Authorization to modify queries
Hi everybody,
We have 2 roles, one for execute and display queries and another one for create, modify and display queries. We need a role that allow the user to create a query and to modify ONLY the queries he has created. He cannot modify the queries other user has created.
Is that possible?
Thanks
Hi,
Please check the auth set up for Analyst 3 in the following:
http://help.sap.com/saphelp_nw04/helpdata/en/41/05453caff4f703e10000000a114084/content.htm
Hope this helps...
Similar Messages
-
Hi all,
i'm creating a role and i need that users with this role can create, modify and execute queries.
When a user try to modify a query that already exist, Query Designer says that the Bex Order doesn't exist and no authorization to visualize.
The Bex order is created so i think this is an authorization problem.
any ideas of how to solve this ?
thx in advanceDear Juan ,
You have to assign S_RS_COMP1 also for the reporting user and also check if you have given them S_BDS_DS and S_GUI , so that they can save back the changes ...
Thanks,
Krish -
User with authorization to modify an specific field into the G/L Account
Hi everyone,
I´d would like to know if It´s possile GIVE AUTHORITY ONLY to some users will be able to modify the field SKB1 - ALTKT into the G/L Account Master Data through transacction FS02. In this way, only the selected users could introduce or modify information on this field.
I´m not sure if it can be done trough a new Z object and assign the object to the transacction and also in the user profiles..or in other way...
Thanks a lot for your help ¡Hello,
I'm worried but there is no field group authorization for G/L account like customers and vendors. In customers and vendors you're grouping your changable fields and give auth for it. But in G/L master data, there is no solution like this.
So I think you can use business transaction event for validation. You should use 00002310 BTE for this action.
In this exit, you can validate I_SKB1-ALTKT is equal to SKB1-ALTKT for special user. You should create a user parameter like ZALKT and this 'X' value to this parameter for special user. And check user auth for parameter ZALKT = 'X' and then if it's ok compare I_SKB1 and database table SKB1 for ALTKT field. If this two value doesn't equal you can give error message while saving G/L account changes.
Regards,
Burak -
Hi,
my colleague just executed a query and got a whole set of values in his report result.
when I executed the same query with my login details, i got a blank screen with no result.
Is this an Authorisation problem? How do I get all the authorisations to view all the queries etc? Is there any Transaction?
Thanks,
SDHi Sebastian,
Go through this Doc for query with authorization...
[https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06]
[problem in authorisations;
hope it helps..
Regards,
NR -
Authorization check for queries and workbooks
Hi Gurus,
I want help in BW(3.5 version) authorization to restrict the user not to display queries but he can display workbooks.
And I want to create a role where I can publish my workbooks. Like we have two business lines and I want to create the two roles.
I tried with
S_USER_AGR
S_USER_TCD
S_GUI
S_BDS_DS
This authorization objects are related to save the workbooks but my requirement not to save and as well as not to display the queries.
Please advise me what needs to be done to achieve this requirement.
Thanks
Robert.Hi,
you required to query related authorization and work book related authorization.
query
s_tcode
s_rfc(for bex analyzer access)
s_rs_comp
s_rs_comp1
s_rs_fold(if user wants to see infoarea then only u have provide this authorization object)
s_rs_icube
s_rs_mpro
work book
if u want to save query results in work book
S_GUI
S_BDS_DS
if u want to save work book in roles
S_USER_AGR
S_USER_TCD
if u maintaint all the autozation object then you can able to save . -
Authorization related to queries
Hi,
Here just wanted to know what would be the required authorization for queries.
Thanks,
Chandan KumarHi,
Info Objects with Authorization Relevant check is the key for User Restrictions at Query Level in BI
some of the transaction : if you are in 3.x then T.Code RSSM
if you are in BI7 T.Code RSCEADMIN
some links
Business Intelligence Old Forum (Read Only Archive)
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
Regards
Hari -
Authorization on Modify Y* Query and View Z* Query
Hi Experts,
is it possible to allow user to modify only Y* query and to display Z* and Y* query?
I add two times S_RS_COMP (&S_RS_COMP1) in the SAME role (PFCG), one time allowing ALL activities for Y* query and othe allowing only display activity on Z* query...but it doesn't work! I have to do 2 different roles and add the two roles to the user?
Any hints will be rewarded.
Many thanks in advance,
Fabio.mentioning in one role or two roles depends on your requirement.
if you are planning of using one role, entries should be as below.
S_RS_COMP
actvt --03, 16
rszcompid -- Z*
S_RS_COMP
actvt -- *
rszcompid -- Y*
S_RS_COMP1
actvt ---*
rszcompid ---Z, Y -
Define read-only authorization for specific field(s) on a form for 11.5.9
Dear all,
Can you pls let me know how is it possible to define read-only authorization access for specific field(s) per responsibility / user on a form in 11.5.9?
For example I want to protect the item master file by assigning for example to users with responsibility buyer authorization to modify the buyer information but to have read-only only authorization on other sensitive fields such as make/buy flag, expense accounts, etc
Through UI Modeller I have only managed to make specific fields on specific forms invisible, or whole tabs invisible, to specific responsibilities but this does not cover my needs as I want them to be able to view the data of the fields but to not be able to update themArun,
Almost but not quite.. The example you've given has the person VO at the top level which includes all the id's (City, State etc). My use case is slightly different.
query 1
select org_id, OrgName from x;
query 2
select emp_id, emp_name from y where org_id = x.org_id
query 3
multi-table join (approx 9 tables) to retrieve depts associated to employee
where org_id = x.org_id
and emp_id = y.emp_id
Rather than using LOV's would it be better to create VO's and pass in the bind parameters at run time? -
How to create a transport for queries from production system
We have a situation where the production client has been open during cutover and a user has modified queries which were previously transported into production from our development system. We now wish to 'synchronise' our systems so production can be closed (although we will use the changeability options to allow maintenance of local queries).
Does anyone have experience of this problem? What is the best way of exporting the queries in such a way that we can import them into our development and quality systems?
As ever, any suggestions will be gratefully received.Hi,
In similar situation, we opted for manual modifications in the Dev. We made the changes in the queries as they were in Prod and then transported them from Dev to Q and then to Prod.
This is how generally it is done.
Regards,
Yogesh -
'Authorization for replace' sy002
SAP System gives me this error in debbuging mode. I suppose it is something related to authorization when modifying the content of variables (which is what I was doing).
What would be the problem ?
Thanks in advance.> The message is 'No authorization for replace' - message type sy002.
I am not logged on and still dont know which program you are debugging... The system might be throwing an error message which does not relate to the real cause. Unlikely... Most likely an authorizations issue. If I may be honest with you (no offense!) if you do not know which object controls debugging and what it does to a SAP system..., then I would personally not give you debug authority in a system (I also do not have any debug authority - it was removed from my roles at my request). Only in some lab systems... (an one or two temporary exceptions).
> The change mode is not activated however I am supposed to be able to debug a program in Test System even changing the value of a specific variable defined in the program. In fact, I am allowed to debug the program but I can not change the value of a variable in debugging mode. (Perhaps it is because of the change mode status). That's why the system is showing me the error.
So you cannot activate the change mode? Are you setting a break-point, a watch-point or are you running a it from the start in the debugger? Are you executing it in the debugger from the tcode, or from Se38 etc? It the "productive" test client, the system might also react differently (which release are you on and which SCC4 settings does that client have?).
> Is it possible to change the authorization without having to make any more changes in the System?
Don't do that. I would reject the development and ask the developer to join you for the debugging session to see why those variables are incorrect. Your debugging mthod (or mode) may be incorrect (likely), or, the developer will have to go back to the drawing board in a development system or sandbox (sort of equaly likely, depending on the developer).
> The change mode can not be activated instead I want to grant access in order to be able to change the value of some varibles defined to see the results given.
See above. Besides that, the developer should ideally have handled those exceptions so that you do not get an incorrect variable; you only get an incorrect output in display mode (and send their code back for a rework, or invite them over...).
Hope that helps, sorry for the many questions...
Julius -
Hi Experts
In BEx Analyzer there are huge reports (for e.g. 225 reports) but i want to create authorizations for only dealer statement report, daily invoice control report and i want to create authorizations for individual InfoObjectsis it possible in the same report or else is there any solution for that.( in BI.7.0) Could you pls explain to me.
Thanks and Regards,
Vikas Raj.Hello Vikas,
As you said, you want to give access to dealer statement report, daily invoice control report is it?
Then collect the info areas, info cubes and the owners of it.
Do like this. create one role in common and add these authorization objects.
S_RS_COMP, S_RS_COMP1, S_RS_MPRO and S_RS_ICUBE. These authorization objects are related to authorization of reports, queries and BEx.
in S_RS_COMP1, maintain the specific authorization by mentioning the owner and the users.
add S_RS_COMP1 twice. First time mention the owner and give full access to the owners. And second time those who are end users they can execute and display queries.
Remember that in all the authorization objects, you have maintain the info areas, info/multi providers.
You dont have to create authorization for each and every info objects inside your info cubes.
Hope this would help you more. -
Workbook: Document store operation failed due to missing authorization
Hello authorizer gurus,
I have got 3.5.
I have transported.
I try to open a workbook.
I am getting a Error Message:
Document store operation failed due to missing authorization
Newly saved Queries as workbook can be openend.
What's wrong ?
Thank You
Martin SautterMartin,
To get a detailed message about the error (including which authorization objects the user needs to have to be able to perform the action that caused the error) use ST22. It sounds like they are missing the Open authorization for workbooks.
Cheers,
Rusty -
TCODE to check the edit authorization of objects ?
If suppose I am not able to edit any of the objects in BI7 and I need to check whether I have the authorization's to edit that particular object in BI7, where do I check it ? Is there any particular TCODE to check ??
And also I need to know whether do we have setup tables for the customer datsource also or only for the SD & MM ...datasource's. Please let me know what other modules do not use setup tables.
Thanks,You can try by this way
Switch on the trace for your userid in ST01 and start editing.
Once you authorization check failed, switch off the trace and execute the log. there you will get all the details related to your authorization to the queries.
when you are editing query in query designer means, you cannot get authorization check failed in SU53.
Please try this.
Hope this would help you to analyse more. -
Roles and authorizations in BI content
Hi experts,
I'm trying to define a very simple scheme of roles and authorizations for my queries.
So, i'm trying to limit the acess by infocube and DSO, but I'm missing the authorizations objects for Cube and DSO.
I know that authorization object for queries it's S_RS_COMP.
So my roles would be something like
BI_ROLE_FI
Authorization Object Autorization Object Value
Acess query (S_RS_COMP) NA
Infoobject (whats the object???) 0FIGL_C01
DSO (whats the object???) 0FIGL_O14
BI_ROLE_PUR
Authorization Object Autorization Object Value
Acess query (S_RS_COMP) NA
Infoobject (whats the object???) 0PUR_C01
Can you help me find out whats the missing information
Thanks and regards
JoanaHi,
Iu2019ve gave authorization to the object youu2019ve mentioned, but itu2019s still not working.
Basically what I have is the following:
One role that allows me to execute queries, workbooks, etc.
A second role, dependent on the area of work, that should allow me only to have access to queries from cubes/MP/DSO that are specific to users area.
I will then give each user role 1 + the adequate role 2, depending on their work area.
For role 1 I have got:
S_RFC
Activity: 16
Name of RFC to be protected: *
Name of RFC object to be protected: *
S_TCODE
Transaction code: RRMX
S_GUI
Activity: 16
S_USER_AGR
Activity: 01, 02, 03
Role Name: ANLG_BI_01
S_USER_TCD
Transaction code: RRMX
S_RS_AUTH
BI Analysis Authorization: BI_ALL
S_RS_COMP
Activity: 03, 16
InfoArea:*
InfoCube: *
Name (ID) of a reporting component: *
Type of a reporting component: *
S_RS_COMP1
Activity: 03, 16, 22
Name (ID) of a reporting component: *
Type of a reporting component: *
Owner (Person Responsible) for a reporting Component: *
S_RS_TOOLS
Logical Command Name: THEMES
Iu2019ve tested this role, and it works u2013 they can access queries, create workbooks, create permanent model workbooks
For role 2 u2013 Finance I have
S_USER_AGR
Activity: 01, 02, 03
Role Name: ROLE2
S_RS_ADMWB
Activity: 03,66
Data warehousing workbench Object: INFOAREA
S_RS_ODSO
Activity: 03
Infoarea: 0FIGL_ERP
DataStore Object: 0FIGL_014
SubObject for ODS Object: *
S_RS_ICUBE
Activity: 03, 66
Infocube SubObject: *
Infoarea: 0FIAP
InfoCube: 0FIAP_C02
S_RS_MPRO
Activity: 03
Infoarea: 0FIN_REP_SIMPL_1_ERP
MultiProvider: 0FIAP_M20, 0FIAP_M30
MultiProvider SubObject: *
I then gave to my test user this 2 roles, and with that user I can still see every infoarea, and access all reports.
I will have more specific roles u2013 to other areas (SCM, TV, etc), but I chose this one has an example.
First question I have: can I manage my requirement in 2 different roles: one for action that can be performed (role 1) and other for areas that they can access data from (role 2)?
What objects/restrictions am I missing in role 2?
Many thanks
Joana -
Authorizations BW: Show only data authorized instead of authorization popup
Hello World!
I am having troubles setting up authorizations in BW queries:
Some users only have authorizations for seeing some 0salesorg at roles, but when they execute a query, instead of showing only data related to their sales organization a popup appears saying that they do not have authorization enough.
The objective is that all queries behave as if data from all other sales organizations did not exist!
Any idea on how to solve this issue? thanks in advance!
AdriàI already solved my problem.
Asking around in my job somebody told me that this is an expected behavior called "all-or-nothing", meaning that if you only have authorization for some of the data you requested none will be shown.
The only way I found to simulate the behavior I was trying to achieve has been using two variables, the first one is normal and ready for input, the user will fill this one in the query selection, the other is a customer exit which will be filled with all values in authorizations in case the first variable is empty. Authorizations values are found in tables.
hope this helps anyone with my same problem
PD: thanks to both for answering.
Adrià
Maybe you are looking for
-
How can spwan out parallel HBR in one single batch file?
We have several Hyperion business rules to be executed at night batch. To ease the control and management, we put all business rules under one single batch file. However how can we spawn out different business rules so that these rules can be execute
-
I'm going to start with an apology if this is in the wrong place, I'm new to the forums and just finding my way about. Please feel free to shout at me or move this post to a more suitable place. Anyhow, hi there everybody, I'm a (shudder) PC user at
-
Posting is only possible with a zero balance; correct document Message no. F5060
Hope all are doing well In FB60 Need to deduct VAT TDS on canteen expenses it should not come through direct tax Dear Experts Our client requirement is deduct VAT TDS On canteen expenses i created new tax code and given - (minus) in FV11 For conditio
-
I dropped my iphone 5s in the toilet. Turned on after a day in rice, then shut off.
Ok, this is basically what happened. I dropped my Iphone 5s a couple days ago into the toilet for 4-5 seconds. I then took the phone out, put it in a towel, cleaned up the water that was there, and then like an idiot after 10 minutes, tried to turn i
-
What are the steps to configure SAP Connector?
Hi Experts, Please explain me how to configure SAP Connectors? By how many ways we can configure SAP Connector? Thanks & Regards, Sharma.