Authorization object for BW access from BOBJ
Hi gurus,
I have the following error
I log in to BOBJ using BW ID (Single Sign On enabled) and execute a WebI report. This return error WIS 10901. This error eliminated once i add SAP_ALL to the user
Can anyone advice what are object that the user should be granted in the BW side in order to execute the report
Thank you
BR
Hi
I have created a variable (user exit) for object 0COMP_CODE which will return the list of company code that the user have authorization to using the following codes for the variable
CALL FUNCTION 'RSEC_GET_AUTH_FOR_USER'
EXPORTING
I_IOBJNM = '0COMP_CODE'
I_UNAME = 'BOBJ1'
IMPORTING
E_T_RANGESID = lt_RANGE.
LOOP AT lt_RANGE into ls_RANGE.
MOVE ls_RANGE-low to wa_range-low.
MOVE ls_RANGE-high to wa_range-high.
wa_range-sign = ls_RANGE-sign.
wa_range-opt = ls_RANGE-opt.
APPEND wa_range TO e_t_range.
When I execute the query using analyzer , I have the query result returns without any errors but in BOBJ WebI report Iu2019m getting the following error
Query 1 - GLConsol - SSO
u201CA database error occured. The database error text is: Error in MDDataSetBW.GetCellData. You do not have sufficient authorization. (WIS 10901)u201D
When I change the list of company code that this user have access to * (all company code using the tcode rsecadmin) this error disappear and Iu2019m able to run the WebI report perfectly with all company code listed
Please advice what am I missing
Thanking you in advance
Similar Messages
-
Authorization Object for data downloading from application server
Hi friends ,
My program downloads and uploads data from the application server .
My requirement is ,
Authorization checks should be performed on the Server directories to ensure that the user has access to read and write to the directory. It should check the s_dataset authorisation object for this.. If a user does not have the s_dataset authorisation object no upload or download should be allowed.
Can you please tell me how to deal with this ? how do we check the above condition ??
Many thanks ,
Hemanthi,
This is not a single step process.
First of all you have to create a field for authorization for server directories from su20 and then create authorization object from su21.then define a role from pfcg with this authorization object and assign this role to user profile from su01 with values defined.
Then you have to call this authorization object in your program at selection screen. -
Authorization object for InfoArea access
Hi,
what authorization object should i use to give access to just a few InfoAreas on workbench and Bex ?
thxHi,
As you are having S_RS_ICUBE in your role, drill down the complete tree, now you can see Info cube, Info area, activity etc options. at info area level give the info area name and if you want to restrict for few info cubes, you can give cube names as well. now goto activity tab Display (03), Refresh(66) and maintain(23), this depends on your requirment. same you can give in S_RS_ODSO and S_RS_COMP and S_RS_COMP1, if you have * here, it will overwrite the restrictions of other object. -
Adding authorization object for "Function Group"s ?
Is it possible to add any authorization object for any function group ?
We have an issue i.e. whenever user "XYZ" is getting some Windows Excel related error whenever trying call an excel report from BW server. System log related to "XYZ" user shows that -> User "XYZ" has no RFC authorization for the function group "ABCD". The RFC authorization object is S_RFC.
Function Group you can check through SE37->GoTO->Display Function Group
Now is it possible to add authorization for any "Function Group" ?You give authorisation for all function groups by giving auth object S_RFC a * value in field RFC_NAME
However I do not recommend this as giving wide access to RFC's can bypass a lot of the security you have implemented for the users.
In this case, add only the function group that the user requires in this instance into S_RFC -
Authorization Object for Cost center
Hi Experts;
We are using SRM 7, classic scenario.
We are copying SRM tcode: BBP_BW_SC4 to a Z report and modify it. The users will be given the access to display the status of thier SC.
How can I restrict the user from displaying the SC of other department's? Is there an authorization object for cost center in SRM? is there any other away to restrict the users from displaying SC related to other depts.
Appreciate your helpby the way, why are you not using the standard SAP powl queries? they anyways restrict you from viewing others SCs except your team
any ways, if you are copying that report this BBP_BW_SC4, then change this
PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter.
to
PARAMETERS pa_coce TYPE kostl OBLIGATORY DEFAULT lv_costcenter no-display.
Edited by: Soumyaprakash Mishra on Jan 31, 2012 3:48 PM -
Authorization object for Object services
Hello together,
I want to know if there is an authorization object for Generic object services functionilty especially the WF options like WF overview, start WF, Archieve WF..............................
My understanding is any user who has access to a particular Business object, can user GOS to view WF stuff..................Is my understanding correct or should we have extra functions.....................
RegardsCheck authorization objects S_OC_ROLE and, for recent releases, S_GOS_ATT.
Regards,
Raymond -
Authorization object for plant on selection-screen
Hi All,
I need to cehck the authorization object for plant on sleection screen..the palnt is select-options.
I have written the code
Declaration of local constants.
CONSTANTS : lc_i(1) TYPE c VALUE 'I',
lc_eq(2) TYPE c VALUE 'EQ'.
REFRESH : r_werks.
LOOP AT s_werks.
IF s_werks-low IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-low.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-low.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
LOOP AT s_werks.
IF s_werks-high IS NOT INITIAL.
AUTHORITY-CHECK OBJECT 'M_MATE_WRK' "Check if the user has autorization for the plant.
ID 'ACTVT' FIELD '03'
ID 'WERKS' FIELD s_werks-high.
IF sy-subrc NE 0.
r_werks-sign = lc_i.
r_werks-option = lc_eq.
r_werks-low = s_werks-high.
APPEND r_werks.
ENDIF.
ENDIF.
ENDLOOP.
My doubt is will the authorization will check the plants in between 1001 and 2001..suppose i have pplants 1001,1002,1003,1004,2001..Now will the above code will check for all the plants or only 1001 and 2001 if i specify in the select-options.
Regards,
rajHi Raj
First no need to LOOP AT s_werks and check s_werks-high as it will always be present only once in the table s_werks.
Do this
SELECT werks FROM t001w INTO li_werks
WHERE werks IN s_werks.
LOOP AT li_werks.
*check your authority thing here and fill the range
ENDLOOP.
Pushpraj -
Authorization object for PLANNING PLANT
Hi all,
My client has different Planning plant & Production plant.
If I need to give access to GR for order (MB31), how do I know the authorization object for the Planning plant.
User should be given access to MB31 to the Planning plant & NOT to the Production plannt.
Any idea where we could find the authoriz. objects for a particular field?
Pls advise.Goods Receipt for Production Order: Movement Type M_MSEG_BWF
Goods Receipt for Production Order: Plant M_MSEG_WWF
these are the authorisation objects with activities as ACTVT and WERKS
Maintaine the values for ACTVT as
01 Create or generate,
02 Change
03 Display
04 Print, edit messages
and maintaine the values WERKS (ur plants 4 which u want to give authorisations)
and BWAR ( movement types 4 which u want to give authorisations) -
Authorization Object for Transaction code XSLT_TOOL
Hi Friends
When i try to use transaction xslt_tool the following error appears "You are not authorized to use transaction xslt_tool".
Can anyone give the Authorization object for transaction xslt_tool,
Regards.
WishvaGive access to the transaction in PFCG.
Then use SU53 to highlight any additional access required. -
Authorization Object for Material Type
Hi All,
Is it possible to restrict the user from creating the material master based on Material Type. If yes then what is the authorization object for the same.
Regards
MahendraDear Mahendra,
You can definitely restrict a end-user to only particular Material Type thru Authorizations.
Authorization Object: M_MATE_MAR
This can be done thru authorization management. Consult your Basis person or follow this:
SU01 - Enter the user Id & select display button. Now click on the Roles Tab & note down the role assigned to this user Id.
Go to T-Code - PFCG - enter the Role name & select the change icon.
Click on the Authorizations tab page. & then Click on Change Authorization Data.
Now expand the menu tree of Materials Management: Master Data & further expand the menu tree of Material Master: Material Types. Now click on the change icon next to Authorization Group & select the required Material Type that you want to authorize the end-user.
This is how you can give authorizations only for a particular Material Type.
Hope this helps.. .
Give point if useful...
Thanks,
Jignesh Mehta
Mumbai -
Authorization Object for Event
Hi,
Could you please let me know if there is an authorization object for restricting based on Event name.
Like a User should be access only one Event in SM64. Remaining Events should not be accessable.
Thanks,
Sai.Hi Sai,
Check this link:
http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/frameset.htm
Bye
Dinesh -
Authorization Object for Ibase
Hi all,
I am developing PCUI, and one of the requirement is based on login user from portal, the PCUI view for Ibase / Installed Bases should be View Only.
Can this be restricted via authorization object, by giving the 'Display' right to the role, instead of full authorization?
My basis inform me that he couldn't find the authorization object for Installed Bases. But I doubt it. Can any expert give me a guide?
** for launching the PCUI ~ Ibase, application is COMM_IBASE
regards,
Ginnie.Hi,
Check out the object
IB_IBASE AAAB Authorization Object for Installed Base
Rakesh -
Authorization Object For Order Type in Tcode KO88
Dear Sir,
In Tcode KO88 , we want that an users must be able to use only a specific type "Order Type" . But we do not know which is the authorization object for this .
I look forward for the kind help from SAP Expert as how can we put restriction based on "Order Type" in Tcode KO88 .
Regards
B V Mittalhi,
check your authorisation objects here:
Go to PFCG --> Environment (at menu bar) --> authorization objects --> Display...
Here see for MRP and MM for material managament in the tree structure...
Regards
Priyanka.P -
Authorization Object for using Object Services
Can you tell me how to limit a users authorization to create or delete attachements using the object services functionality? We'd like to control the addition and deletion of the attachments. Is there a specific authorization object for this functionality?
Thank you, JulieHi julie;
I hope that following are the solution for you problem. Check wheather this is helpful to you or not.
Authorization Object C_DRAW_BGR (Authorization Group)
The following table shows authorization object C_DRAW_BGR. This authorization object allows you to limit access to individual documents.
Fields Possible Values Description
BEGRU (Authorization group) 0000 - ZZZZ Used to restrict the authorizations for document maintenance further.
Authorization object C_DRAW_BGR can be used to restrict access to individual documents. It works like a simple on/off switch. If the check of object C_DRAW_BGR is fine, the user's authorization can be further restricted by checking C_DRAW_TCD (check only based on the document type) or C_DRAW_TCS (check of the
combination of document type and status). At the fifth level there is a BADI called DOCUMENT_AUTH01, which you can use to design your own authority check.
Authorization Object C_DRAW_DOK (Document Access)
The following table shows authorization object C_DRAW_DOK. This authorization object controls which original data of a specific document type there are access authorizations for.
Fields Possible Values Description
ACTVT (Activity) 52 53 54 55 56 57 Change application start Display application start Display archive application Change archive application Display archive Store archive
DOKAR (Document type) Here you enter the document type that access to original data is allowed for.
Authorization Object C_DRAD_OBJ (Object Link)
The following table shows authorization object C_DRAD_OBJ. This object controls which users can process which document info records, based on a combination of activity, object, and status.
Fields Possible Values Description
ACTVT (Activity) 01 02 03 06 Create Change Display Delete
DOKOB (Object) You must enter the data base table for the objects here (for example, MARA for material record).
STATUS (Document status)
if useful rewards points.
Regards,
nitin
Edited by: nitin bhagat on Feb 18, 2008 6:23 AM -
Authorization object for sales tax code (MWSKZ) in FB60
HI, there is a FI tcode FB60 in FI module. The requirement is that user wants to restrict some users to enter only few sales tax codes from among the list. For example if there are 30 tax codes, then user should be authorised to enter only 5 tax codes from the list. In standard authorization, there doesn't exist an authorization object to restrict tax codes. Kindly tell me the process of making authorization object for this task.
I have made one authorization object. I think i need to call this object somewhere in user exit of FB60. Is this the way of doing this?? Kindly if someone have done this, mention down the procedure of making authorization object and how to implement it. ThanksHi,
Instead of creating a authorization obejct and assigning it to the tax code, it will be easy to write the code in a user exit to check whether the tax code is applicable for the user. Suppose if the user enters a non-applicable tax code, you can throw an error.
Do u want to restrict the number of entries in F4 help for tax code for a particular user?
Cheers
~Niranjan
Maybe you are looking for
-
Need help with backed up photos-now cannot view..?
Using iphoto 6, super duper, seagate external hd. Drive has already been set-up and backed up several times-been working well........until....... Last night, I saw that out of 120gb I have about 5gb left on my G4.! "decided" to back-up iphotos and "d
-
LVM /dev/mapper is empty, + systemd boot hangs
Hi! 1st problem: I have 2 vgs with 1 lv each -- called Sys/Linux and Sys2/Var. Booting the kernel with root=/dev/mapper/Sys-Linux works, but after mounting the root fs, /dev/mapper is empty: $ ls /dev/mapper control 2nd problem: I changed UUID= to /d
-
IPhone connection to Samsung WEP420
I have an iPhone 3Gs that I have recently upgraded to the V4 operating system. Before the upgrade I was unable to connect to my Samsung headset and hoped it would change after the V4 install. It has not and I can still no longer use my headset. Does
-
Hi, I have created one new plant by copying a standard plant. I copied this plant by coping all the tables from standard plant only. While creating PR for that new plant I am getting the following error u201C Valuation Area not definedu201D. Here t
-
Hello, I want to create a form in the portal. I go to PORTLET BUILDERS --> Form Portlet --> define --> Form based on table or view ....--> Finish. But when I finish the Wizard no form appears in the region. What can I do? Thank you for helping.