Authorization object to view & create EWA
Hi Patrons,
I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
Kindly let me know which authorization object I should be using to achieve my requirement.
Thanks in Advance,
Vivek.
Hi Vivek,
Please check the security guide in below path for EWA roles
Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
Here you also find the 'Security Guide for Solution Manager'.
Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
Rg,
Karthik
Similar Messages
-
Authorization object to view Maintain Performance Documents on MSS
Hi Experts,
Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
It gives following error :
java.lang.NullPointerException
at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Would appreciate kind guidance to resolve issue.
Thanks in advance.
AashishI am closing this thread as opened at wrong place.
Thanks,
Aashish -
Assign authorization objects to newly created transaction
I have just created a new transaction YMM02 as a copy of MM02. When I create a role using PFCG and enter in the new transaction there are no authorization objects proposed. Do these come from the original transaction or can I assign them through a SAP transaction or via a table entry?
Regards,
BrianHi Brian,
that's transaction SU24.
See also its documentation if needed : http://help.sap.com/saphelp_nw70/helpdata/en/52/671449439b11d1896f0000e8322d00/frameset.htm
BR
Sandra -
Hi
PFGC>Role>Authorizations (Tab)>Change Authorization Data>Manually Enter Authorization Objects.
Where can I Create the required Authorization Objects and view the definition of existing Authorization Objects in BI 7
ThanksHi,
The t-code to main the authorization Object in BI is rsecadmin.
Here you can create the object according to your requirement.
You can check the missing authorisation object by running the t-code
su53.
You can either add the auth object directly in su01 ,user master data
or You can do the same in PFCG.
Could you please explain your requirement in more detail.
Thanks,
Saveen Kumar -
Creation of a user with a particular authorization object (Very Urgent)
Hi,
There is a requirement in my project to create a user who can only reset his password. So for this I think a authorization object should be created and assign it to a profile which displays only the tab for reseting the password which is( Logon in SU01). I want to know two things in this regard.
1. The whole process of creating customised authorization object and assigning it to a profile and
2. Any other way to achieve the needed scenario.
Thanks & Regards,
Sujith
Edited by: Sujith K on Feb 4, 2008 1:26 PMIn transaction pfcg ,
give single/composite role name
give profile name and description in authorization tab, save it
enter into change authorization data
select manually tab
give authorization objects name (creating auth. objects)
fields will automatically come inside it
enter the field values
save and generate profiles (Profiles created)
go to su01,
create users (fill address, logon data, roles )
In pfcg,
select the role you created and click on the user comparison for giving the authorization to access.
award points if useful -
Reg: Transporting Authorization Objects
Hi,
If a custom authorization object has been created, can someone please guide on it to be transported across landscape.
Regards,Hi,
Yes. create a workbench request and open it in change mode.
Now you will have table with editable fields with 3 fields.
1. In programID field enter R3TR
2. In object type field enter SUSO
3. In Object name field enter the respective Z authorization object.
You also need to make sure that the respectie class is available in the target systems. if not, repeat the above procedure with object type as SUSC.
Regards,
Gowrinadh -
Authorization object creation manual method
hi gurus
I have a requirement to create authorization objects for my project. The scenario is, we have a query which gives the profit center data on a weekly basis.the users for this report are the project management people. we have not created the project management hierarchy, but presently supposed to use a role as Project Management. We have a set of users for this Project Management role.
Now based on this scenario i am supposed to create the authorization objects.
can anybody suggest me the right step by step method for creating the authorization objects.
I would like to have steps as what i need to do in RSD1, in PFCF, in RSSM and in the BEx.
you answers will be rewarded accordingly
thanks in advance
regards
vijaykumarhi!
1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
3) goto RSSM and create a new authorization object and add your infoobject to it.
4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
with regards
ashwin -
Assigning ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT authorization objects
Hi all,
I need to create new role with Authorization objects as below:
S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB, ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT. I can assign some objects as S_RFC, S_TCODE, S_TABU_CLI, S_TABU_DIS, S_BTCH_JOB, S_RS_ADMWB. But ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT objects, I can not assign it! Can you help me assign ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT objects for my new role?
Please advise,
Thanks
DuypmHi,
Then I assume that the Auth. Objects ZCNTADMCES, ZCNTADMJOB , ZCNTADMRPT have not been created in your system.
Normally the Authorization objects will be created by the ABAP team through the transaction SU21. Each authorization object must be assigned to an object class when it is created.
You can also create authorization objects in the Object Navigator (SE80).
please go thru this link .
[http://help.sap.com/saphelp_nw70/helpdata/EN/52/6716a6439b11d1896f0000e8322d00/frameset.htm]
Regards, -
Authorization object creation for transaction MIGO
Hi,
We have created the auth object for acct asignment category with values as activity & acct assignment category.
But when assigned to respective users, its still allowing to perform the transactions.
Basically I am using this object for doing Goods Reciept tcode MIGO.
As in if auth object carries value 'K' in this object i.e. for cost center then other user with value 'P' i.e. project wont be allowed to perform the MIGO for POs with 'K'.
Kindly tell me the specifications for the auth object, so that it will restrict users from performing the MIGO.
Regards,
Krutikahi!
1) identify the infoobject which must have restricted access. I think it is Profit Center in your case or may be PSP element
2) in infoobject maintainance screen check Whether it is marked as Authorization relevant(RSD1)
3) goto RSSM and create a new authorization object and add your infoobject to it.
4) in PFCG role maintainance screen add create a new role Project Management and addt eh users to it. under the authorizations tab go to maintaina authorizatioons and add your authorization object that you create in RSSM. and maintain the correct values with in it.
with regards
ashwin -
You do not have Authorization to read object 'xyz' Authorization Object
Hi,
I am getting the following warning message while executing the query "You do not have Authorization to read object 'xyz' Authorization Object".
I created an Authorization object.Assigned it to the role and assigned the user to the role.
ThanksHi,
I'm getting the same message, please if you find the origin of it, please let me know, If I find it, I'll let you know, ok?
Thanks!! -
Authorization Objects for GL, AP, and PCA
Hi,
What is the difference in:
1. Authorization Objects
2. Facility Objects
3. Profit Center Objects
Where can I find the above objects related to:
1. GL
2. AP
3. PCA (Profit Center Accounting)
Please give me the answer, I will assign points to you.
Thanks in advance.Hi,
1) Make the characterstics like Company code, Controlling Area, Proficenter ..etc as authorization relevent (RSA1)
2) Create the Respective Authorization objects for each of the above Characterstics (RSSM).
3) And assign the Cubes and ODS es to the Authorization Object RSSM
4) Create and use the Authorization variables on the above characterstics in reports
5) maitain the access for all users through the roles by including and maintaining the AOs (created in step 2)
With rgds,
Anil Kumar Sharma .P -
Authorization objects for transaction, one to view, and one to maintain
Hi all,
My requrement is to create two authorization objects for transaction, one to view, and one to maintain.
I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
Please suggest how to create object where i can asign activity codes.
regards
manishThe Authorization Concept
R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
Do check this link as well.
http://articles.techrepublic.com.com/5100-10878_11-5110893.html -
Error - No authorization for object while viewing transformations in BI 7.0
Folks,
In BI 7.0, In the Data flow diagram, when I had tried to click on the transformation sybmol, system is throwing an error message No authorization for object (authorization object ) Message no. RS_EXCEPTION250
Do I need to request for authorization to just view transformations or is this error something different ?
ThanksDid SU53 and below is theauthorization info. Does quality system usually not have access even to display/read transformations for func people ???
Authorization check failed
Object Class RS Business Information Warehouse
Authorization Obj. S_RS_DTP Data Warehousing Workbench - Data Transfer Process
Authorization Field ACTVT Activity
03
Authorization Field RSONDTPSRC Source
DTP_46UAQF4V7BE5JR0I3HKLLC6D2
Authorization Field RSONDTPTGT Target
ZSD_DEL
Authorization Field RSSTDTPSRC Subtype of the Source
Authorization Field RSSTDTPTGT Subtype of the Target
Authorization Field RSTLDTPSRC Type of Source
DTPA
Authorization Field RSTLDTPTGT Type of Target
ODSO
User's Authorization Data xxxx
Object Class RS Business Information Warehouse
Authorization Object S_RS_DTP Data Warehousing Workbench - Data Transfer Process
Authorizat. Z:GEFUNONC00 Data Warehousing Workbench - Data Transfer Process
Profl. Z:GEFUNONC Profile for role Z:GENAPO_FUNC_ONCALL
Role Z:GENAPO_FUNC_ONCALL Generic APO Fucntional Oncall Role
Authorization Field ACTVT Activity
03, 16, 23
Authorization Field RSONDTPSRC Source
Authorization Field RSONDTPTGT Target
Authorization Field RSSTDTPSRC Subtype of the Source
ATTR, HIER, TEXT
Authorization Field RSSTDTPTGT Subtype of the Target
ATTR, HIER, TEXT
Authorization Field RSTLDTPSRC Type of Source
CUBE, IOBJ, ISET, ODSO, RSDS, TRCS
Authorization Field RSTLDTPTGT Type of Target -
Report to view user nm, authorization objects, activity, transaction code.
Hi All,
I want to view a user-wise report that displays the transaction code, authorization objects and activities for which the user has authorization.
Is there any standard report to view all this at a glance?
Can anybody help me on this?
Thanks.u can try SUIM tcode
its really helps u
regards,
Abhilash -
Use the authorization object while creating RFC
Hi All,
I'm able to create a RFC, can login from one sap system to another sap system and use the following FM. Here my concern is how to make the RFC more secure, i mean any user can access the target system with my login. Meanwhile came across a authorization object text box in the LOGON and SECURE tab while creating RFC.
so please put on light on how to authenticate the specific user to logon using the RFC.
Thanks in Advance.
Regards
Lalitkumar.Hi Lalit,
Usually for RFC connection will be done with the, user type system user type (means,they should not be able to login to system thru GUI)
2. Even if the user know the login id / password, he should have auth to create RFC like (SM59 and related auth objects)
and even for remote connection also we have different auth to restrict
3. These type of authorization will be given to basis guys only.
4. Logon/Security
Lang-En
Client-` client no
user- user
Password - bw password.
Here you will be specfying the user id ( system type) / password for connecting from one system to another.
and in next tab you can do Test connection.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a08fbe33-0501-0010-2d9c-fb37e9795fd9
Thanks,
Sri
Maybe you are looking for
-
I have an ipad mini 2 with ios 8 and and iphone 5s with ios8 I am setting up the ipad for my child and the Ask to Buy feature is on in family sharing. I am trying to download apps from the app store and it pops up the notification that I need to Ask
-
Why can't I see the video icon in phone booth now that I upgraded to lion
I upgraded my mac to Lion and can no longer make videos in phonebooth only the camera icon is available.
-
After using the cable to charge my iPad I can't sync my iPod touch
I just got the iPad 2 and I have been using my old USB cable to charge it on my laptop and on the adapter it came with. Now when I use the USB cable to connect my iPod touch to my laptop to sync, it doesn't show up in the devices column. I don't know
-
Want to generate current loop from LabVIEW
Hi, I want to develop 6 current loop (2ma-24ma) inputs to my machine from labview. Could you please help me which cDAQ I should and should be the correct approach. Thanks Prashant
-
Date format in Prodceure.
Date format in Procedure. create or replace PROCEDURE library_portal_home (ldt portal_home_login_log.logdatetime%type CTY portal_home_login_log.category%TYPE, brh portal_home_login_log.branch%TYPE, usg portal_home_login_log.user_group%TYPE, COT porta