Authorization log / Hierarchy node in SQL format
Hi!
I execute rsudo on a restricted user and the authorization log tells me that this fails because the user is not authorized for "Content(in SQL format): Node 5 8 0 31 E"
Now how do I translate this sql format into something I can read? I've looked through the hierachy tables for the relevant characteristic but I can only identify 31 as the hierarchy sid and E as the version.
Vice -
We had to do basically the same thing for 0CRM_TR hierarchy, but our steps were a little different since we are on BI 7.0 - 2004S.
We also had to limit the users visibility to data from certain nodes and below on the hierarchy.
1st, we made the 0CRM_TR object auth releveant.
2nd, we created an analysis authorization for the object via transaction code RSECADMIN. In the transaction we had to specify the Hierarchy variable name that would be used in Queries. We then selected the node (GUID) where we wanted the authorizaion to take place. We set the Type Auth to 1(subtree and below) and Hierarchy Validity Area as 2(Name Identical). We set it to 2 since the Hierarchy would always be loaded in the same name.
Similar Messages
-
Authorization to new hierarchy node (Profit center) in 3.5 Transaction code
Dear Colleagues,
I have an autorization problem that I wish you can help me with.
I have a (3.5) profit center hierarcy with authorizations on each node. These were made a long time ago by another consultant. Suddenly we have an additional node in the hierarchy (a new region). How do I give authorizations for this new node? Which transaction codes do I use, and how? I am a little bit familiar with PFCG, and have just briefly seen RSSM and SU01. But I can't see where I add authorization functionality yo the new node, and then give it to the user.
Will sign points!
Regards SiljeLook in RSSM to find out what your authorization object is for Profit Center.
Then lookup the roles that use this Profit Center authorization object -- Not sure how to do this because I usually know the roles I create! Ask the security or basis team for help if you can't find them.
Look at those roles and get an idea of how they are used ... In some cases you can group together values and use a wildcard to select a whole group. Such as, if I have profit centers ABC, ACD, ADE and BAC, I can select the group A* to only allow access to the profit centers starting with A. This person will not have access to the BAC profit center.
So, try to figure out how the other consultant assigned the profit centers, then add your new one in in the same way.
Brian -
Variable for hierarchy node using in authorization
Hi all,
I have the following problem:
When I create a variable for a hierarchy node and I use it for the authorization, I have the possibility to say, that a user can see all elements under a node.
But it should now be possible, that the user can also see the usage of this node bottom-up ( multi-level usage of this node ).
Is there a possibilty ?
Thanks
DieterHi,
I would suggest you provide more details than just "doesn't work". In addition keep in mind that this is a forum and not an official support channel. In case you need a faster response you should talk to the support team.
Ingo -
How to filter hierarchy node in BEX query designer
Dear experts
We are working on FI balance sheet with hierarchy infoobject 0GLACCEXT. Example of our balance sheet is as follow:
Parent Node A = 20
Sub-parent Node A1 = 10
Leaf A11 = 5
Leaf A12 = 5
Parent Node B = 20
Sub-parent Node B1 = 10
Leaf B11 = 5
Leaf B12 = 5
We require only:
Sub-parent Node A1 = 10
Leaf B12 = 5
So I filter those out in BEX restriction; however, after we examine the report in tcode RSRT, "Sub-parent Node A1" is not shown in BEX Report, and the result is as follow:
Parent Node B = 5
Sub-parent Node B1 = 5
Leaf B12 = 5
Are there solutions for us to show merely A1 and B12 ?Hi Chu
Try the following steps.
Initial Output
In this example I will restrict the query for only displaying Node 8603 and leaf 9000
Proceed to restrict the Characteristic. Please be aware of the difference between hierarchy nodes and leaf characteristic values. Also set the Hierarchy display properties to expand up to level 1.
Execute the query again:
Please be aware that users will still be able to expand node 8603 and see the lower level nodes/leaf. In order to restrict users from doing this set up users authorizations.
Regards,
Carlos -
Search Help for Hierarchy Node in SAP BW 7.3
Hi Experts,
We were previously using SAP BW 7.1 system and we had a table which used to be maintained through SM30 which has a customed search help on one of the fields for a hierarchy object. And it was working perfectly.
However, one of our systems have just been migrated into 7.3 version and the above functionality is no longer working.
This is what is happening now:
- User selects a hierarchy and after selection nothing is being displayed on field on the table.
We have tried to debug this customed search help in both environments to distinguish what is wrong. We have noted that a standard function module (RRSV_IOBJ_VALUE_OUTPUT) is not behaving similarly. In 7.1 system, the C_T_DATA table is being filled whereby in the 7.3 system, it is empty.
Do you think this is the issue?
Please do advise and propose what can be done to make it work. Or any idea on how to create a new search help for a hierarchy node in 7.3?
Thanks in advance.hi,
one more thing i will like to add here is in BW 7.3 you get a new security admin feature that allows you to make mass changes to authorizations instead of one-by-one. This can be done by cut-and-paste in a worklist, hierarchy nodes, and you can also add users to multiple analysis authorizations.
The u2018newu2019 authorizations has both the data value and hierarchy restrictions. You can still build using the u201CRSECADMINu201D transaction
Also make sure that all objects are in the TLIBG library and they will be 'shielded' during the upgrade.
regards
laksh -
Export WebDynpro context node to CSV format?
I have successfully implemented exporting the context node to xml format then open through the Excel following the tutorial : Exporting Context Data into Excel Using the Web Dynpro Binary Cache.
But now, I need to implement another version that export to CSV format, then open through Excel.
I remembered I read a blog and some forum posts that mentioned about this solution, but I just could not locate where they are now through SDN search now.
I will appreciate if someone can point me to those links again.
Thanks.
KentHi Kent,
I am also developing the application wherein Table data needs to be exported to Excel.
I am trying to download the WDExcelExport.zip from the foll. link
https://wwwn.sdn.sap.com/irj/sdn/downloaditem?rid=/webcontent/uuid/bad3e990-0201-0010-3985-fa0936d901b4 [original link is broken]
But I am getting the error
Portal Runtime Error
An exception occurred while processing a request for :
iView : N/A
Component Name : N/A
The exception was logged. Inform your system administrator..
See the details for the exception ID in the log file
Can you please send me the Sample Application WDExcelExport.zip. My mail id is [email protected]
Regards
Nikhil Bansal -
Restric to hierarchy nodes and characteristics at the same time
Hi together,
I've got a profit center hierarchy and an authorization object with those fields:
0CO_AREA
0PROFIT_CTR
0TCTAUTHH
The controling area is compounded to the profitcenter.
Then I created an authorization definition for hierarchies where i added a node from my profit center hierarchy.
But aditionaly I want to add a single Profit center, which is not below this node. but it does not work. I only get the profit centers below the node i maintained for the hierarchy authorization and not the single entry for the profit center
How can I setup this situation where I need to maintain on the one side one or more nodes in a hierarchy and then a single profit center which might be under another hierarchy node although this node is not explicitly allowed?
Kind regards
StefanThanks for the reply. This issue is becoming a major problem for lots of implementations. I have sent out several forum and OSS on this but no solution.
-
Hierarchy node variable in BPS planning level
Hi gurus,
I have a set of planning levels and packages that are meant for all users. The users currently are segregated by 0costcenter hierarchy nodes, i.e. groups of users are belonging to different nodes within the 0costcenter hierarchy. These group of users each have its respective authorisation profile assigned based on hierarchy node.
The planning levels and packages are configured so that 0costcenter is one of the header characteristics in the layout.
Is there a way for the characteristic 0costcenter in the planning level and packages to derive the cost centers from the authorisation profiles ?
Advice appreciated.
Thanks.You may consider any of the following:
1. BPS variables with authorization replacement type.
2. BPS variables with user defined values replacement type.
Ravi Thothadri -
Dynamic columns in query depending on hierarchy nodes
Hello all
I want to design a query with dynamic number of columns depending on hierarchy node.
A hierarchy node is selected while running the query and user has authorization to see all subsequent nodes below the selected node.
e.g. consider grp hierarchy with units and sub-grps as nodes.
level1 Grp1
levele2 unit1 : grp2 : grp3
level3 : unit2 unit4 : unit4 grp4
Suppose user select node Grp1, then there should be 3 columns for unit1, grp2, grp3
If user selects node grp2, then there should be 2 columns for unit2 and unit4
Please help. Any suggestions highly are highly appreciated.
Rgds
SanjyotSurekha,
Try this.
Place heirarchy/characteristic in columns, under this place required keyfigure.
Restrict with variable.
Srini -
Hierarchy node value in the report
Hi all,
I have a 0cost center for which master data hierarchy has been loaded.
This 0costcenter has 4 hierarchy nodes and under each node there are few cost centers.
Say these nodes are zones then under each zone there are few costcenters.
Now my question is in the reporting I want to see the costcenters Zonal wise.
Say if I want to see only the zone 1 and the rest three zones should not get visible or displayed then how could I do that?.
How can I restrict the other User viewing my zone and the cost centers and their values?
I want a report based on zones and that to with authorization?
ThxHi Simon,
Yes as you said I create a hierarchy node variables for zone 1 ,zone2, zone3, and zone4 and as per the requirement I can call the variable to display the data zone wise.
When it comes for Users then how could I restrict the variables according to the Users?
As you said how to fill the node with authorization?
How to use standard authorizations and where can I find them?
And how can I fill them at run time?
how to use personalisation to default in per user the value of the node and then not allow the variable to be user selected, how to do this ?
plz explain
Thx -
How to do authorizations on unassigned nodes for hierarchies
Hi,
Is there a white paper from SAP that shows how to do authorizations for unassigned nodes for the hierarchies? Or has anyone completed this challenge and would be willing to share their approach and strategy?
Thanks
WillHi Ashwin,
The characteristics are 0COSTCENTER and ZDEPT. The Hierarchy structure should be
-Test Hierarchy
--Cost center 1
---Dept1
---Dept2
---Dept3
--Cost center 2
---Dept4
---Dept5
---Dept6
--Cost center 3
---Dept7
---Dept8
---Dept9
Etc.
We have transaction data where a certain Cost center doesn't have the department and when displaying the hierarchy there would be some unassigned nodes for the BW report.
What would happen if the following hierarchy is in place and I am trying to do authorizations for the 0COSTCENTER and ZDEPT:
-Test Hierarchy
--Cost center 1
---Dept1
---Dept2
---Dept3
--Cost center 2
---Dept4
---Dept5
---Dept6
--Cost center 3
Where cost center 3 has no department for it?
Thanks and regards
Will -
Different colors for hierarchy nodes in WEBI 4.0 (Possible or not)
Hi Everyone,
We have been listening a lot about the capability of Webi 4.0 in terms of Hierarchies from BW BEx Query. It works just fine like in BEx Analyzer, but is it possible to create formatted reports like we do in Crystal reports to display different colors for the hierarchy nodes. The reason for asking about this functionality is though Crystal Enterprise also inherits Hierarchical view from BEx Query we still won't be able to drill down in real time to do some interactive analysis.
Where as Webi 4.0 can allow us to do interactive analysis by allowing us to drill down on the hierarchies, but it would be great to show the Webi report with different colors for the hierarchy nodes along with the drill down functionality, to give users the best look and feel while working with these reports.
I am trying to achieve this functionality but I am not successful yet and running out of ideas. I am also not sure if this is possible or not. Can anyone throw some light or share there thoughts on this.
Any comments will be greatly appreciated.
Thanks & Regards,
SRVCreate a variable with:
=[Object].Depth
where [Object] has to be the one containing the BEx hierarchy.
This function will return the hierarchy level starting with 0 (zero).
You can use the value of the variable the in the formatting rules:
variable equal [hierarchy level]
to format all hierarchy nodes on the given level.
R. Uli -
Authorisation in Hierarchy node variable type
Hi,
Is it possible to have a Hierrachy Node variable that is processed by Authorisations ?
Regards,
Saurabh Diwakarhttps://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
Create BEX variable for authorization
1. Right click on the IO -> choose 'Restrict'
2. Choose 'Selection' = 'Single Value' and 'from Hierarchy' = 'flat list'
If a hierarchy exists, select the hierarchy for the IO
3. Go on the variables tab -> Right click -> 'New variable'
4. For a restriction without hierarchy, the type of variable is 'Characteristic Value' and if you have choose a hierarchy, the type of variable is 'Hierarchy node'
5. Select a variable name & a description
6. Choose 'Processing by': = 'Authorization' then check the characteristic and click 'next'
7. Choose the display area for the variable -> Variable represents: = 'Single Value' or 'Selection Option'
8. Choose if the variable entry is Optional or mandatory,
9. Don't select 'Ready for input' and 'Can be changed in query navigation
10. Next to the end
Hope this would help you ... -
Hello Gurus,
I have a Cost Center Hierarchy upto level 4.
In my Query I want to restrict the Hierarchy Node to Level 2. This shud be a kind of permanent setting. ie; User should not be able to drill down beyond Level 2.
Is this possible.
Full points to correct answers.
Thanks in advance.Hey In BI 7.0 it has been made very simple...
Path A:
Go to
1.Rsecadimin>authorization>maintenance
2.Create and authorization object
3.Insert the infoobject 0costcenter
4.Select its row click on details(lens icon)
5.Now you will find two tabs one for a.Value authorization b.Hierarchy authorization
6.Click hierarchy authorization and there you can put the name of hierarchy...and select the levels upto which you want to authorize the user...also many different combinations ..try it once and you will enjoy it.....
Don't forget to use it in the report...using a hierarchy node variable having processing type as authorizations.
Path B:
Directly mention that on the Hierarchy tab in the properties window for that infoobject the display is allowed till what level..
use which ever you prefer..
Thanks==points
Message was edited by:
rocks -
Authorisation Error - Hierarchy Node
Hi All,
I have the following error when I try to run a report, there are madatory fields on the variable screen for Cost Centre Hierachy & Cost Element Hierarchy. When using BEx Analyser I can enter passed this error message & the report will display results, however when I use the Portal, a different error message appears.
I need this report to run successfully in the Portal, please can you help
BEx ANALYSER ERROR MESSAGE
Diagnosis
The system has determined the authorized areas (nodes) for the characteristic and the hierarchy (,). It also determined that you do not have authorization for any of these areas.
System Response
If this situation was determined while a variable was being filled, the query cannot be executed or the hierarchy is not displayed.
Procedure
You have to have authorization for at least one node or leaf for the characteristic and the hierarchy (,) so that something can be displayed.
If the selection only comprises end nodes ("leaves") and all of these leaves are covered by value authorizations, a query result is still displayed.
Procedure for System Administration
PORTAL ERROR MESSAGE
WARNING EYE (019): No authority for the node from characteristic ASCH407D, hierarchy YIR BI-KPIGRP (00000000,)
MSGV1: ASCH407D
MSGV2: YIR BI-KPIGRP
MSGV3: 00000000
ABEND RSBOLAP (000): Program error in class SAPMSSY1 method : UNCAUGHT_EXCEPTION
MSGV1: SAPMSSY1
MSGV3: UNCAUGHT_EXCEPTION
& it will not display resultsHi,
Using the T-code SU01 check what are the authorization do you have. Identify the authorization which is related to cost center/cost element. In the T-code PFCG check if that authorization includes that cost center/cost element hierarchy node or not?
In order that query should run in Portal, relevant authorization must be transported to portal.
Hope it helps.
Regards,
Prakash
Maybe you are looking for
-
HP Officejet 6000 will not connect to new wireless modem.
I have Windows 8.1. My HP Officejet 6000 E609n wireless printer worked well, until the modem died and a new one was installed (new address). I need to know how to make it recognize the new network address. (Note: I tried to install the original se
-
Can't transfer items bought on iphone to itunes
I'm getting a notice there's a new version of my iphone OS. But when I click on update, it tells me I have items I purchased on my iphone that haven't been transferred to my itunes library and I should do that before updating. So I go to the tabs for
-
ACD 30 + Belkin SOHO F1DD102L KVM
Troubleshooting connecting an ACD 30" to a Belkin SOHO F1DD102L KVM. Here is my setup: Apple Cinema Display 30" MacPro 1,1 with ATI Radeon 5770 DVI video card (this is an upgrade from the stock card) MacBook Pro 3,1 I connected everything and when sw
-
Main live 2008 R2 server (on AWS) has stopped applying updates
Hi all, Hopefully someone can help me - I can't believe I'm the only one experiencing this issue. Our main live server is 2008 R2 (x64) running on Amazon Web Services. Until recently it had been working fine, however now it won't accept ANY updates -
-
Convergence Firefox Mime types
I'm trying to download an email attachment from Convergence using FF 3.0.5 on Solaris 10 U4. I'm getting the following error: /tmp/<File Name> could not be opened, because the associated helper application does not exist. Change the association in yo