Authorization on Navigation Attribute

Similar Messages

• Authorization for navigational attribute

  Hi Gurus,
  I am facing an authorization issue with respect to infoobject hierarchy. I have created authorizations as below.
  There one infoobject 'A' and a navigational attribute 'B' in infoobject 'A'. This navigational atribure A_B is used in an infocube.  And hierarchy is uploaded to Infoobject 'B'. Now I want to give authorization for this hierarchy in infoobject 'B'.
  Now coming to authorization.
  1. I have made Infoobject 'B' as authorization relevant in Business explorer tab.
  2. Created authorization object say ABC in RSSM and inculded infoobject 'B' & 0TCTAUTHH (since I want to authorize the hierarchy and we are using 3.5 authorization concepts in BI 7.0).
  3. Activate this authorization object for the infocube.
  4. Included this authorization object in the role included for my user. In the field 'B' of authorization object I have given ' ' (space) and in the field 0TCTAUTHH I have given the technical name of the hierarchy.
  4. In 3.5 query designer I have put this navigational attribute A_B in the filter area and activated the hierarchy in the properties tab for the same hierarchy that I inculded in previous step.
  5. Created a variable with processing type authorization.
  Now when I run this report I get an error as no authorization for object ABC.
  Can someone help me if I have done anything wrong.
  Thanks,
  Sandeep

  Hi,
  In the infoobject A maintenance screen check the chekc box for field "AuthorizRelevant" for B to make it authorization relevant navigational attribute.
  Then go to RSECADMIN and ope your relevant authorization.
  In the menu bar just above the "Authorization Structure" you will find the button with icon of infoobject.
  Chick on this icon this will give you a screen to enter characteristic name of which attributes are to be added to authorization.
  Enter the infoobject A name here and click on continue.
  This will give you list of all authorization relevant navigational attributes present for A.
  Add B from this list to the authorization.
  Hope this helps.
  - Geetanjali

• Need help on Authorization on Navigational Attribute.

  Hi All,
  I am working on Authorizations.
  I am using the info Object "Material group" which is the Navigational Attribute of 0MATERIAL.
  In Reporting, I have created the Authorization Variable for Material group.
  And after this, i have created the Authorization Object in RSECADMIN and added the info Object "Material group" and harded coded the value as "1000". After this, i have created the Authorization Role in PFCG and added this authorization Object over there.And this role is assigned specific User.
  While Running the report on specific User, for Material group, filteration is not happening over there (Material group = 1000). It is showing all values for this user.
  Can you please help on this issue.
  Thanks,
  Shahina A

  Thanks for your reply. I was on leave for the past 2 days. I have checked as you suggested.
  In 0MATERIAL, 0MATL_GROUP is the attribute and i have made Authorization Relvent for this Attribute.
  And i activated the Info object 0MATERIAL.
  Then i have run the query in RSRT and found an error while running the Report.
  Can u pls help on this issue.
  Diagnosis
  The system determined the authorized characteristic values for the characteristic 0MATERIAL__0MATL_GROUP. It determined that you do not have the (analysis) authorization to view transaction data for any characteristic values or range.
  System Response
  If this situation occurs when a variable is being filled, the query cannot be executed.
  Procedure
  You must have authorization for at least one characteristic value for the characteristic 0MATERIAL__0MATL_GROUP.
  Create the appropriate analysis authorizations for the user.
  If you are only authorized for evaluations that aggregate using the characteristic 0MATERIAL__0MATL_GROUP (for ":" authorizations), use a query without this characteristic. If the characteristic is not used as a filter or in the drilldown, variables should not be used.
  Procedure for System Administration
  Notification Number EYE 018 
  Thanks,
  Shahina A

• Analysis Authorization on Navigational attribute

  Hi All,
  We are using RSECADMIN (BW 7.0), I want to know whether its possible to make a navigational attribute - ZPAYE_SA__0SALES_OFF - to authorization relevent. The object (ZPAYE_SA) with this is associated is not an authorization relevent.
  Even if I am able to make it authorization relevent is there any other setting changes to be done for it to work properly.
  Regards
  Deepesh

  Hi Deepesh
  First need to check Authorization relavent check box for navigational info object "ZPAYE_SA__0SALES_OFF"
  Tcode RSA1 --> Info Object --> Find "ZPAYE_SA" ---> Attributes tab ---> Detail/Naviogation Attibute --> Authorization Check box in front of "0SALES_OFF".
  Goto to RSCEADMIN
  Create a Authorization object and maintain this navigation attribute "ZPAYE_SA__0SALES_OFF"
  Pls let me know incase of further details
  Best Regards
  Rohit

• Reporting Authorization - InfoObject/Navigational Attributes

  We have a custom infoobject for Vendor to which access needs to be controlled. Certain users are not supposed to have access to a number of the navigational attributes on the object however we want these users to have access to all other navigational attributes (meaning we don't want these 'fields' to be visible but everything else). We have other reporting authorization objects that prevent access to the entire 'record' if the user is not authorized for a certain value (cost center, etc.).
  Thanks.

  Hi Joerg,
  navigational attributes are treated like characteristics. You can make them authorization relevant and restrict access, e.g. by granting ":", which allows to see overall results without details on this attribute.
  Regards, Klaus

• Authorization check on navigation attribute

  Is there anything special I need to do to make a navigational attribute authorization relevant for a cube.
  On 0sales_off I have checked it as authorization relevant, and this is assigned to 0cust_sales as a nav attribute.  I created an authorization object on 0sales_off.  I have turned on the nav attribute in the cube.  But when I go to turn on the check for the infoprovidor (RSSM), the authorization object is not displayed.

  Michael, Troy:
  Hi, I´ve already verified that the characteristic and the infocube have the navi attr marked, but now when I try to include it in an Authorization Object on RSSM transaction, the list of "Authorization relevant IObjects" doesn't show the nav attr that I'm trying to restrict (in this case the 0COSTCENTER__0BUS_AREA), seems that I can only authorize the 0COSTCENTER or 0BUS_AREA separately.
  What actions should I take in order to make this nav attr relevant for authorization so I could create different roles using the 0COSTCENTER__0BUS_AREA restricted by business areas..?
  Thanks in advance for your help.
  Miguel Campos

• Navigational Attribute Authorization

  Hello,
  We have a requirement to turn on the authorizatiorelevant flag for number of navigational attributes in a master data. 
  After turning on the flags we have created an analysis authorization object and included the navigational attributes with :.
  We were expecting the report to return with no data. 
  Security tracing did not show any authorizty check against the navigation attributes which were turned on as the athorizatiorelevant on the master data.
  The Master data is authorization relevant however the individual navigation attributes are not authorization relevant objects.
  Do I need to turn the authorization relevant flag for individual nav attributes on their own maintenance screen?

  Hi,
  Check whether this doc helps
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7052dee3-bce5-2d10-5299-cd5d00ebeb72?QuickLink=index&overridelayout=true
  The Authorization at the Navigational attribute will restict the data for that attribule at the report level.
  You can restrict that Nav Attr specific to  InfoProvider, Roles etc.
  Thanks & Regards,
  Vishnu

• WAD - Navigation Attribute authorization

  Hello Expert,
  I have created a WAD report containing analysis and two dropdown items.
  One filters a characteristics (profit centrum) and the other one filters navigation attribute of the same characteristics (resp. person of PC). Both the caracteristics and the attiribute are marked as authorization relevant.
  If I run the report under my account having profile SAP_ALL and analytical authorizaction 0VI_ALL the reports works as it should. But if I run it under a test account that has a role ZBI_BEX_ENDUSER that should contain all sufficient authorizations to run any report and analytical authorization 0BI_ALL then the report runs also OK,  just the dropdown with the navigation attribute (responsible person) is disabled (greyed out) with a text "no data". The other dropdown (PC) works fine.
  The navigation attribute is even included in the analysis and all the values are displayed there and I can even filter on it and then the filtered value is populated into the previously disabled dropdown list.
  Since I do not see any difference between the two users beside the authorisation I reckon that the issue must be somehow authorization related but I cannot find how.
  Can anyone help?
  Regards
  Jiri

  Hi Haran,
  You have to consider in ABAP code of user exit variable this:
  In a DSO you alreay have the user name and vaules, which he is allowed to see. Just go into this DSO and read the entries from DSO with user ID as selection criteria. Example:
  USERID     PLANT
  XY     1000
  XY     2000
  YZ     3000
  DSO name: ZOPLANT
  iKey fields in DSO: UserID & Plant
  Abap code would look like: select plant from /bic/azoplant00 where userID = sy-uname.
  I hope this helps.
  Aban

• Authorization Relevant BI Navigational Attribute

  Hello All,
     I have one quick question on auth relevant navigational attributes.
  Say I have characteristics A and B.  B is a nav attribute of A i.e. A__B and is marked auth relevant. 
  Does this means that A will also have to marked as auth relevant and be placed in the RSECADMIN profile along with A__B?
  Thanks

  >    I have one quick question
  I have one quick answer...
  > Total Questions:  6 (6 unresolved) 
  Read the forum rules!
  Thread locked and duplicate deleted.

• Navigation attributes authorization

  Hi,all
  In NW2004s new auth concept allows to create auth for nav attributes as for chars. But! We have situation when one char is used as nav attribute in several chars. I.e. Char A, used in B__A, C__A and D__A. Is that nesesary to create auth for every nav attr use, or maybe there is a setting not to use nav attrs separately.
  I'm afraid, it can be difficult to administer such situations.

  Hi Emerald,
  maybe an approach to resolve some irritations.
  Let consider your scenario, one char is used as nav attribute in several chars. i.e. Char A, used in B__A, C__A and D__A.
  If you want to protect the usage of the characteristic A as navigational attribute in the characteristics B, C or D, you have to set the flag 'Authorisation relevant' in the attribute section of the respective characteristics B, C or D (which means up to 3 flags and corresponding 3 authorisations).
  If you want to use the characteristic A in its on right in an InfoProvider, you have to set the flag 'Authorisation relevant' in the InfoObject maintenance of characteristic A.
  If I have stated something different in my previous replies, please neglect them.
    Cheers
      SAP NetWeaver BI Organisation

• Unable to view Navigational Attributes in ODS

  Dear All,
  We have enabled Material Group as Navigational Attribute in Material. Material has been included in ODS as Key Field. In ODS also Material Group is switched as Nav Attr. Now when I check in Reports I am getting # for all Material Groups. I checked in ListCube. Here also I am getting # values.
  I did master Data Activation and also did Attribute change run. Where as I am able to view values for Material Group in Material Master Data.
  Regards
  Ravi Y

  Hi Ravi,
  You could check if the X/Y table of material group are correct.
  Do RSRV  combination check on the info object material and material group. Run all the tests...espeially the consistency of X and Y tables..
  Also, you could probably check if this is some authorization issue... that you dont have authorization to view contents of material group...(may not be the case, but worth a check )...
  Sounds strange though, if all is ok and u still dont see material group. (and sometimes it cud be a refresh issue as lalit suggests....., if it has to get wierd )
  Hope it helps,
  Regards,
  Sunmit.

• Navigation attribute as selection criteria for automatic forecast model

  Hello Experts,
  I have a requirement like this.
  In Transaction /SAPAPO/MSDP_FCST2, I enter a planning area and click execute.
  Then I create a selection (using selection management button). But here I am not able to see the navigational attributes as a selection field.
  Could you please let me know how I could use this as a selection criteria?
  Can I use the method SEL_CHANGE of the BADI /SAPAPO/SDP_FCST5 for implementing this?
  Please suggest.
  Thanks,
  Suresh

  Hi Manimaran,
  Thanks for your reply!
  I hope you could have created a selection using the Create Activity and assign activity to a job. And during this part, for assigning the selection to the job, we could use the selection created in Interactive planning - Tcode /SAPAPO/SDP94.
  The problem is what if the planners are not given authorization for the creating the job or activity. And what if the planners do the model fitting for a product/location and he wants to exclude it from the selection.
  Thanks and Best Regards,
  Suresh

• Issue when using Navigation attributes for filtering in BEX

  Hello,
  We are encountering an issue when applying filter on Navigation attributes in BEx query built on top of a BW HANA Virtual Provider.
  The interface is as below :
  HANA Calculation View -> SAP BW 7.4 Virtual InfoCube -> Multiprovider -> BEx Query.
  We have directly mapped the base Infoobject from HANA View to BW Virtual Provider and using this in BEx query free characteristics. We also have used the navigational attribute of this Infoobject in our Report variable screen as well as an Auth relevant object.
  Eg if ZMATERIAL is the base infoobject and ZMATERIAL__ZXYZ navigational attribute is used in the report variable screen and as Authorization variable.
  This is causing the query to fail.
  The query also fails if I apply any filter values on any Navigational attribute with error message  :
  "Termination message sent ERROR DBMAN (305): Error reading the data of InfoProvider"
  Using the navigational attribute with authorization variable fails with below :
  "Termination message sent ERROR DBMAN (099): Invalid query;Failed to find attribute ZMATERIAL__ZXYZ [...]"
  Appreciate any inputs on this issue and how this can be fixed.
  Thanks,
  Tintu

  Hi Andrey,
  Thank you for your input.
  Based on the OSS note , it says to import BW7.4 SP7. We are already on BW7.4 SP7
  We get error "Termination message sent ERROR DBMAN (099): Invalid query;Failed to find attribute
  ZMATERIAL__ZXYZ"  whenever we try to apply filters on any of the navigational attribute.
  Thanks,
  Tintu

• BAdi /SAPAPO/SDP_SELECTOR to secure by Navigational Attribute

  Hello All - I am hoping you can help me.  I have been trying to find a way to secure updates to a shared planning book in DP by Sales-Org.  The Sales-Org in our environment is a "navigational attribute" and not a "characteristic".  I tried creating a custom object using RSSM to no avail.  I found some documentation that said you could use a user exit or BAdi method "SELECTION CHECK' (/SAPAPO/SDP_SELECTOR) to run additional authorization checks.  I need to know whether this method could be used to secure a Navigational Attribute?  If so, what information do I need to provide to the developer to implement this exit?

  Hi,
    As a SAP APO technical consultant we have implemented the BADI but am not sure if it meets your requirement:
    You can use the implementation as a reference for the method you are trying to implement:
  http://wiki.sdn.sap.com/wiki/display/SCM/ImplementingBADIin+APO
  cheers
  Aveek

• BW Navigation Attributes

  Hey, all,
  I'm just checking myself here -
  We have a BW 3.5 system. We have 0GL_ACCOUNT set as authorizationally relevant. We have a object (Z_GLACCT) created and set with various value ranges for the different GL account sets.
  The user reported an issue where she was able to run queries and workbooks without putting any GL account values in and it returned only the data for the GL accounts that she had authorization for. Now, if she runs them without inputting GL account values that she is authorized for, she gets an authorization error on Z_GLACCT. However, if she runs the queries with specific values for GL account that she is authorized for, the query/workbook runs fine.
  We have made no changes to the security roles or the roles assigned to the user.
  The only change that I can find is that one of our developers turned on the navigation attribute for 0GL_ACCOUNT. In the new 7x systems, there is a checkbox for making navigation attributes auth relevant but we do not have that in our BW 3.5 system.
  Am I off base here in thinking that the change to the navigation attribute is probably causing our issue?
  Thanks!

  Is GL Account marked neccessary input in the variable screen ? That will cause the user to get error if you try to run query without input
  My thought is "no". A user who has Z_GLACCT with a value of * can run the query with no input with no issues. It is only the user with specified values in Z_GLACCT who cannot run the query without inputting specific GL accounts that she has access to.
  Please use authorization variable in the query for GL_ACCOUNT
  We don't want this function working any differently than it was working previously so we don't want to add any levels of security. GL account is relevant but it should not require them to input on queries, it should pull data and then display only that which they have authority for.
  As a precaution please mention : in the field values for Z_GLACCT along with the value range you have assigned to the user
  I'm not sure what you are asking for here? We have told the user that if she enters the gl accounts she has access to, the query will run, however, we are in investigative mode. Obviously, a change was made that impacted the security functions. We need to know what it was.
  Cheers