Authorization object of a query

Similar Messages

• Can not read authorization object in execute Query

  hello:
     Now I create a authorization object ZSALR, include Activity,Sales Group,Sales Office.                     Activity = Display ,Execute;
  When Sales Group = S_N and Sale Office = S_SX. I execute Query restrict by Sales Group and Sale Office.
  Warning message"You do not have authorization to read to ZSALR"
  When Sales Group = * and Sale Office = *. I execute Query OK, and display all infomation. and explain "S_N" and "S_SX" can display in middle part in Query.
  Hope someone can tell me how to solve the error.
  Regards&Thanks!

  This occurs because , something in the class has changed . Every class has a serial id associated with . It is unique. even if a member var changes , this id will change .
  You are trying to deserialize a serialised object with a changed version of the class .
  You can see the serial id using "serialver" utility provided with jdk in bin directory

• Restricting infoobject in query designer with authorization object

  Hi,
  We have to restrict CUSTOMER infoobject with a authorization object in query designer.
  How to do this task ? Request kindly suggest.

  thr RSSECADMIN tcode. Search with this key word you will get good docs & Wikis in SDN
  bhaskar

• Query on  authorization object

  Hi,
          I need to create one authorization object which contain only one field as sy-uname.
  I carry out the following stapes:
  1. I went to SU21
  2. Create a class
  3. create a authorization object
  4. Add a field sy-uname in the field
  Now , my query is that,
  1. is it allowed to add sy-uname in there in the field or i have to put just 'uname' there. or what??
  2. Is there any other steps required after adding the field in the authorization object
  3. Do any one has some document on how these authorization object work execpt the F1 help on the 'AUTHORITY-CHECK' in the editor???

  Hi
  In general different users will be given different authorizations based on their role in the orgn.
  We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
  USe SUIM and SU21 T codes for this.
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
  You program the authorization check using the ABAP statement AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
  ID 'ACTVT' FIELD '02'
  ID 'CUSTTYPE' FIELD 'B'.
  IF SY-SUBRC <> 0.
  MESSAGE E...
  ENDIF.
  'S_TRVL_BKS' is a auth. object
  ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
  The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
  This Authorization concept is somewhat linked with BASIS people.
  As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a  profile and that profile in turn attached to a particular user.
  Take the help of the basis Guy and create and use.
  Reward points if useful
  Regards
  Anji

• Authorization Object for role creation for query display?

  Hi,
  Can Anybody here tell me what is the Authorization object that we use for role creation for query display?
  I want to assign a role to the newly designed query! that query does not have any role so far!
  Pls suggest me
  Thanks,
  Ravi

  Hi,
  I could make the authorization tab green by entering the authorization object!
  But user tab still remains red as it is not allowing me to enter my username in the user tab!
  in the user tab  i am unable to enter my user name?
  Any suggestions?
  Thanks,
  Ravi

• BEx Query RRI with authorization object

  Hi,
  I have two queries linked using RRI (Sender and Receiver).
  Queries have authorization object.
  Both queries work fine with authorized user if I use them separately.
  (Query Sender works fine with authorized user, Query Receiver works fine with authorized user)
  Using BEx in Excel:
  - when an authorized user jumps from the Sender to the Receiver, system tells him he doesn't have the authorizations, and Receiver query doesn't appear.
  Using Web: 
  - when an authorized user jumps from the Sender to the Receiver it works fine and user can see the results in the Receiver Query
  Could anyone help me?
  Thanks in advance
  Fede
  Edited by: Federico Carta on Jun 23, 2009 2:53 PM

  Hi Mohan,
  I checked the authorizations and S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are correctly set.
  The strange thing is that if user calls the Receiver query from the web (BI web server), it works fine. The problem is only if user executes them by BEx in Excel. If he uses Receiver query directly without using Sender query, it works fine!!!
  Best Regards
  Federico

• Querying roles containing specific Authorization Object

  Hello!
  We're using BI7 with new considerations about security. I want to get all roles that contains a specific Authorization Object, I've tried using TX SUIM, but had no success.
  Is there any report, transaction or something else where to find this info?
  I hope you can help!
  Regards!
  Bernardo

  Bernardo,
  If "new security model authorization objects" means analysis authorizations (SAP's official naming for objects mantained by RSECAUTH), those used in roles can be retrieved again using tcode SE16: just query AGR_1251 but this time providing S_RS_AUTH for field OBJECT. The result set shows roles that contain analysis authorizations. If you want only the roles which have specífic analysis authorization, just provide its name for field LOW. Be sure to fill in this field with all capital letters.
  On the other hand table RSECVAL keeps the values defined for analysis authorizations.
  Hope this helps.
  Regards,
  Fernando

• Put a Query in an Authorization Object

  Hi everyone
  Is there any way to set a query as an authorization object value?
  Best regards,
  Luis Elizondo

  Hi,
  This is not possible for finding out authorization value from a Table for an Authorization Oject. But in case of BI Analysis Authorization we have the option to pass the information of Authorization Value Dynamically from a Z-Table or an Hierarchy as a node of that Hierarchy. If you are looking for this in a BI system then you can of course dynamically pass a value from a Z-table through a Customer exit variable.
  Please note that even in BI analysis authorization also we don't have option to pass Query technical name and also conceptually this is not convincing and useful. BI query technical name can be maintained in the authorization objects S_RS_COMP and S_RS_COMP1 (please go through the text description of these two objects to understand the difference).
  Let us know for any query you have.
  Regards,
  Dipanjan

• Query on new Authorization Objects after Upgrade&SAP_NEW profile

  Dear Experts,
  We have upgraded our system from 4.5 to 7.0 version,  i  was checking what are the new authorization Objects  introduced after upgrade comparing older system ojects.  I got few objects which are new in upgraded system,
  But when i check SAP_NEW profile,   and in the latest profile SAP_NEW_7000 profile i can not see all those new Ojects which are new.
  generally SAP_NEW should contain all new objects which come after upgrade?  i can see those in SAP_ALL  but not in SAP_NEW
  is there any issue  in system?  how should I know and where should i check what are the new Objects come in upgrade,
  Please advise.
  Thanks#Regards,
  Vijay

  Hi Jurjen Heeck ,
  see my previous post
  I did 'nt get this.
  SAP_NEW is your friend here
  does the SAP_NEW profile contains all the new authorization Objects.
  Regards,
  Anthony

• Analysis Authorization Object not working

  Hi Gurus,
  I m working on BI 7.0, I have created an analysis authorization object zz_div for 0DIVISION characteristic.
  For a given report i want a given user to view only data for '32' and '33' 0DIVISION.
  I have followed the below steps but still the report shows all data instead of restricted one.
  1)RSECADMIN -> Maintenance ->zz_div ->Create
  2) Add 0DIVISION in Auth structure , and in details 
  I     EQ     32
  I     EQ     33
  3) Add 0TCAIPROV with I     EQ     0SD_C03
  4) Add 0TCAACTVT, 0TCAKYFNM, 0TCAVALID,  this having details as
  I     CP     *
  5) Then in User tab -> Assignment -> User -> Change-> Inserted ZZ_DIV-> Save
  6) In Query created a Authorization variable(with no input prompt) and restricted 0DIVISION.
  Following are the authorization object in that user's Role (Reporting Only)
  S_RFC 
  S_TCODE
  S_GUI
  S_BDS_D  
  S_BDS_DS 
  S_OC_SEND
  S_RS_AUTH - only having zz_div
  S_RS_COMP
  S_RS_COMP1
  S_RS_ICUBE
  S_RS_RSTT
  S_RS_TOOLS
  S_RS_PARAM
  I have surfed lots of thread for this issue but not getting a solution
  Tell me what i m missing in above or any additional setting need before creating analysis authorization
  Edited by: Sonal Patel on Apr 18, 2009 8:10 AM

  Hi
  Thanks a Ton for ur reply
  I have checked in SPRO : Analysis Authorization
  where the authorization mode is " OLD obsolete Concept With RSR  Authorization Objects "
  We have to do the same in Production system .Can u please how its going to effect to others authorizations if change it to New Concept
  Thanks
  Sonal....

• Authorization issue to execute query via analyzer

  Dear,
  We are experiencing an authorization issue that we can not solve...
  We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
  When we test in RESCEADMIN, everything is fine. We can execute the query.
  When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
  "There is no variable in the workbook, which allows user input"
  Does anybody have a direction to help us to orientate our investigation?
  Many thanks,
  Rodolphe

  Hello,
  What is the basic settings you have in the Query Properties basic setting tab
  Try making it mandatory
  Regards
  Nitin Bhatia

• Adding new authorization objects to transactions

  Hi experts,
  i would like to add new authorization objects to specific transactions, for example the object K_CCA for checking the cost element in the transaction KB15N.
  What do we have to maintain, except the transaction code with (SU22). What do we have to do with the program behind the transaction?
  Is it "just" adding two line of code into the auth object check in the program, similar or like described for client specific ABAP-programs???
  Any experiences on that?
  Regards
  Florian

  Hi,
  First add the objects in DSO then in Info Cube.
  Map the same with transformation.
  Move the objects to production then DSO.
  Load the DSO first. then delete the data from cube in production.
  Now move the modified cube and transformation to production.
  Now load the Cube from DSO.
  No need to change any thing in existing query.
  I hope this will help.
  Thanks,
  S

• Role creation and authorization objects in sap

  Hi
  i want to know the full relationship between  creation of roles , authorization objects ,authorizations in web as abap
  Please explain the process in detail the use of PFCG and all its options and how to create Z roles

  Although, It would be a very long document to explain the query, I have briefed you on the concept. I hope it leads you well.
  - Roles are nothing but a container for authorizations. A role represents a specific part of an employeeu2019s job.
  - The R/3 authorization concept permits the assignment of either general and/or finely detailed user authorizations. These assignments can reach down to transactions, field and field value level.
  For e.g. If a user wants to create a PO we can restrict him on:
  u2022     Activity : Create/Change/Display
  u2022     Org elements like Company Code, Plant, Purchase Organization etc
  u2022     Document type etc.
  - Authorization objects are grouped in an object class such as Materials Management: Master Data (MM_G). Each Object Class may have several authorization objects and within each object we can have several authorizations (max. up to 99).
  - Fields :The permissible values for the fields constitute the authorization. For e.g. ACTVT (Activity) is a field with permissible values of 01 (Create), 02 (Change) & (03 Display) for the object M_MATE_CHG (Material Master: Batches/Trading Units). Value * for field BEGRU signifies all possible values.
  - An authorization allows you to carry out an R/3 task based on a set of field values in an authorization object. By themselves authorizations do not exist and they only have a meaning inside a profile
  - Authorizations are contained within profiles and these profiles are assigned to users manually or automatically via role assignment. When you assign the field values for all the authorization objects and save system will auto generate a profile name.
  - Authorization check are included in the transactions source code in standard SAP R/3.A user may carry out an action if the authorization check is successful for each field in the object.
  Edited by: Subramaniam Iyer on Nov 27, 2008 12:08 PM

• Re: Regar Authorization objects

  Dear all,
  Pl. find my sol for my query which is shown in below
  My client want to give payslip authorization i.e PC00_M40_CEDT.  they have personnel areas are like East, West, North & South.
  and personnel subarea are Hyd, Bagnlr, Pune , Mumbai, Delhi, Goa...like that.  Here the thing is Hyd authorized person has to see only for his area employees payslip only and for rest of the areas he could not able to see...Like that for all sub area wise they want to restrict.
  can u please give clear answer to solve this issue....
  Regards
  Bachi

  Hi,
  Use P_ORGIN authorization object on PERSA (personnel area) authorization field.
  You can find list under below link.
  http://help.sap.com/saphelp_470/helpdata/en/5c/73ba3bd14a6a6ae10000000a114084/content.htm
  Thanks,
  Ameet

• Authorization issue for Jump query from Summary to Detail

  Hello Gurus,
  I am facing an interesting issue in Jump query authorization.
  I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
                   When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
                     Can anybody please suggest any innovative workaround for this issue.
  Gautam

  Hello Gurus,
  I am facing an interesting issue in Jump query authorization.
  I have a query on a summary cube which has Company code as a authorization relevant object .From this query I launch a query on detail cube.This details cube has company code and customer as authorization relevant objects.Customer is present in free characteristic for this query.Summary cube doesnt have the customer object at all.
                   When the user drillsdown on the Customer level in the details query he get the authorization error.After this if he just refreshes the query it works fine .
                     Can anybody please suggest any innovative workaround for this issue.
  Gautam