Authorization issue question???

Hello All,
               For one of the requirement we are in process of copying the SAP_ALL profile into a new custom role and edit all the authorization  ACTVT (activity) field  values  to with "03 - Display ". I had generated the
newly created role.
After this If I assign this new role to a user id and go to VA03 it let me to enter the VA03 initial screen and If I select a sales order number and try to view details it is throwing the authorization  error about the sales area "No authorization for displaying sales documents in 1000 10 00"
Message no. V1514
Diagnosis
According to the settings in your user master record you do not have the authorization to execute this function.
Procedure
If you need this authorization, contact the person responsible for assigning authorizations.
Authorization object: V_VBAK_VKO
I had checked the Auth. object "V_VBAK_VKO" It has those values already assigned.
What might be the issue?
Thanks for your help in advance.
Thanks,
Greetson

Hello All,
Thanks  for your responses.
I found the problem .. Problem is the role that I had copied had many inactive authorization objects inside it. But the object V_VBAK_VKO is active. I had tested it by creating another role that has only required auth. obj for sales order display and it is working fine.
I am not sure what is wrong when i blinldly replace the ACTVT field with value "03:- for display functionality for all the auth objects. Only for few objects that are inactive that I can see in the first role that I had seen.
Any hint??
Thanks,
Greetson

Similar Messages

  • Authorization Issue in WebUI (also ST01 question)

    Hi All,
    we are implementing new CRM 2007 and users will be working with the WebUI mainly in the future. Now here is something strange that we found out:
    When a user logs on to the Web UI and enters some sales transaction trying to add a new material he would use the F4 help to find the right material number. In our case he recieves an authorization error hindering him to display ANY materials (seems to be an authorization issue).
    But there are two strange thigs. When the user logs in to the old SAP GUI and triggers transaction CRMD_ORDER and accesses the very same transaction, trying to add a material and issuing the F4 help to recieve the material number it works! No authorization issues!
    Second strange thing that we discovered while investigating on this issue: The system trace ST01 seems to apparently not be working with WebUI. We can fully trace all authority checks for the latter case (when user logs in to SAP GUI), ST01 does not return ANY checks when being turned on while a user is working on WebUI.
    Any one of you experts out there any suggestions? Any experiences with that kind of traces and WebUI?
    Thanks in advance
    Alexander

    Hi All,
    I seem to have found the reason for both of my questions:
    1. Authorization objects checked in CRM WebUI are not at all the same as the ones checked in the CRM backend, i.e. in the old SAP GUI.
    2. There seems to be a known bug in transaction ST01 due to which no trace protocol at all is shown sometimes if too many authority checks fail. That's why it is apparently wise to run the authorization trace only with a high privileged user e.g. SAP_ALL to make sure the resulting protocol is accurate.
    Thanks, I will close this thread
    Alex

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • How does IDM takecare of Authorization issues

    Hi All,
    I am pretty new to IDM product. I am aware that using IDM we can automate user creation and role assignment, also with 7.2 we have password self service available.
    However i will like know whether IDM can also be used for regular authorization issues i.e., let say a user is facing an authorization issue in a particular tcode, in order to solve this issue we need to assign additional field values in one of his roles. will such issues where user id is already present and roles also assigned to that id but some changes to his roles is required be taken care by IDM.
    I couldn't get this info from Master and solution operation guide of IDM  7.2, so thats why i am posting it here.
    Regards,
    Siva.

    Hello - No IDM only manages the abap roles ie provisioning and deprovisioning. If the user requires additional authiorization and a role exists to solve this then this role can be assigned from IDM. However if you need to add extra values to a role this still needs to be done using PFCG.
    Hope this answers the question.
    Chris

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Analysis Authorization Migration Question

    Analysis Authorization Migration Question
    This is detail Question
    1)     I am testing Analysis Authorization Migration in NW2004s SP9 and have applied all OSS notes that are relevant to SP09 and are coming in SP10.
    2)     We have 2 Info object flagged as Authorization relevant 0COMP_CODE and 0COSTCENTER
    3)     We have Object level security set-up in BW 3.x system and for a role we have specified values like 0COMP_CODE has value 1000, 1800. “:”. In the same role we have specified 0COSTCENTER value 130001 to 180001, “:”  and hierarchy node.
    4)     When we migrate to Analysis Authorizations, using RSEC_MIGRATION, this program creates 2 Authorizations ZCOCODE00 & ZCOSTCTRH00. Both of them have 0COMP_CODE and 0COST_CENTER Objects.
    5)     ZCOCODE00 authorization gets value 0COMP_CODE values 1000, 1800. “:” and 0COSTCENTER Value “:”.
    6)     On the same line ZCOSTCTRH00 gets value 130001 to 180001, “:”  and 0COMP_CODE “:”.
    1st Question:
    1)     Why does it create 2 Authorizations?
    2)     During Checking it does not pass the authorizations, because it seems to me that it fails in Optimization process.
    3)     I manually merge the authorizations in “ONE” object then authorization check passes.  In other word if I combine ZCOSTCTRH00 & ZCOCODE00 then Query authorization check passes.
    Any one is struggling on this.
    Please note, I am doing Migration so that it updates existing Profiles (Roles now from SP9).
    Any comments will be very help full.
    Pankaj Gupta

    Hello Pankaj
    There are some basic misunderstandings on your side.
    Let me try to clarify:
    First we should distinguish between migration of authorizations and of what a query does with them.
    You had 2 auth objects before migration (in 3.x).
    Of course, they must be migrated to 2 new analysis auths.
    There is no general possibility to combine authorizations to a single one as the may appear in different roles and users. Moreover this would kill performance and finally, nobody would recognize the origin.
    Only in very restricted cases one could think of a combination of auths which come out of migration. But, then people loose overview about what goes on.
    Before the corrections in note "Migration IV" the : had not been inserted but now it is for good reasons.
    Now, accept for the moment that you receive 2 auths.
    Then, you cannnot (must not) combine the 2 resulting authorizations!
    <b>Authorization 1</b>
    COMP_CODE : 1000, 1300, “:”
    Cost Center : “:”
    <b>Authorizations 2</b>
    Comp_Code “:”
    Cost Center : 3100001-31999999; “:” plus a Hierarchy Node.
    This means that e.g. combination
    COMP_CODE 1000
    COST_CENTER 3100001-31999999
    <u>is not allowed!!!</u> Therefore, they must not be combined!
    Also, the query and its optimization is comepletely independent of the migration. And here, during query run time the auths cannot be combined. It is no failure!
    Moreover, the merging optimization is just a performance optimizaiton and has nothing to do with whether the query result is authorized or not.
    If you combine them manually you have authorized different combinations.
    Well, now you may wonder why you get 2 auths at all which leads to a "no auth" result in the query execution.
    The reason is, that in 3.x where you got a result with your 2 auth objects the modeling was wrong.
    If you want to authorize any combination of characteristic values, you should combine these characteritics together in one auth object, not in 2!
    (In BI7.0 it works like that but not in 3.x)
    But you defined 2 which may be valid even in several other InfoProviders independently and not even at the same time. Moreover, the auth objects may come from different roles and may be assigend to different users which then have completely different auth content. In general it is not possible to combine different auth objects or to find out those special situations which nevertheless allow for such optimizations. If you re-do a migration with more objects and users you could even receive different results which is also not satisfying.
    Therefore, instead, the mechanism was introduced to insert a : auth to those characteristics that are auth relevant (and checked now with 7.0) but not in the currently processed auth object.
    In you special case it may have made sense to combine them but not in general. And a migration can only try to work as general as possible.
    For your application you may combine the 2 auths manually if you want to allow also the crossover combinations
    COMP_CODE 1000
    COST_CENTER 3100001-31999999
    Best regards
    Peter John
    BI Development

  • Authorization issue during Jump

    Hi all,
    I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
    Both the multiprovider and the base infocube have the same authorization objects checked.
    Can someone please help?
    Regards,
    Ashmith Roy

    Pls have a look on the below thread:
    Authorization by InfoArea
    Regards
    Ganesh
    *Assign points if this helpful

  • Authorization issue in Info spoke

    Hi all,
    I am facing some authorization issue when executing info spoke in process chain.
    Info spoke is working fine in direct Scheduling (both background and Dialog).
    Am getting this error after execution of process chain
    "System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
    "System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
    "System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
    "Extraction Cube : Error in DataManager API".
    I dont know why this problem comes.
    Can anyone tel me what went wrong and how to solve it.
    Thanks in advance.
    Kind regards,
    Shanbagavalli.S

    Hi All,
        The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
    Thansk,
    Manjunatha

  • Authorization issue after the Support packs upgrade

    We're having problem on authorization issue after the SP upgrade.
    One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
    And the SU53 showing problem on S_TCODE FAGLL03.
    How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
    Thank you in advance.

    How can i send you the trace file? What is your email address?
    If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
    Anyhoo... (copy right @ David)
    What are the objects been caught in category RC=4, RC=12?
    Relate them with functional aspect of the transaction (error screen)
    Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
    Regards,
    Arpan Paik
    Edited by: P Arpan on Aug 23, 2011 2:36 PM

  • Authorization issue - need to know the Role providing this access

    Hi,
    User is facing an authorization issue below:
    "You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
    "You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
    Kindly let me know what Role is missing from the user's profile?
    Thanks and Regards,
    Sachin
    SAP Security Consultant

    Hi Murali,
    It helped.
    I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
    I did user comparision and then user is able to view the below DataSources....
    Thanks for your help, it triggered to find the root cause.
    Thanks
    Sachin

  • Authorization issue to execute query via analyzer

    Dear,
    We are experiencing an authorization issue that we can not solve...
    We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
    When we test in RESCEADMIN, everything is fine. We can execute the query.
    When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
    "There is no variable in the workbook, which allows user input"
    Does anybody have a direction to help us to orientate our investigation?
    Many thanks,
    Rodolphe

    Hello,
    What is the basic settings you have in the Query Properties basic setting tab
    Try making it mandatory
    Regards
    Nitin Bhatia

  • Authorization issue to view cube contents

    Hi Gurus,
      I am getting Authorization issue to view cube contents in Production server, When I execute the cube it is showing me the following statement.
    "You do not have sufficient authorization for the infoprovider ZMMG_C05".
    Please provide me a possible solution for this.
    Thanks,
    Jackie.

    Hi,
    Two things to be checked with respect to authorization for this one.
    1) Functional Roles: Check whether Info cube is present in the functional roles that are assigned to you.
                                  If not you need to get the functional role in which the Infocube is assigned.
    2) Data Access Roles: Check in the data access roles assigned to you, whether you have the access
                                      to the selection that you are using to see the data in the info cube. Else, request
                                      BASIS team to assign the appropriate data access roles to you.
    Hope this helps.
    Regards,
    Bharat

  • Authorization issue within a table in BI

    Hello All,
    Here is my authorization issue :
    We have set up an authorization on infoobject Zapplication. End user is allowed to choose "HR" only.
    In Rsecadmin, infoObject Zapplication is restricted to "HR"
    Then, this authorization object has been assigned to end user.
    This user go to a specific table to select an application and a date.
    When user display the possible value he only see "HR". Which means our authorization is correct.
    However, this user can enter another value such as "SD". This value does exist in infoObject Zapplication. So, it means that there is an issue with our authorizations settings.
    We have added a control table, it's even worse in this case, authorization are not checked at all and all available values are displayed.
    Any idea to prevent the user to entered a value within this table ?
    Why our authorization does not check the value entered directly in the table ?
    Thanks &
    Regards
    Cath

    Hello
    For info we manged to restrict acces on this table by using event table from table maintenance and we have combined it with a specific authorisation object.
    Regs
    C.

Maybe you are looking for

  • How to change data location in ADE 3.0?

    I want to change the place where ADE 3.0 is storing the data files. How can I do this?

  • Score to Picture "White Video Screen"

    Anyone else having issues with Score to Picture? I can see the Video in the arrange view but in the preview window the Video plays all white. Everything works find in logic express 7 but same movie in 8 I get a white overlay.

  • How to export oracle table to rdf?

    I have both, a table with fields and values and I´d like to dump into a virtuoso rdf format. I wrote a r2rml file thinking that it was the right way using https://github.com/antidot/db2triples but I´ve noticed that it´s not suitable for an oracle 10g

  • Exporting files in flash

    hey guys.....hi! m making a intro for kids and i loaded the .swf using the loader concept in action script.3.0. and m confused how to export this files which can be played when user insert the cd/dvd in cd/dvd rom.like we can find some interactive cd

  • No parser configuration entry for the tag ChartView

    Hi All, We have created chartview in VC 7.0 but getting below error while deploying in webdynpro runtime. <b>com.sap.tc.wd4vc.intapi.info.exception.WD4VCRuntimeException: No parser configuration entry for the tag ChartView</b> Rohit