Authorization object in zee report

Similar Messages

• Authorization Object for HR Reports

  Hi All,
  I have to restrict the users based on Company Code so that the users can only access the data for which they authorized from the standard HR reports.
  Please suggest the authorization object.
  With Regards
  Akshat

  Hi Akshat,
  For HR perspective its best to use P_ORGIN Authorization Object which gives you flexibility at following level:
  INFTY: Infotype Number
  SUBTY: Subtype Number
  AUTHC: Authorization Level
  WERKS: Personnel Area
  PERSG: Employee Group
  PERSK: Employee Subgroup
  VDSK1: Organizational Key
  You can consult functional consultant for its parameters and further help.
  Hope this helps.
  Regards,
  Naveen

• Authorization object to provide reports per role

  Hi experts,
  I'm managing the roles for my Bex Analyzer users, and i'm struggling to findo the role that allow the reports to be available on role folder.
  When you open the BEx analyzer query, on left side, there's Find folder, Favorites Folder, Infoarea folder and Roles Folder.
  Each user will have limited access to queries by working area.
  I would like them to have all the queries that they are allowed to use on the Roles folder.
  Does anyone know which object I have to use?
  Many thanks
  Joana

  Hi
  Not very clear on your requuirement. see if this helps,
  Check all the queries/workbooks for the role assignment. you can check this info in metadata repository.
  Please see the last point in the blog
  Queries in a Workbook/ Workbooks on top of a Query
  Once you have the list of roles see which role has all or maximum queries. (add missing queries,in case, to the role either thru PFCG or from BEX).
  check the role in PFCG and see the authorizations, S_RS_COMP --Business Explorer - Components and S_RS_COMP1 --
  Business Explorer - Components: Enhancements to the Owner( goto PFCG?display role>authorizations tab>display authorization Data>business warehouse>expand, techincal names(s_RS_COMP) can be seen from utilities tab>Techinical names on). Check the activity and assign only required activites(like Display/Execute).
  http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/27456. [original link is broken] [original link is broken]
  Then check the Users tab and assign all the users who ever should see the reports.
  Hope this helps,
  Aparna Duvvuri

• Adding authorization objects to Report Painter reports

  Hello Everyone,
  Is there way to add authorization objects to report painter reports ? I know it is possible to add auth group at the header level but I need to limit access at run time to specific objects, say for example, Cost Center. Is this possible ?
  I have seen the Get_Reporter.pdf document and it seems to discusses adding auth group but not auth objects.
  Thanks in advance.
  Dorothy

  hi
  good
  use this tcode to create authorization
  SU21  Maintain Authorization Objects
  this link ll give you idea to create the authorization object for the report painter.
  http://www.virtuosollc.com/PDF/Get_Reporter.pdf
  Award points if helpful.
  thanks
  mrutyun

• Custom authorization object

  Hi all,
  I have created a custom authorization object to define a data security based on the Company code field.
  These are the steps I did:
  - I create a new authorization object containing the Company code field (BUKRS).
  - I create a new role with this authorization object, and I have assigned a specific value to the Company code field.
  - The role contains also the standard authorization object HR Master data which contains the field: infotype, personnel area...
  - I have assigned the new role to a user and I have executed a report, but I had not the expected result.
  - I had assigned the custom authorization object to the report transaction through SU24 and SU22, but I had not the expected result.
  As expected result I was expecting that the data are filtered based on the Company code I put in the authorization field.
  Any idea about the problem?
  thx!

  Please check that you have followed all of the steps listed here when creating your object:
  <a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm">http://help.sap.com/saphelp_erp2005vp/helpdata/en/9e/74ba3bd14a6a6ae10000000a114084/content.htm</a>
  - April

• Check for Authorization object

  Hi All,
  I have a report which will authorize the person running the report.
  I have been given a requirement which is to not accept some users and accept some users.
  Now I know this is possible with authorization object but as I never worked with it so I exactly kind of getting in confusion as to how to go about it.
  Could some one let me know how to go about it. I have few questions.
  1. what is the exact use of authorization object.
  2. I can build in the logic but what all should one start with before going for before implementing authorization object for the report.
  3. I know there is some basis work involved in this but what is that ?
  Thanks,
  Mahen

  Hi,
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• Authorization Object is not working when report is modified.

  Hi BW Guru's
  We have Company Code as Authorization Object .and we have 3 company Codes (xxxx,yyyy,zzzz).where the users under Company code xxxx are not supposed to view company code yyyy,zzzz data etc.
  I modified an existing Report and transported to production.But the Authorization Object is not working for that report.The Report is defaultly displaying all the company codes data(xxxx,yyyy) for all the users.But for the other reports its(company code ) is working fine.
  What could be the problem?Is theproblem in transporting the objects.But i transported all the objects inluding auhorization object.
  Please send me the solution as it is very much urgent.
  The solution will be def. awarded with full points.
  Regards
  Sanjay

  hi Sanjay,
  please don't post the same question again, check and response back from your previous thread
  Re: Authorization Object is not working when report is Modified.
  hope this helps.
  would be nice if you reward for helpful answers to all of your previous postings, e.g
  docs related to RRI

• Report to check authorization object used in customized programs

  Hi Guys,
  An auditor came and he raised a question to us, he asked whether all of our customized transactions and programs are maintained with authorization checks? The question is how can we check what authorization objects are used for our customized programs and transaction codes? The developer did not maintain the objects used for that program in SU24 table. Is there a program or a report to show us all the authorization object used for a customised program or transaction? Example : T-code MIGO we can check in SU24 table for all the authorization object used. How do we check for customized tcodes? Please advise. Thanks!
  Edited by: Jarod Tan on Nov 25, 2010 9:42 AM

  Note that some programs are built in such a way that no (visible) auth check is necessary, or even desired at all.
  To determine the necessity of an auth check, you should check that starting it has an entry point (tcode, rfc, service) which is appropriately restricted. The rest (whether and where and how a further check is evaluated) is entirely dependent to what the program actually does.
  Well designed applications generally have centralized functions and methods, and the checks are in there or a "base check" they use.
  Others again use the same in UI programming to determine the visibility of functions, to make the application more intuitive for the user. This on it's own is however not a sufficient auth check to rely on.
  Code review is an art form!
  Cheers,
  Julius

• Authorization object for running a report in background

  Good day experts,
  I tried running a report in background, I choose immediately so that it doesn't have to be scheduled. But when I checked it in my own jobs, It remains at scheduled status. When I tried it on my admin account, It works and with status finished. It seems to be an authorization problem. What object could I be missing with my user account? I tried S_TCODE SMX and SP02 but still not working.
  Thanks in advance!

  Hi karshbax,
  What you're looking for is authorization object S_BTCH_JOB. You need authorization for field JOBACTION = RELE.
  In future use transaction SU53. It shows last error authorization error, so if this is authorization problem then after try of manual releasing of job you'll find in SU53 precise info what went wrong.
  Best Regards
  Marcin Cholewczuk

• Report to view user nm, authorization objects, activity, transaction code.

  Hi All,
  I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
  Is there any standard report to view all this at a glance?
  Can anybody help me on this?
  Thanks.

  u can try SUIM tcode
  its really helps u
  regards,
  Abhilash

• Authorization object coding in ABAP report

  Hi,
  I am working on a report. The output of the report is details regarding vendor based on purchasing organization. When user executes the reports, they should be only able to see details if they are authorized to (create, change and display) for the purchasing org of vendor.
  The authrorization object by SAP security team is 'M_LFM1_EKO' for standard access to vendors (via MK01, MK02 AND MK03).
  How can I use same authorization object to do check in my program for the user in ABAP so that if user is not authroized he will not be able to see details during output for those vendor.
  Regards,
  Tgshah.

  Hi ,
  Basically you need to call Authority-check using the pattern option and then pass the object name and field name .If the user has been assigned that object in his profile sy-subrc will succed otherwise fail .
  AUTHORITY-CHECK OBJECT 'M_LFM1_EKO'
           ID 'ACTVT' FIELD '1/2/3'
           ID 'EKORG' FIELD 'value of purchase organization'.
  IF sy-subrc eq 0 .
  WRITE :'authorization' .
  ELSE .
    WRITE 'no authorization' .
  ENDIF.
  The below lonk explains it more ...
  [http://help.sap.com/saphelp_40b/helpdata/fr/d4/e02c7dd435d1118b3f0060b03ca329/content.htm]
  Thank you .
  Anjaneya .

• MSS - Reports - Authorization object

  Hi
  I am working on configuring EP 7.0 ... In MSS , i have brought the reports from MDP..Its working fine when i give "SAP_ALL" profile, else i see only reports table with out any entries(Reports selection) ..when i check out Su53 for any missing Auth-object , it doesnt give any clue as it doesnt take this as authorization error.
  Any idea on what authorization object to be included in the backend role to get the reports page  displaying  all the entries/reports?
  Thanks in advance

  SU53 isn't all that useful for properly analysing authorisation checks.
  Try running an authorisation trace in transaction ST01 to see what's really happening in the backend ECC system.

• Limiting the Report Layout access other than Authorization Object S_ALV_LAYO

  Dear Experts,
  We have an issue of Layout Access limit to Users coz unwittingly these are being deleted.
  (Example: IW39 à after F8 à Settings à Layout.)
  The Authorization object S_ALV_LAYO which limits the access, has been defined in the multiple Roles, where every User been assigned with these Roles across Three Continents.
  Instead of hampering the existing Streamlined Roles, looking for other Options since if it may give odd behaviour after modifying the Roles then all the Users across the continents will be effected.
  It will be grateful if we get other options to limit the Layout access instead of controlling through Authorization Object.
  Thank you & Have a Great Day!

  Thank you Sebastian & Terence,
  The Global Roles has maintained with Authorization Object (S_LAYO_ALV) and these are been assigned to Every User coz all Users should access these reports.
  So now every User has maintained with the Authorization Object to access.
  Now we are trying to Control the Access to limited Users through without hampering the well maintained/streamlined  Roles, since if any adverse effects on the modified roles may impact to all the Users across the continents.
  Looking for other options.
  Thanks, I appreciate your time and efforts on this.

• How to get all authorization objects for a certain authorization profile

  Hi ABAP experts,
  I have the following problem: for a certain authorization profile of a role (created with transaction PFCG) I would like to get all contained authorization objects: e.g. for the contained object PLOG I would like to know/read all corresponding parameter values.
  So:
  - where are these values stored (dictionary table)?
  - is there already a FM or a report to read all authoriation values for a certain authorization profile?
  Thanks in advance.
  Best regards,
  Oliver

  Hi,
  check the following it might useful for you:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c
  if helpful reward points are appreciated

• Analysis Authorization Object not working

  Hi Gurus,
  I m working on BI 7.0, I have created an analysis authorization object zz_div for 0DIVISION characteristic.
  For a given report i want a given user to view only data for '32' and '33' 0DIVISION.
  I have followed the below steps but still the report shows all data instead of restricted one.
  1)RSECADMIN -> Maintenance ->zz_div ->Create
  2) Add 0DIVISION in Auth structure , and in details 
  I     EQ     32
  I     EQ     33
  3) Add 0TCAIPROV with I     EQ     0SD_C03
  4) Add 0TCAACTVT, 0TCAKYFNM, 0TCAVALID,  this having details as
  I     CP     *
  5) Then in User tab -> Assignment -> User -> Change-> Inserted ZZ_DIV-> Save
  6) In Query created a Authorization variable(with no input prompt) and restricted 0DIVISION.
  Following are the authorization object in that user's Role (Reporting Only)
  S_RFC 
  S_TCODE
  S_GUI
  S_BDS_D  
  S_BDS_DS 
  S_OC_SEND
  S_RS_AUTH - only having zz_div
  S_RS_COMP
  S_RS_COMP1
  S_RS_ICUBE
  S_RS_RSTT
  S_RS_TOOLS
  S_RS_PARAM
  I have surfed lots of thread for this issue but not getting a solution
  Tell me what i m missing in above or any additional setting need before creating analysis authorization
  Edited by: Sonal Patel on Apr 18, 2009 8:10 AM

  Hi
  Thanks a Ton for ur reply
  I have checked in SPRO : Analysis Authorization
  where the authorization mode is " OLD obsolete Concept With RSR  Authorization Objects "
  We have to do the same in Production system .Can u please how its going to effect to others authorizations if change it to New Concept
  Thanks
  Sonal....