Authorization object Z_PRPS_ANR missing

Similar Messages

• Authorization Object missing

  hi Guys,
  The Variable screen doesnot popup when i run teh query. We are upgrading from BW 3.5 to BI 7.0. Which authorization Object is missing?
  Regards

  Applied note : Note 918598 - Error in variable screen if authorization S_BDS_D is missing
  Note 923176 - Support situation authorization management BI70/NW2004s
  Hope it Helps
  Chetan
  @CP..

• Authorization object to display table field names in english text in SE17

  Hi,
  One of users have issues with the filed name getting displayed in technical format instead of english text while browsing table information in SE17. Normally we can set this in through Settings->User Parameters. But here for this user, user parameter option is greyed out and he doesn't have access to SE16.
  Is there any other way to change user specific parameters, instead of granting him accesss to SE16 or enabling user parameters in SE17?
  Thanks,
  Mano

  Hi,
  I made him run SU53 on SE17 transaction the log is showing that authorization check failed for S_ALV_LAYO with value 23.
  Actually i have access SE16 and for me also, user parameter option is greyed out in SE17. I ran SU53 on SE17 in my session i also got same log.
  One more observation is, the user's colleague also doesn't have access to SE16 and user parameter option is greyed out in SE17 but he can view the table field names in english. So we are wondering if some authorization object is missing here.
  We do not want user to make any changes through GUI.
  Thanks,
  Mano.

• PFCG authorization objects vs SU53 checks

  Hi all,
  I was thinking I have understood for a long time authorization checks. But no.
  So Here's my question.
  When I ahd a transaction in PFCG menu, PFCG gets the authorization objects to maintain automatically (from SU24 checks). OK.
  When testing the role in ECC : : error. SU53 qays that authorization objects are missing. How the tests are working regarding SU53 and PFCG ?
  i.e tcode_de = MDBT in PFCG, PFCG gets M_MTDI_ORG object to maintain => OK
  When testing my role, SU53 says that other objects is missing, i.e S_ADMI_FCD. I don't understand because this object is checked with 'NO' in ECC.
  Thx.
  Laurent

  Hi
  > When testing the role in ECC : : error. SU53 qays that authorization objects are missing. How the tests are working regarding SU53 and PFCG ?
  The auth checks performed are dependent on lots of things: system config, functional config, master data setup, use of the transaction.
  The config in SU24 can't cater for all of those options so SAP gives us the ability to make them more accurate for our particular situations.
  > i.e tcode_de = MDBT in PFCG, PFCG gets M_MTDI_ORG object to maintain => OK
  >
  > When testing my role, SU53 says that other objects is missing, i.e S_ADMI_FCD. I don't understand because this object is checked with 'NO' in ECC.
  You can't deactivate a check on an S_ or P_ auth object.  These auths are fundamental methods of protecting the SAP application (S_) and personal data (P_)
  As David says, the SU53 only shows the last auth failure and there is often lots of spurious stuff reported that isn't required to allow the transaction to process.  In this respect ST01 is more useful as it (usually) shows you all the auth checks being evaluated so you can more easily focus on the important ones.

• Missing authorizations for authorization object UIU_COMP

  I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
  The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP  i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?

  I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
  Regards.

• Authorizations in CRM 2007 - How to check missing authorization objects?

  Hi,
  In our project we are currently busy with the set up of authorizations.
  I did create the necessary PFCG and Business roles.
  For the PFCG roles, I did create all of them by copy of the standard SAP_CRM_UIU_FRAMEWORK so that the user can  access to the web layout.
  Now I need to give authorizations for other CRM objects, my question is: How can I see which objects are missing to displaying or creating activities in the new WEB Layout?
  In the old days we used the SU53 to check the authorization objects that were missing, how can we do it now in this new release? I tried it and didn't worked out.
  Thx
  Regards
  Hugo

  Hi,
  For report CRMD_UI_ROLE_PREPARE you have to input a business role - not a PFCG role. Are you doing that?
  Are you getting no results at all in ST01 or are all results just with return code 0?
  You have to remember to set a filter for your user in ST01 before activating the trace. Another thing to check is if you are using several application servers. I would imagine the trace has to be activated on the same application server as the Web UI. You can change the application sever in SM51.
  /Anders

• How to assign authorization objects to a cube

  Hello,
  My cube includes 0profit_ctr which is marked as authorization relevant. Still in RSSM my cube is not included in the list of infocubes for an authorization object (zprofit) linked to 0profit_ctr. I'm therefore not able to enable that authorization object for my cube. I have a few ODSs which are included in the list. Why is my cube missing? Is there something I must do to include it, or is it a bug?
  When checking the infocube for authorization objects in RSSM this list is empty as well. I don't see any option to add authorization objects in that list.
  I have read the following document:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b849e690-0201-0010-9b88-c00cca40736f
  I'm using BW 3.5.
  Regards,
  Christoffer

  Hi Christoffer,
  In RSSM  you will find a button  "Update Check Status ( Authorization Objects, Info providers) ". After this update you should find your cube in the list.
  Jaya

• Analysis Authorization Object not working

  Hi Gurus,
  I m working on BI 7.0, I have created an analysis authorization object zz_div for 0DIVISION characteristic.
  For a given report i want a given user to view only data for '32' and '33' 0DIVISION.
  I have followed the below steps but still the report shows all data instead of restricted one.
  1)RSECADMIN -> Maintenance ->zz_div ->Create
  2) Add 0DIVISION in Auth structure , and in details 
  I     EQ     32
  I     EQ     33
  3) Add 0TCAIPROV with I     EQ     0SD_C03
  4) Add 0TCAACTVT, 0TCAKYFNM, 0TCAVALID,  this having details as
  I     CP     *
  5) Then in User tab -> Assignment -> User -> Change-> Inserted ZZ_DIV-> Save
  6) In Query created a Authorization variable(with no input prompt) and restricted 0DIVISION.
  Following are the authorization object in that user's Role (Reporting Only)
  S_RFC 
  S_TCODE
  S_GUI
  S_BDS_D  
  S_BDS_DS 
  S_OC_SEND
  S_RS_AUTH - only having zz_div
  S_RS_COMP
  S_RS_COMP1
  S_RS_ICUBE
  S_RS_RSTT
  S_RS_TOOLS
  S_RS_PARAM
  I have surfed lots of thread for this issue but not getting a solution
  Tell me what i m missing in above or any additional setting need before creating analysis authorization
  Edited by: Sonal Patel on Apr 18, 2009 8:10 AM

  Hi
  Thanks a Ton for ur reply
  I have checked in SPRO : Analysis Authorization
  where the authorization mode is " OLD obsolete Concept With RSR  Authorization Objects "
  We have to do the same in Production system .Can u please how its going to effect to others authorizations if change it to New Concept
  Thanks
  Sonal....

• Authorization object for running a report in background

  Good day experts,
  I tried running a report in background, I choose immediately so that it doesn't have to be scheduled. But when I checked it in my own jobs, It remains at scheduled status. When I tried it on my admin account, It works and with status finished. It seems to be an authorization problem. What object could I be missing with my user account? I tried S_TCODE SMX and SP02 but still not working.
  Thanks in advance!

  Hi karshbax,
  What you're looking for is authorization object S_BTCH_JOB. You need authorization for field JOBACTION = RELE.
  In future use transaction SU53. It shows last error authorization error, so if this is authorization problem then after try of manual releasing of job you'll find in SU53 precise info what went wrong.
  Best Regards
  Marcin Cholewczuk

• About authorization object

  Hi basis guys........
  i am not able to give print request.its showing authorization error
  "no authorization for LOCAL PRINTER" and "output could not be issued"
  i checked su53 screen. and i assigned that activity in authorization object.
  even then its showing authorization problem.
  Is there any object to add to get printing ?
  and what is "s_gui" object ? is that works?
  Please tell me your suggestions
  Regards........nagendra.

  Hi
  Check whether for the user a printer is assigned or not. Only the printer which is assigned to the user in SU01 can be used by the user.
  What u can try is assign the Local Printer in default printer for that particular user.
  Also if you have assigned the authorization object that was missing then there should not be a problem.
  Regards
  Sumit Jain
  [reward with points if the answer is useful]

• Creation of Authorization Object

  Dear All,
  Can anyone of you guide me on how to create Authorization Object?
  My Knowledge on this concept:-
  1) Mark required object as Authorization Relevant
  2) Use of T-code RSSM
  3) Select marked Authorization Object
  4) Assign fields to it, for authorization.
  thats all i know.
  There are few more additional settings we need to do for it.
  Request you to provide with step by step procedure for the same.
  Thanks & Rgds,
  Anup

  hi
  To create an authorization object:
  1) Execute transaction SU21
  2) Double-click an Object Class to select a class that should contain
  your new auth object
  3) Click on CREATE (F5)
  4) (If creating custom field) - Click the 'Field Maintenance' button -->
  Click on CREATE (Shift+F1)
  5) Enter the Name for the New Authorization field and the corresponding
  Data Element and SAVE
  6) Confirm the Change Request data for the new Authorization Field
  7) Go back two screens (F3-->F3)
  8) Enter the Authorization field name and document the object:
  9) SAVE and ACTIVATE the documentation
  10) Save the new Authorization Object
  11) Confirm the change request data for the Authorization Object and
  EXIT SU21
  12) Finally, the SAP_ALL profile must be re-generated
  the following link will be helpful
  http://209.85.175.104/search?q=cache:BigTSV4_olEJ:www.gingle.com/glenaccess%255CsdnAuthorizationObjectsimple.docHowtocreatauthorisation+object&hl=en&ct=clnk&cd=10&gl=in
  http://aroundsap.blogspot.com/2008/02/sap-bw-70bi-70-new-authorization.html
  Use of T-code RSSM
  Through BIW Authorizations (TCode RSSM)
  Authorization check log. This gives information on
  missing authorizations for reading data.

• Authorization object not to allow certain user to enter sloc PO

  Dear All,
  i have manage to go su21 to create under mm purchasing authorization object called Y_BEST_LOC with Acty and LGORT field. other than that i have insert check item under program RM06ENHI. after that i go to su24 to assign the transaction code check for me21 and me22. under field value for me21, my new object i want to assign value (interval) = $LGORT, but don;t know how so i leave it blank.
  Come to user profile i adding this object into the authorization to check, and put in only allow for 0001 and 0002 location. But the user still can save the PO when choose 0004 without error. I want to know missing step that should be done to prevent certain user to order under 0004 storage location.
  Kindly suggest and guide me. thanks in advance
  Regards
  Aishah

  ME21/ME21N doesn't even check if the material is extended to the storage location entered in the PO. I don't think what you did is enough to restrict users per storage location, you need to find a user exit or BAdi and do the authorization check in the your custom code
  AUTHORITY-CHECK OBJECT 'Y_BEST_LOC'
           ID 'ACTVT' FIELD '01'  "Create
           ID 'LGORT' FIELD '0002'. "Storage Location 0002
  IF SY-SUBRC = 0.
  " User has authorization
  ELSE.
  message 'Not authorized for storage location' type E
  ENDIF.
  You may have to use the following Business Add-in (TCode SE18)
  ME_CHECK_ALL_ITEMS                    :  Run Through Items Again in the Event of Changes in EKKO

• Custom authorization object and check logic

  Hi gurus,
  we need to apply additional authorization check in our custom reports.
  so i created a custom fields & object, and put the statement
        AUTHORITY-CHECK OBJECT 'ZHR_APP01' FOR USER uname
                 ID 'ZROLEID' FIELD '03'
                 ID 'ZSOBID'  FIELD zzdwbm.
  in a abap class method centrally, so it could be called by many reports.
  but the test show that the sy-subrc always set to 0, even for users without any authorization.
  what i missed for adding custom auth check?
  for this case, do i need to maintain authorization check indicator in SU24?
  what i am confused is that , su24, you have to maintain a transaction , but our authorization check is not for transaction , but for reports and bsp application, how should i maintain su24 for that?
  thanks and best regards.
  Jun

  Hi,
  I have created a Custom Authorization Object for HR named Z_ORIGIN (it has Personnel Subarea field BTRTL besides what's there in Auth. Object P_ORIGIN) and made it Check/Maintain for transaction PA30 in SU24.
  I can see the entries in the USOBT_C & USOBX_C tables for this object, I am also able to add this object in the roles as well.
  Everything looks fine, but when I execute the transaction  the object Z_ORIGIN is never checked (for a user having this object in his/her User Master). Only P_ORIGIN object is checked instead.
  We've ran the report RPUACG00 also which is mentioned in this thread.
  We also coded the authority check code in the both user exit ZXPADU01 and ZXPADU02 for PA infotype operations
  I believe I'll have to write some ABAP code e.g. AUTHORITY-CHECK OBJECT 'ZP_ORGIN' etc. Can anybody tell which User Exit or Field Exit I'll have to put the AUTHORITY-CHECK code in, so that my new custom authorization object is alwayz checked
  but still it is taking the P_ORGIN object.

• 0Orgunit(hierarchy) and authorization object display getcell error in Webi

  Hello,
           We are facing with GetCellData error in WebI to SAP BEx Query.
           This works perfectly fine in Bex for a particular test user who has access to particular org unit value.
           But in Webi we are getting this Getcelldata error.
          Tried all the options and message as recommended in sdn group.
          mdxtest returns no value.
          looked at all below messages but no luck.
  GetCellData error in WebI to SAP BEx Query
  Re: SAP BO WebI Report on top of BI Bex Query with Authorization Variable
  in the rsecadmin, we get the same error like mentioned in below message
  Hierarchy Authorization doesn't work for MDX but works for BEx Query.
  Is any authorization required for this user to execute and view the authorized values in Webi?
  or we have to assign any authorization ?(0BI_ALL is not assigned).
  Please find below screenshots of BEx query auth log or Webi auth log (differences)
  Bex auth log:
  The Following Attributes Are Authorized and Thus Are Visible
  0BBPPURGRPX
  0BBPPURORGX
  0BBP_BUYID
  0BBP_ISCOMP
  0BUS_AREA
  0COMP_CODE
  0CO_MST_AR
  0CRMSALGRPX
  0CRMSALOFFX
  0CRMSALORGX
  0CRMSRVTGRP
  0CRM_SALGRP
  0CRM_SALOFF
  0CRM_SALORG
  0CRM_SRVORG
  0LEAVERS
  0LOGSYS
  0MAST_CCTR
  0PERS_AREA
  0PERS_SAREA
  0PLANT
  0PURCH_ORG
  0PUR_GROUP
  0SALESORG
  0SALES_GRP
  0SALES_OFF
  This above log is missing for mdxtest auth log.
  Is this the issue?
  Any quick reponse or help really appreciated.
  Regards,
  Ravi
  Edited by: Ravi Gadicherla on Feb 28, 2010 5:36 PM

  Hi,
      Here is the log of MDXtest:
  Buffering the Authorization Data  
    Buffering for InfoProvider 0PA_C01 and Users HRTEST93  
  InfoObject Properties Defined
  Reading of Directly Assigned Authorizations
  Direct Assignment Does Not Include Universal Authorization 0BI_ALL
  Reading the Indirect Assignments with Authorization Object S_RS_AUTH
  Does user have OBI_ALL?
  No, the User Does Not Have Universal Authorizion 0BI_ALL
  Negative Entry in SU53 Result of Failed Check for 0BI_ALL
  Indirect assignments found; no universal authorization
  Regards,
  Ravikanth

• F9K3 and authorization object in su24

  Hello,
  We want to add authorization object F_KNA1_BUK to new role for check in F9K3 transaction.
  The problem is it is not being checked. I tried to debug and stop on authority-check but it's not stopping on this object.
  But the object is showned in transaction SU24 - as CHECK / NO.
  So it should be checked during F9K3 transaction run, correct?
  Anyone knows what we're missing here ?
  Thank You in advance for help,
  Best regards,
  Artur

  Hi,
  What appears in SU24 is not a reliable indicator of what is actually checked.  It may be that F_KNA1_BUK is checked at some point depending on either how the tx is used or what menu options are used but I wouldn't bet my house on it.
  Cheers