDF to be open

    I'm trying to work out a new system for proofreading and commenting in our business using the Comment and Markup tools in Acrobat 8 Professional. I'd like to allow multiple users on a network to interact and markup a PDF easily. I'd like to make it s

  • Satellite P300-1EU: I cannot use my keypad

    Hi everybody, I have a big big problem, I have got a Toshiba P300 1EU, and for yesterday i can't use my keypad. When i click on "Num Lock" I see on the screen the same thing if I press "FN". I already make a system restore but it's don't work :/ I do

  • Spellcheck in pages on ipad - can it do multi language?

    Is it possible to get pages on ios (ipad) to do spellcheck in more than the one language (the ipad default language)? Other apps, including apple apps, seem to be able to take language from the keyboard and spellcheck accordingly, but pages doesnt se

  • IP address not used correctly at RT Ping Controllers.vi

    It seems to me that the IP address provided to RT Ping Controller.vi and RT Reboot Controller is not used correctly. What I do is: Set the Subnet flag true and give a numerical IP adress to RT Ping Controller.vi What I get is the controller informati