Authorization Relevant Info Objects

Similar Messages

• Authorization for info object

  hi friends,
  i have doubt in authorization. i created authorization object in rrsm, i created roles in pfcg and i need to enter my info object for this authorization, but i am unable to fing my info object in pfcg . how can i get this one. and when i want save my report in roles, can i create roles  first and save that report in that role. ple give me clarification
  Thanking u
  suneel.

  so,
  i went pfcg , i created some role, some name like zrole, but i didnt find that role name when i was saving my querry  in rrmx screen.
  in pfcg i need create just role name or can i do any other thing.
  today i was trying to create authorization for my one info object, i am not getting my output.
  su ppose i have on einfo object M1_ODS , how can i give authorizations.
  first businees explorer give authorization relevent
  next RRSM create object and can i select radio button for object or cube. and move ur info object
  in PFCG create rols and go to authorizations and give manually ur authorization object in (chnage authorization data) and i need create user and assign this user to my role. when i have seen with new use i am getting all bw  liek normal when i open bw screen, i didnt find my only object in the new user.
  in PFCG menu tab is red that is no problem .
  Thanking u
  suneel.

• Ask fo support Authorization Compounding Info Object BW 3.5

  Hi to everyone, I hope somebody can support me >;-)
  I got a question concerning an authorization on a compounding Info Object within BW 3.5
  I would like to give authorization on the compounding Info Object 0COSTCENTER. The Info Object 0COSTCENTER is compounded, as usual, to Info Objekt 0CO_AREA.
  I already created the necessary authorization objects for 0COSTCENTER and for 0CO_AREA I even tried to create an authorization object which contains both info objects for testing and tried every possible combination.
  In RSA1 both Info Objects are marked as authorization relevant and within the RSSM both authorization objects are marked relevant for the particualr Info Provider. In the pfcg I restrict corresponding role to particular Cost Center and generate the profile.
  But executing the query I always got the authorization problem that the query do not have the authorization to read the authorization object for 0COSTCENTER.
  Please be aware of the fact that the problem is within BW 3.5 
  Thank you very much for your support in advance
  Best regards
  Michael Wecker
  Edited by: Michael Wecker on Jul 8, 2010 6:09 PM

  Reddy,
  Please refer to the following notes. Hope it helps.
  1125108 You are using the obsolete 3.x authorizations in BI
  1081453 Error in old RSSM log in BI 7.0
  1079186 Error when you filter by characteristic values
  1064273 Problems when you process the variable screen again
  957219 Refresh query with hierarchy and variable date
  953402 Variables are displayed when you refresh all querie
  899572 Trace tool: Analyzing BEx, OLAP and planning proces
  790323 The log for reporting authorizations in BW
  177875 Authorizations for analyzing OLAP problems
  /thread/196115 [original link is broken]
  BW Explorer: BRAIN 632 error message when calling a query

• Data Authorization for info-objects

  Dear Experts,
  We have designed a query in costing displaying the plan and actual costs by cost center. Our requirement is that that users shoul be able to see only those cost centers in the query which are relevant to them? How can I acheive this without creating multiple queries?. Is there any authorizatin abject that I can use for this purpose? 
  Regards
  Suneeth

  Hi,
  Pls check the below
  Data Warehousing Workbench u2013 objects/S_RS_ADMWB
  Authorizations for working with individual objects of the Data Warehousing Workbench. In detail, these are: source system, InfoObject, monitor, application component, InfoArea, Data Warehousing Workbench, settings, metadata, InfoPackage, InfoPackage group, Reporting Agent settings, Reporting Agent package, documents (for metadata, master data, hierarchies, transaction data), document store administration, (Customer) Content system administration, broadcast settings.
  Data Warehousing Workbench u2013 InfoObject/S_RS_IOBJ
  Authorizations for working with individual InfoObjects and their subobjects.
  Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
  Regards,
  Marasa.

• Table name for authorization relevant InfoObjects

  Hi Gurus,
  In which table I could see all Authorization relevant InfoObjetcs ?
  Thanks
  Liza

  Hi,
  Table RSDCHA, field AUTHRELFL.
  or
  1. Go to RSSM t-code
  2.click the radio button Authorizations for several users there u have to enter ur login  Id name
  3.right hand side 1 spects symbol is there for disply-- click on it.
  It will show u all authorisation Infoobjects for u.
  Try this link. this might be helpful.
  Program to find the list of Authorization relevent info objects for given
  Regards,
  Haritha.
  Edited by: Haritha Molaka on Dec 7, 2009 5:47 AM

• Making 0PROFIT_CTR Authorization Relevant (RSECADMIN)

  I am in need on restricting certain queires to run, based on specific Company Codes and Profit Centers.
  I have made so far, only Company Code (0COMP_CODE) authorization relevant.
  If I make Profict Center (0PROFIT_CTR) authorization relevant, should the existing queries be affected ?
  In other words, when a user runs existing queries (which require to pass a Company Code), could it be
  asked to provide the Profit Center as well  [I won't insert the Profit Center (characteristic 0PROFIT_CTR) in the authorization ] ?
  Best regards,
  Tom

  If you are on BW3.5 authorization concept, all the queries should not be impacted if those are on different multiproviders (as in BW3.5 concept you can select which object is to be authorization relevant for a multiprovider). If you need profit center to be authorization relevant for one query, all other queries on the same multiprovider will be impacted and if you do not want to add profit center characteristic in all the queries, you will need to create a role with : (colon) access and assign it to the users.
  In 7.0 authorization concept, a authorization relevant info object will impact all the queries on all multiproviders. If you dont want to use profit center as auth relevant for some multiproviders, you will have to take care of it with functional role for that multiprovider or you can use : (colon) data access role.
  Regards,
  Gaurav

• Authorization Relevant Object

  Hi experts,
  Please suggest how to make an info object as an authorization relevant object. Please guide step by step.
  Thanks in advance.
  AJAY

  hi ajay,
  for authrization relevant info objects just mark your infoobject as authorization relevant in tha Business Explorer Tab of ur infoobject.
  then if u have authrization go to t-code RSECADMIN.
  here, undet the authorization tab ,
  just create an Authorization Relevant object into which just
  select ur actual info object name for which u want authorization.
  after this just double click on ur info-object and enter your all restictions.
  save it then.
  hope this will help u
  thanks.

• Restricting Authorization for a specific Info-object

  Dear All,
  I have a scenario where I have to restrict the account managers by specific channels.
  I have 2 info-objects, Sold-to party and Sales Channel. Sales Channel is defined as attribute of the the Sold-To Part info-object.
  I was exploring the BI authorizations concept in SCM 2007.
  I created a authorization called "Test" and assigned the info-object Sales Channel in the authorization and restricted it for one value. This authorization along with 0BI_ALL I have added to the role under BI authorizations.
  However in interactive demand planning, I cannot restrict by the sales channel. It allows me to load data for all the channels.
  If I remove 0BI_ALL object, then I cannot load anything in interactive planning.
  Does anyone have a step by step proceedure for using the BI authorization concept?
  Regards,
  Kedar

  Yes, 0TCAACTVT (activity), 0TCAIPROV (InfoProvider) and 0TCAVALID (validity) have to be made authorization relevant. For the info objects you want to use to control security, also make them authorization relevant in RSD1, imagine the object you want relevant is ZZ_VKORG (sales organization).
  Then use RSCEADMIN transcation and 0BI_ALL will include the objects from above, copy 0BI_ALL into a object such as Z_1000 and then change the value for the specific info object that you want to control, imagine that you want sales org 1000 only to be allowed within Z_1000.
  Now, you have 2 choices: You can use the normal security maintenance (SU01, PFCG) and you can asssign RSRS_AUTHBIAUTH and set BIAUTH requal to Z_1000 or you can use user maintenance directly within RSCEDAMIN and assign Z_1000 to the user. Either way, it becomes part of the authorization of the user.
  You may find that you need to introduce colon authorization concept ( for mixed levels of data and that is just a matter of adding a second line to the allowable values and setting it like "EQ :".
  Things to consider:
  1. This authorization concept is water tight and will do everything you need, but will do at the expense that if you don't model it first, you will kill yourself trying to make it right. This becomes evident when you trace a security issue (via RSCEADMIN) because the way BI7.0 works is that it will build a minimized superset of authorizations, so it is best to know where you want to get to, rather than starting off by where you know you need to go.
  2. To control change or display mode, you will need to influence 0TCAACTVT, even though you might think to use C_APO_SEL3 for ACTVT, the BI7.0 concept works within the BI space and 0TCAACTVT doesn't impact it.
  3. If you activate more info objects, 0BI_ALL will get updated automatically but your custom  authorization objecst will not. So, it is best to activate them all at the same time so that you don't have to manually change them.
  4. Do the work in development and transport it to the TEST/QA/PROD environments, there are transprt tools within the RSCEADMIN.
  This is probably enough to get you going, reply back if you have specific questions or issues.
  I've been thru this in a painful way, sometimes the best things learned are learned the hard way

• Authorization with standard info objects

  Hi Guys,
  I want a small clarification.
  Is it true that Authorization cannot be done for the Standard Infobject, we need to create reference objecs to the standard objects, and the master data of the standard object would be passed to the reference object
  When i went to the standard object, this option is actually available for them too.
  Thanks..
  Regards,
  Charu

  Making Authorization relevant to the Standard Info-objects are not recommendable.
  Make these standard info-objects as references and create info-objects with Z or Y.
  you could see the bussiness explorer tab in the info object properties. There is one option called Authorization relevant.
  you should enable the authorization relevant tab. Once it done then it will reflect while creating authorization object.
  Hope this would help you in understanding.

• TCT* Info objects and Authorization objects

  When defining an authorisation object do I need to include TCT* info objects as fields in the authorisation object and if so why and which ones are required - if this is different for different scenario could someone elaborate? Thanks

  Hi,
  yes... you need to include the TCT fields as you would like to restrict the users based on the infoproviders and the time duration.
  Since in any organozation you have many type of users like the super users who can access anything...end users who have access to areas related to them only and may be some other kind as well.
  Suppose if a user is beloging to FICO department and he is only suppose to use the reports based on GL cubes then you will create an authorization object where you will give the values for authorization relavent objects like company codes,sales org and additionally you will maintain the value for the cube in 0TCAIPROV field.
  when you assign the user to this object he will only see the data in the queries based on the FICO cube and that too for the company codes specified in the authorization object.
  Now if there is another user who can see the data for all the company codes and all the areas but only for certain duration then you will create a new authorization object where you will not give any values for any object but will keep it as * but will maintain 0TCAVALID objects and give the validity period here.
  Thanks
  Ajeet

• Loss Authorization after changing info object

  Hi
  tHIS is authorization issue
  I have DP Planning book and in this planning book I have used Zinfoobject .
  This is working fine since go live . Recently I have added new atribute in this zinfoobject .
  After that user is not accessible to DP pLANNING Area.
  SAYS THAT 'NO Authorization.
  Can anybody suggest me

  Hi,
     Is this Info Object is Std. one?
  I assume this info object is created by manually.If you want to change the data type of info object then you need to delete master data of this info object.After that you can change the data type of info object.
  But this is the vrey risky steps,so i would suggest try it ones in dev. or sand box server,then go further.
  Regards
  Sujay

• SAP BI authorization relevant

  All,
  I tried to create a custom authorization object for an infoobject otcaactivity (just for eg) .Before that I used RSD1 to make that infobject authorizartion relevant.But after that I inserted the infobject which is made as auth.relevant to the custom object and tried to assign value for the intervals.I got an message as the characteristic value is not authorization relevant...why is that?I tried in sand box..is it any way related to info cube which is not yet created for the particular info object in the sand box thats the reason I get error message ?
  Whats the reason to secure characteristics and key figure values?

  Hey,
  Activating business content mean making authorization relevant?
  For BW3.5 there is no need of the mandatory info objects?(0TCAACTVT ,0TCAIPROV ,0TCAVALID ,0TCAKYFNM)
  Whats the difference between securing through reporting authorization object and securing through BI specific object??
  Thanks

• Secure an attribute of a Master Data Info Object

  Hello,
  We would want to secure one of the attributes of the Master Data InfoObject. For eg. In  Material master data info object, we have price as an attribute. We would like to impose a field level security on the price field.
  Anyone please let me know how we can do it ...

  Steps:
  1. Make the info object authorization relevant. RSA 1- info object in change mode and in bex tab therw will be a check box and check that to make it authorization relavant.
  2. go to RSSM - create an authorization object.
  3. In PFCG, set the values for this object.
  4. Whereever this object is sued, the system will check for authorizations.
  Ravi Thothadri

• Updating users profile when infoobject marked as authorization relevant

  Hi All,
  Consider a scenario where there are some projects in which perticuler infoobject is not authorization relevant but in some upcomming project the same infoobject needs to be authorization relevant.but when i marked this infoobject as authorization relevant then i need to manually insert this new authorization infoobject in each user profile. If there are more than 200 users available then it is not very good idea to include this infoobject in each profile manually. Is there any other way through which we can insert this infoobject in all user profile automatically.
  Regards,
  Deepak

  Hi again.
  Go to transaction se38 and create a program with the name ZCHANGE_APPEND_AUT.
  Insert the following code:
  REPORT  ZCHANGE_APPEND_AUT                             .
  TABLES RSECVAL.
  DATA: T_RSECVAL TYPE RSECVAL OCCURS 0 WITH HEADER LINE,
        T_RANGE TYPE RSEC_S_AUTH_VALUES_RANGE.
  SELECT-OPTIONS: ZAUT    FOR RSECVAL-TCTAUTH NO INTERVALS.
  PARAMETERS:     ZOBJN   LIKE RSECVAL-TCTIOBJNM DEFAULT '0TCAIPROV'.
  SELECT-OPTIONS: ZVALUES FOR RSECVAL-TCTLOW NO INTERVALS.
  LOOP AT ZAUT.
     LOOP AT ZVALUES.
        T_RANGE-IOBJNM = ZOBJN.
        T_RANGE-SIGN = 'I'.
        T_RANGE-OPT = 'EQ'.
        T_RANGE-LOW = ZVALUES-LOW.
        CALL FUNCTION 'RSEC_INSERT_FLAT_AUTH'
           EXPORTING
              I_AUTH = ZAUT-low
              I_RANGE = T_RANGE.
         CLEAR T_RANGE.
      ENDLOOP.
  ENDLOOP.
  Activate the program.
  Now when you run this program you'll be prompted for 3 parameters.
  The first is a list of Analysis Authorizations names that you wish to change.
  The second is the name of the InfoObject you want to insert to those authorizations, by default is 0TCAIPROV but you can change it to whatever you want
  The third is a list of values that will be inserted for those InfoObject.
  Therefore imagine that for authorization ZZZA, ZZZB and ZZZC you want to insert the object 0CUSTOMER with the values xpto, yyyy, and wwww.
  You would in this case run the program with the following parameters:
  AUT:
  ZZZA
  ZZZB
  ZZZC
  OBJN:
  0CUSTOMER
  VALUES:
  xpto
  yyyy
  wwww
  Please assign points,
  Diogo.

• Line item type Info Object ????????/

  Hi friends
     just for clarification is there any 0 Info Object available for Line Item Type field (i.e,  LINETYPE (char 5) in FAGLFLEXA Table)....or do I need to create a custom object...
  Thanks

  Hi,
  No need to waste much time here. If you are not able to find any relevent IO in Buisness content also , then create a new z-info object.
  With rgds,
  Anil Kumar Sharma .P