Authorization object to view Maintain Performance Documents on MSS

Similar Messages

• Error in "Maintain Performance Documents" Iview

  Hi,
  I have a Iview in MSS - "Maintain performance documents".
  When I open the Iview(Status Overview) through MSS it shows the documents link.But when I click on the links in Status Overview I am getting the following error.
  Portal runtime error.
  An exception occurred while processing your request. Send the exception ID to your portal administrator.
  Exception ID: 01:13_06/09/10_0031_8961850
  Refer to the log file for details about this exception.
  After checkign the portal log I can see teh error as follows
  com.sapportals.portal.prt.runtime.PortalRuntimeException: Exception in SAP Application Integrator occured: Unable to parse template '<System.Access.WAS.protocol>://<System.Access.WAS.hostname>/<CustomerNamespace><ESID>/bc/bsp/<Namespace>/<Application>/<PageId>?<UseNoCookie[IF_true]>sap-client=<System.client>&sap-language=<Request.Language>&<StylesheetIntegration[IF_true PROCESS_RECURSIVE]>sap-accessibility=<User.Accessibility[SAP_BOOL]>&sap-ep-version=<Portal.Version[url_ENCODE]>&sap_ep_version=<Portal.Version[url_ENCODE]>&sap_ep_baseurl=<Portal.BaseURL[url_ENCODE]>&<Authentication>&<DynamicParameter[PARAMETER_MAPPING PROCESS_RECURSIVE]>&<ForwardParameters[QUERYSTRING]>&<ApplicationParameter[PROCESS_RECURSIVE]>'; the problem occured at position 161. Cannot process expression <System.client> because Invalid System Attribute:
  System:    'SAP_LocalSystem',
  Attribute: 'client'.
  Which system attribute it is talking about? Not getting from where its showing SAP_Localsystem..I checked the system object used in Iview.It is working fine.
  There are no authorization errors also.
  When I chekced the iview being opened after clicking on link in "Status Overview",
  it is pointing to standard iview.How do I make it point to customized iview pointing to my client at R/3.
  Please suggest what might be the solution.
  Thanks and Regards,
  Sumangala
  Edited by: Sumangala Byali on Sep 6, 2010 10:04 AM

  Hi Suman ,
  Have you performed the connection tests for your system object ? Please share the results . Make sure that you are pointing to the correct client in your backend .
  I hope you are using system alias name in the property of the iview . To me it looks that there is something wrong with system object or may be an improper configuration .
  Regards
  Mayank

• Maintain Performance Documents

  Hello Everyone,
  The 'Maintain Performance Documents' iView appears, but nothing shows inside. I gave the users SAP_ALL and SAP_NEW and I believe all the required permissions on the portal content are set.
  What can be causing this?
  Regards,
  Motaz

  Hi,
  There may two type of error. One from Portal Content and 2nd from backend content. Please check whether everything is fine from portal end. IF it is fine then check the backend role. At the time of execution of the activity please on the transaction ST01 in backend this will help you to check the authorization in backend. After finishing the activity execute transaction SU53 in backend.Check whether any error thre or not.
  If everything is fine then you can ask some ABAPer to debugg the code.
  Hope this will help you.
  Thanks & Regards,
  Sandip Biswas.

• Error in Maintain Performance Documents under Team in MSS

  Getting below error when i click Maintain Performance Documents under Team in MSS
  java.lang.NullPointerException
       at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
       at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
       at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
       at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:187)
       at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
       at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
       at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
       at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:756)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:291)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
       at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
       at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
       at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
       at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
       at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
       at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
       at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
       at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
       at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
       at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:756)
       at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:291)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
       at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
       at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
       at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
       at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
       at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Regards
  Karthi D

  Hi Karthi,
  Did u check below thread?
  check the notes mentioned in that and suggested steps as it applies to your issue also
  Re: MSS - Maintain Performance Document iView
  Koti Reddy

• MSS - Team - Performance Management - Maintain Performance Documents

  Hi,
  When I click on the Maintain Performance Documents the page opens and shows only one iView - 'Status Overview'.  As I understand it, this page is supposed to have two iViews on it, but the other iView 'Performance Management Document' is missing.  So I can see my list of employees, but when I click on them, nothing happens.  Anyone else run into this problem?

  Hello Kenneth,
  As sujan said is right, When you click on Maintain performance Document it opens Status Overview Iview
  its display list of employees , initial if you have no appraisal its display blank cell  In preparation colume,
  if you have  appraisal it display Performance Maintain Document iView(BSP) is App - HAP_DOCUMENT with all list of option for approval.
  You can also create appraisal in Create Appraisal Document in ESS.
  Please points if helpful.
  Please close thread if problem solved
  Thankyou
  Regards
  Vijai

• MSS: Maintain Performance Documents

  I am trying to implement MSS for ERP.  When I click on 'Team->Maintain Performance Documents' the 'Status Overview' window opens.  But when I click on the hyperlink under 'In preparation' so I can create a new appraisal, nothing happens.  Anyone know why the hyperlink is not working?

  Hi Kenneth,
  Have you checked the Data provider under OADP in SPRO to see what service key is the 'In Planning' column mapped to. I suggest check the behavior of the service key if it has been modified.
  Hope it helps,
  Prathamesh

• Status overview iView not refreshed for performance documents on MSS

  Hi Experts,
  We are using the standard portal business package for Manager Self Service. However, recently, we found out that one iView was working before suddenly stopped working. This is the Status Overview iView for Maintain Performance Documents. When searching for the performance appraisal documents for a group of direct report employees, the status overviewtable is not refreshed. Although we do have the appraisal documents in
  R/3, the iView shows 0 results.
  we use MSS 600 SP 8 BP
  Please help.
  Thanks.

  Hi
  Can anyone please provide an input on this.
  Regards
  Sasha.

• MSS - Team - Maintain Performance Document

  Hello
  In Manager self service -> Team -> Maintain performcance document ,in Show option drop down can we change the hirerarchy of the options getting displayed.
  for example we are having two templates X & Y and by default we are getting X can we change that to Y.Please suggest how to do this.
  Regards
  Vishnu Priya
  Edited by: priyav on Aug 25, 2010 10:39 AM

  yes you can change the ordering of the templates
  ie
  You have made all necessary settings in Customizing for the Performance Management (Objective Setting and Appraisals) application component.
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/2e/5a5d45d9f24fbdb06be2ff53651c3e/frameset.htm

• Authorization object to view & create EWA

  Hi Patrons,
  I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
  I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
  Kindly let me know which authorization object I should be using to achieve my requirement.
  Thanks in Advance,
  Vivek.

  Hi Vivek,
  Please check the security guide in below path for EWA roles
  Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
  Here you also find the 'Security Guide for Solution Manager'.
  Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
  Rg,
  Karthik

• Performance Document Status Overview

  We have implemented ESS/MSS on EP7.0 on ECC6.0 and for MSS --> Maintain Performance Documents, we have used a custom BSP Application. Eveything is working fine except the 'status overview' doesn't show status info under correct column for old appraisals. But it shows relevant appraisal status under correct column if we choose 2008 appraisal. By default the portal shows 2006 Performance Appraisal in the drop down but dates are showing 01/01/2010 to 31/12/2010. We've changed the date from 01/01/2006 to 31/12/2006 but still employees appraisal status are not showing under correct column. All 2006 appraisal has "Close Approved" but for all them its showing under "In Preparation" column. But when we select 2008 Performance Appraisal, they work fine.
  Any ideas how to fix that? We first thought we need to upgrade to higher SP level and we applied SP12. But still the status for 2006 or any other old appraisal is not pulling right.
  Can anyone help?
  Thank you,

  """    On the portal "Status Overview" I-View for MSS --> Maintain Performance Documents, there is a property for employee evaluation period which needs to be set to "Yes".   ""
  how to change this property?
  under content admin????
  Thanks in advance.

• Authorization Objects in BI 7

  Hi
  PFGC>Role>Authorizations (Tab)>Change Authorization Data>Manually Enter Authorization Objects.
  Where can I Create the required Authorization Objects and view the definition of existing Authorization Objects in BI 7
  Thanks

  Hi,
  The t-code to main the authorization Object in BI is rsecadmin.
  Here you can create the object according to your requirement.
  You can check the missing authorisation object by running the t-code
  su53.
  You can either add the auth object directly in su01 ,user master data
  or You can do the same in PFCG.
  Could you please explain your requirement in more detail.
  Thanks,
  Saveen Kumar

• Is S_RFCACL a critical Authorization Object ?

  Hi All,
  As we know that S_RFCACL (Authorization Check for RFC User (e.g. Trusted System)) is required for having access to the trusted systems.
  In most of our roles for this authorization Object we have maintained the * value for the following fields:-
  RFC_SYSID
  RFC_TCODE
  This has been made as an observation by the auditors as having this critical access with the users.
  But my question is how can it be the critical access when the user should have id's in both the systems(trusted and trusting) to login to the called system.
  Also even if the user logs into the called system he will only be able to execute the list activities/t-codes that he is authorized to in that system, it will override the * value maintained in RFC_TCODE.
  What possibly could be the risk from this authorization object ?
  Regards,
  Parichay

  Parichay Jain wrote:
  In most of our roles for this authorization Object we have maintained the * value for the following fields:-
  RFC_SYSID
  RFC_TCODE
  This has been made as an observation by the auditors as having this critical access with the users.
  The object itself is certainly critical, but as you stated the trust itself has to have been setup at the system level for the authorization to be going anywhere.
  These two fields are in all honesty only irritating and you can successfully defend putting a * into them.
  RFC_SYSID values for a role means you unit test a role in DEV, integration test in in QAS and then use it live in PROD. Additionally the field RFC_INFO is actually the installation number and you can be fairly sure that will be the same in the landscape. So only adding the pairs of production system IDs means you cannot test the same roles, which is a bit silly.
  RFC_TCODE is even sillier. The generic RFCs for starting transactions (eg. ABAP4_CALL_TRANSACTION) check the transaction code themselves again and that is then user specific roles relating to their job functions. Restricting S_RFCACL additionally in a system role (eg. common role for all users) means that you must double-discriminate against all possible transactions which can be called via RFC and list them all there and maintain the list. But the check happens later again and the application authorizations in the transaction are generally checked as well. Waste of time.
  @ Alex: The RFC_EQUSER = Y field only means that if the calling and called user ID names are the same, then the field RFC_USER is not checked and therefore does not have to be maintained. But it is often misunderstood and the field RFC_USER gets a * value as well (which is where the real music is..) and the EQUSER setting has no further affect. Technically, it actually weakens the authority-check on the user field - which is correct because otherwise you have to maintain it and end up with personalized roles, which is most silly of all.
  So you can quite safely tell you auditor that Julius agrees with you and they are barking up the wrong tree..  :-)
  Cheers,
  Julius

• Authorization objects for  transaction, one to view, and one to maintain

  Hi all,
  My requrement is to create two authorization objects for  transaction, one to view, and one to maintain.
  I know how to create objetcs vai sm21, but i donot know how to crate objects with activity codes.
  Please suggest how to create object where i can asign activity codes.
  regards
  manish

  The Authorization Concept
  R/3 uses authorization objects to assign authorizations to users. An authorization object is a template for an authorization. For example, authorization object F_SKA1_BUK - G/L Account: Authorization for company codes requires the specification of two field values: Company Code and Activity. To allow a General Ledger supervisor to create a general ledger master record, he/she must be assigned an authorization to create (Activity 1) accounts for a specific company code (eg. Company Code 2000). Such an authorization is created using the object F_SKA1_BUK by assigning these field values and naming the authorization following an appropriate convention (eg. Z_SCC20001).
  Authorizations may be classified as general authorizations, organizational authorizations or functional authorizations. General authorizations specify the functions a user may perform. Authorization object F_SKA1_BUK has been assigned to the function for creating general ledger master records. The system checks for the useru2019s authorization to create general ledger accounts (Activity 1) in at least one company code. The system then checks whether the user is permitted to create accounts for the specified organizational unit (company code) and has the required functional authorizations. Authorizations in this case may restrict the user to certain Charts of Accounts. In addition, an authorization group may be defined in certain authorization objects to protect individual master records.
  Profiles relating to an organizational role (eg. General Ledger Supervisor) are defined consisting of a list of authorizations and other profiles. Such profiles are then assigned to users with that role and stored in their user master record along with other data (eg. password).
  Do check this link as well.
  http://articles.techrepublic.com.com/5100-10878_11-5110893.html

• Authorization Object for 'Save As Completed' in Parking Document

  Hi,
  Is there any authorization object for 'Save As Completed' in Parking document. The user who is 'Parking' should not have the 'Save As Completed' enabled. It should be disabled. Because we are using that in the workflow. Similarly, the user who performs Save As Completed should not have 'Park' option.
  Regards,
  JMB

  Hi,
  I would like the park and post transactions to be used by different users in my company.
  would you be able to give the authorisation objects where the ristrictions have been placed.
  Regards,

• Error - No authorization for object while viewing transformations in BI 7.0

  Folks,
  In BI 7.0, In the Data flow diagram, when I had tried to click on the transformation sybmol, system is throwing an error message No authorization for object   (authorization object ) Message no. RS_EXCEPTION250
  Do I need to request for authorization to just view transformations or is this error something different ?
  Thanks

  Did  SU53 and below is theauthorization info. Does quality system usually not have access even to display/read transformations for func people ???
  Authorization check failed
    Object Class RS   Business Information Warehouse
      Authorization Obj. S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
        Authorization Field ACTVT Activity
                                                                                  03
        Authorization Field RSONDTPSRC Source
                                                                                  DTP_46UAQF4V7BE5JR0I3HKLLC6D2
        Authorization Field RSONDTPTGT Target
                                                                                  ZSD_DEL
        Authorization Field RSSTDTPSRC Subtype of the Source
        Authorization Field RSSTDTPTGT Subtype of the Target
        Authorization Field RSTLDTPSRC Type of Source
                                                                                  DTPA
        Authorization Field RSTLDTPTGT Type of Target
                                                                                  ODSO
    User's Authorization Data xxxx
    Object Class RS         Business Information Warehouse
      Authorization Object S_RS_DTP   Data Warehousing Workbench - Data Transfer Process
        Authorizat. Z:GEFUNONC00 Data Warehousing Workbench - Data Transfer Process
          Profl. Z:GEFUNONC   Profile for role Z:GENAPO_FUNC_ONCALL
          Role Z:GENAPO_FUNC_ONCALL Generic APO Fucntional Oncall Role
          Authorization Field ACTVT Activity
                                                                                  03, 16, 23
          Authorization Field RSONDTPSRC Source
          Authorization Field RSONDTPTGT Target
          Authorization Field RSSTDTPSRC Subtype of the Source
                                                                                  ATTR, HIER, TEXT
          Authorization Field RSSTDTPTGT Subtype of the Target
                                                                                  ATTR, HIER, TEXT
          Authorization Field RSTLDTPSRC Type of Source
                                                                                  CUBE, IOBJ, ISET, ODSO, RSDS, TRCS
          Authorization Field RSTLDTPTGT Type of Target