Authorization object to view & create EWA

Hi Patrons,
I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
Kindly let me know which authorization object I should be using to achieve my requirement.
Thanks in Advance,
Vivek.

Hi Vivek,
Please check the security guide in below path for EWA roles
Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
Here you also find the 'Security Guide for Solution Manager'.
Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
Rg,
Karthik

Similar Messages

  • Authorization object to view Maintain Performance Documents on MSS

    Hi Experts,
    Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
    It gives following error :
    java.lang.NullPointerException
         at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
         at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
         at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
         at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
         at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
         at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
         at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
         at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
         at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
         at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Would appreciate kind guidance to resolve issue.
    Thanks in advance.
    Aashish

    I am closing this thread as opened at wrong place.
    Thanks,
    Aashish

  • Assign authorization objects to newly created transaction

    I have just created a new transaction YMM02 as a copy of MM02. When I create a role using PFCG and enter in the new transaction there are no authorization objects proposed. Do these come from the original transaction or can I assign them through a SAP transaction or via a table entry?
    Regards,
    Brian

    Hi Brian,
    that's transaction SU24.
    See also its documentation if needed : http://help.sap.com/saphelp_nw70/helpdata/en/52/671449439b11d1896f0000e8322d00/frameset.htm
    BR
    Sandra

  • Authorization Objects in BI 7

    Hi
    PFGC>Role>Authorizations (Tab)>Change Authorization Data>Manually Enter Authorization Objects.
    Where can I Create the required Authorization Objects and view the definition of existing Authorization Objects in BI 7
    Thanks

    Hi,
    The t-code to main the authorization Object in BI is rsecadmin.
    Here you can create the object according to your requirement.
    You can check the missing authorisation object by running the t-code
    su53.
    You can either add the auth object directly in su01 ,user master data
    or You can do the same in PFCG.
    Could you please explain your requirement in more detail.
    Thanks,
    Saveen Kumar

  • Creation of a user with a particular authorization object (Very Urgent)

    Hi,
    There is a requirement in my project to create a user who can only reset his password. So for this I think a authorization object should be created and assign it to a profile which displays only the tab for reseting the password which is( Logon in SU01). I want to know two things in this regard.
    1. The whole process of creating customised authorization object and assigning it to a profile and
    2. Any other way to achieve the needed scenario.
    Thanks & Regards,
    Sujith
    Edited by: Sujith K on Feb 4, 2008 1:26 PM

    In transaction pfcg ,
    give single/composite role name
    give profile name and description in authorization tab, save it
    enter into change authorization data
    select manually tab
    give authorization objects name (creating auth. objects)
    fields will automatically come inside it
    enter the field values
    save and generate profiles (Profiles created)
    go to su01,
    create users (fill address, logon data, roles )
    In pfcg,
    select the role you created and click on the user comparison for giving the authorization to access.
    award points if useful

  • Reg: Transporting Authorization Objects

    Hi,
    If a custom authorization object has been created, can someone please guide on it to be transported across landscape.
    Regards,

    Hi,
    Yes. create a workbench request and open it in change mode.
    Now you will have table with editable fields with 3 fields.
    1. In programID field enter R3TR
    2. In object type field enter SUSO
    3. In Object name field enter the respective Z authorization object.
    You also need to make sure that the respectie class is available in the target systems. if not, repeat the above procedure with object type as SUSC.
    Regards,
    Gowrinadh

  • Authorization object creation manual method

    hi gurus
    I have a requirement to create authorization objects for my project. The scenario is, we have a query which gives the profit center data on a weekly basis.the users for this report are the project management people. we have not created the project management hierarchy, but presently supposed to use a role as Project Management. We have a set of users for this Project Management role.
    Now based on this scenario i am supposed to create the authorization objects.
    can anybody suggest me the right step by step method for creating the authorization objects.
    I would like to have steps as what i need to do in RSD1, in PFCF, in RSSM and in the BEx.
    you answers will be rewarded accordingly
    thanks in advance
    regards
    vijaykumar

    hi!
    1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
    2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
    3) goto RSSM and create a new authorization object and add your infoobject to it.
    4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
    with regards
    ashwin

  • Assigning  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT authorization objects

    Hi all,
    I need to create new role with Authorization objects as below:
    S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB, ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT. I can assign some objects as S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB. But  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT objects, I can not assign it! Can you help me assign  ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT  objects for my new role?
    Please advise,
    Thanks
    Duypm

    Hi,
    Then I assume that the Auth. Objects ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT have not been created in your system.
    Normally the Authorization objects will be created by the ABAP team through the transaction SU21. Each authorization object must be assigned to an object class when it is created.
    You can also create authorization objects in the Object Navigator (SE80).
    please go thru this link .
    [http://help.sap.com/saphelp_nw70/helpdata/EN/52/6716a6439b11d1896f0000e8322d00/frameset.htm]
    Regards,

  • Authorization object creation for transaction MIGO

    Hi,
    We have created the auth object for acct asignment category with values as activity & acct assignment category.
    But when assigned to respective users, its still allowing to perform the transactions.
    Basically I am using this object for doing Goods Reciept tcode MIGO.
    As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
    Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
    Regards,
    Krutika

    hi!
    1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
    2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
    3) goto RSSM and create a new authorization object and add your infoobject to it.
    4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
    with regards
    ashwin

  • You do not have Authorization to read object 'xyz' Authorization Object

    Hi,
         I am getting the following warning message while executing the query "You do not have Authorization to read object 'xyz' Authorization Object".
         I created an Authorization object.Assigned it to the role and assigned the user to the role.
    Thanks

    Hi,
      I'm getting the same message, please if you find the origin of it, please let me know, If I find it, I'll let you know, ok?
       Thanks!!

  • Authorization Objects for GL, AP, and PCA

    Hi,
    What is the difference in:
    1. Authorization Objects
    2. Facility Objects
    3. Profit Center Objects
    Where can I find the above objects related to:
    1. GL
    2. AP
    3. PCA (Profit Center Accounting)
    Please give me the answer, I will assign points to you.
    Thanks in advance.

    Hi,
    1) Make the characterstics like Company code, Controlling Area, Proficenter ..etc as authorization relevent (RSA1)
    2) Create the Respective Authorization objects for each of the above Characterstics (RSSM).
    3) And assign the Cubes and ODS es to the Authorization Object RSSM
    4) Create and use the Authorization variables on the above characterstics in reports
    5) maitain the access for all users through the roles by including and maintaining the AOs (created in step 2)
    With rgds,
    Anil Kumar Sharma .P

  • Authorization objects for  transaction, one to view, and one to maintain

    Hi all,
    My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
    I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
    Please suggest how to create object where i can asign activity codes.
    regards
    manish

    The Authorization Concept
    R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
    Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
    Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
    Do check this link as well.
    http://articles.techrepublic.com.com/5100-10878_11-5110893.html

  • Error - No authorization for object while viewing transformations in BI 7.0

    Folks,
    In BI 7.0, In the Data flow diagram, when I had tried to click on the transformation sybmol, system is throwing an error message No authorization for object   (authorization object ) Message no. RS_EXCEPTION250
    Do I need to request for authorization to just view transformations or is this error something different ?
    Thanks

    Did  SU53 and below is theauthorization info. Does quality system usually not have access even to display/read transformations for func people ???
    Authorization check failed
      Object Class RS   Business Information Warehouse
        Authorization Obj. S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
          Authorization Field ACTVT Activity
                                                                                    03
          Authorization Field RSONDTPSRC Source
                                                                                    DTP_46UAQF4V7BE5JR0I3HKLLC6D2
          Authorization Field RSONDTPTGT Target
                                                                                    ZSD_DEL
          Authorization Field RSSTDTPSRC Subtype of the Source
          Authorization Field RSSTDTPTGT Subtype of the Target
          Authorization Field RSTLDTPSRC Type of Source
                                                                                    DTPA
          Authorization Field RSTLDTPTGT Type of Target
                                                                                    ODSO
      User's Authorization Data xxxx
      Object Class RS         Business Information Warehouse
        Authorization Object S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
          Authorizat. Z:GEFUNONC00 Data Warehousing Workbench - Data Transfer Process
            Profl. Z:GEFUNONC   Profile for role Z:GENAPO_FUNC_ONCALL
            Role Z:GENAPO_FUNC_ONCALL Generic APO Fucntional Oncall Role
            Authorization Field ACTVT Activity
                                                                                    03, 16, 23
            Authorization Field RSONDTPSRC Source
            Authorization Field RSONDTPTGT Target
            Authorization Field RSSTDTPSRC Subtype of the Source
                                                                                    ATTR, HIER, TEXT
            Authorization Field RSSTDTPTGT Subtype of the Target
                                                                                    ATTR, HIER, TEXT
            Authorization Field RSTLDTPSRC Type of Source
                                                                                    CUBE, IOBJ, ISET, ODSO, RSDS, TRCS
            Authorization Field RSTLDTPTGT Type of Target

  • Report to view user nm, authorization objects, activity, transaction code.

    Hi All,
    I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
    Is there any standard report to view all this at a glance?
    Can anybody help me on this?
    Thanks.

    u can try SUIM tcode
    its really helps u
    regards,
    Abhilash

  • Use the authorization object while creating RFC

    Hi All,
    I'm able to create a RFC, can login from one sap system to another sap system and use the  following FM.  Here my concern is how to make the RFC more secure, i mean any user can access the target system with my login. Meanwhile came across a authorization object text box in the LOGON and SECURE tab while creating RFC.
    so please put on light on how to authenticate the specific user to logon using the RFC.
    Thanks in Advance.
    Regards
    Lalitkumar.

    Hi Lalit,
    Usually for RFC connection will be done with the, user type   system user type (means,they should not be able to login to system thru GUI)
    2. Even if the user know the login id / password, he should  have auth to create RFC like (SM59 and related auth objects)
    and even for remote connection also we have different auth to restrict
    3. These type of authorization will be  given to basis guys only.
    4. Logon/Security 
                 Lang-En
                 Client-` client no
                 user-  user
                 Password - bw password.
    Here you will be specfying the  user id  ( system type)  / password for connecting from one system to another.
    and in next tab you can do Test connection.
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a08fbe33-0501-0010-2d9c-fb37e9795fd9
    Thanks,
    Sri

Maybe you are looking for