Authorization value as ":" in BI 7.0

Similar Messages

• Table that stores Analysis authorization values

  Hi all,
         We generated analysis authorizations for users on Profit centers. In RSECADMIN for each user we see an automatic authorization object being assigned with a name like RSR_000234  so on. We can see the values (profit centers) for this object when we double click on it. I would like to create a list of all users and the assigned profit centers. Can you please tell me if a table is available to get this list.
  Thanks,
  Ram.

  Chetan,
           We are loading authorizations values to 0PROFIT_CTR from ECC and flatfile into the Authorization DSO's and generating authorizations to assing the profit centers to users. I would like to see the profit centers assigned to a user. For example suppose if a user is assigned a particular region. I would like to see all the values of the profit centers assigned to the user from a table rather than going to the hierarchy and getting the list for each region.
          The tables that you specified give the userid and the technical name of the authorization(RSR_000234..) but I would like to see the actual values in the authorization.
        Hope I am clear. Thank you for your assistance.
  Ram.

• RSECADMIN - Authorization Value Entry with Leading zeros

  Hello All
  Issue: RSECADMIN does not allow to enter a authorization value with "leading spaces". This is an issue for us.
  I am using Analysis Authorizations in BI 70.
  We have one object say Product Line Char 5.
  We have 2 values
  '   01'  ==> SID 1
  '01   '  ==> SID 23
  Both have different SID
  In RSSM based security design, I was able to enter value '   01' and then authorization was processed and user was able to access the data '   01'. In RSECADMIN, system does not allow me to enter '   01'. It puts this as 01 all the time and then looks for SID 23.
  Anyone have any experience on this? I am looking for specific guidance if you have found any solution.
  Thanks
  Pankaj Gupta

  Hi Andreas
  It seems to me that after " ' " it considers the whole field as blank. Also field is 5 character long and with Open "  ' " and close " ' "I and 01 I can only have one space before 01. I wanted 3 space and then 01.
  I will test this and let you know.
  Following worked for us:
  1) Created a custom hierarchy that keeps '   01' on a node and then use that node to tell what value user is authorize.
  2) And it worked. It sounds crazy idea but I was running out of the tricks.
  3) It is simple RSECADMIN maintenance tcode bug. It trys to help in Data Entry by Left justing the value. That help was not needed and nessasary at all. Let user get Raw Data Entry screen. Anyway this is not End User Interface tool.
  Thanks a lot.
  Pankaj Gupta

• Special Authorization Values for characteristics

  I had a question about the authorization value '*' (asterisk)
  SAP defines how this can be used as follows:
  (asterisk)
  .. Denotes a set of arbitrary characters
  .. Used alone to grant access to all values
  .. Used at the end of a value to specify a simple pattern (example: SAP*)
  Here is my situation:
  InfoObject A: Values can be: A,B, C, A1, B1, C1, C2, A1G, B1D, C1A, C2A etc.
  If a user has authorization of C, it automatically means he is authorized to view values C1, C2, C1A and C2A. In this case can I assign values
  C, C and C** (I am doubtful abt using *(double asterisk))
  Please clarify.
  Thanks

  Asterisk denotes a set of arbitary characters
  Used alone to grant access to all values
  used at the end of a value to specify a simple pattern(example SAP *)
  +(Plus)
  Denotes exactly one character
  Used at the end of a value to specify a simple pattern (example - RED+)
  Used to specify date patterns(only for validity (OTCAVALID))
  Hope it Helps
  Chetan
  @CP..

• Authorization values to auth object

  Hi,
  Please let me know how to find the possible authorization values for an custom authorization object..
  thanks.

  Hi,
  the definition (and also display) of possible values for activity can be performed in SU21.Doubleclick on the object->there is then a button in the popup: 'Permitted activities'.
  Depending on the values checked in the coding (statement 'authority_check') you can also maintain suggestions in SU24 for the corresponding transaction. So if you do not know any values at all, an analyze of the coding will be necessary.
  b.rgds, Bernhard

• Extract authorization values

  Hi,
  Is there a way to extract specific authorization values for a particular user?
  In SUIM, using "Users by Complex Selection Criteria" will display all the authorization & values.  You then need to find that particular authorization, say "P_ORGIN" and go through each one of them to find the values assigned.  It is very tedious if the user have a lot of the "P_ORGIN" authorization assigned.
  I think in this case, SUIM is not the best way.
  Is there a way to quickly zoom into and look at all the values in just that particular authorization, in this case, "P_ORGIN"?
  Thanks

  If your focus is on HR authroizations one of the ways :
  SE16 - table name AGR_USERS
  The technical name will provide the assignment coming from organizational management.
  Take just those roles :
  use SE16 -  AGR_1251
  Which will give you an output export to excel filter on P_origin.
  If you are not using Organizational management:
  Then use SE16 - AGR_1251 find roles having P-origin
  get the role list and use AGR_USERS to find role to user relationship.

• Authorization values for 2 different queries

  Hi,
  I have an info object which is a authorisation relevent info object.
  I had used this info object in my 2 queries. Our requirement is when the user executes the query1, he should be able to see the data only for the authorized values which has been given in PFCG. But, when he executes the second query, there should be no check and query should display all the data irrespective of the values given in PFCG.
  Basically, Query1 should execute as per the PFCG values and the Query2 should execute bypassing the PFCG authorization values.
  Can anyone please help on this.
  Thanks
  Ramesh Ganji

  Hi,
  First create a role with the following authorizations (full)
  flight no - * (all accounts allowed)
  Define a query without any restrcitions/filter so that when the user 1 runs, he can find all the data from this query.
  Now define one more query wherein restrict flight no as 001
  Now when the user John runs this query, he can find only 001flight details
  In this way, just by defining only one role, you can achieve ur requirement by using restrictions at the report level.
  Regards
  Pavan Prakhya

• Authorization values by role table AGR_1251

  hi,
  I need to find the authorization field values for a user. I am proceeding as follows:
  Select values from table AGR_1251 but in the field values i.e. for BUKRS LOW and HIGH fields has values '$BUKRS'.
  Can you tell me that which table will have the actual values for BUKRS as assigned in PFCG (1000, 2000, 3000).
  Thanks,
  FS

  Hi,
  Try to fetch the details from table AGR_1252 .
  you will get the low and high values assigned to the organization level.

• P_ORGINCON Authorization Value of P

  Hi Guys,
  We have had an issue when attempting to write to the Compensation process infotype via EP.
  After performing a Systems Trace the below check was shown:
  INFTY=0759;SUBTY=ISA7;AUTHC=P;PERSA=;PERSG=;PERSK=;VDSK1=;PROFL=*;  
  As you can see AUTHC displayed a value of P
  What is this value? what does it mean?
  Thanks
  Nathan

  Hi,
  That is the Authorization Level. Following are the fields:
  INFTY Infotype 
  SUBTY Subtype 
  AUTHC Authorization level 
  PERSA Personnel Area 
  APGRP Applicant group 
  APTYP Applicant range 
  VDSK1 Organizational Key 
  RESRF Personnel officer responsible for application 
  However, it shud have value R or M. Not sure why you have P. Can you go to the authorization data level and see the values for the role. That may give you more idea.
  Rgds,
  Raghu Boddu
  Reward points if you find this information helpful.

• Authorization variable not filled with authorization values

  Hello All
  I post a similar message earlier this week, I thought that my issue was solved, but it was not.
  I've got a workbook with 4 differents queries.
  There as an authorizations variable in each query. This variable properties is as follows :
  **General tab**
  Type of variable : characteristic value
  Processing type : authorization
  Characteristic : company code
  **Details**
  Variable represents : selection options
  Variable is : optional
  Variable is ready for input : yes
  I've followed recommandations from OSS notes 976680
  My issue is : if I run each query individually, variable is filled with authorized values
  If I run the workbook, variable is not filled with authorized value, so when end user run the workbook, BW consider that end user wants to see all data and get "No authorization".
  I don't understand why variable within the workbook doesn't show the authorized values and why the queries do.
  Any suggestion about this issue ????
  Thanks
  Catherine

  Hi
  thanks for replying
  I ran the query with UserID from RSECADMIN and I could open the query. But if I want to select 0profit_ctr I get this error No authorization to characteristic values.
  I  checked the log and this is the message.
  Value Authorization
  InfoProvider FIGL_MP1
  Value Authorization for Characteristic 0PROFIT_CTR
  Building the Buffer...
  Building the Buffer...
  No Authorization for Values
  thanks

• Report users & authorization values in release strategy

  Hello,
  I want a report which displays the user names and their release codes from the authorizations which the users have.
  Is there any standard report?
  Thank you.

  Dear Landra,
  There is no standard report to get this data. But you can get this by combining the data of the 2 tables AGR_1251 & AGR_USERS.
  1. Goto SE16 --> table AGR_1251. Give Z* for Role, M_EINK_FRG for Object & FRGCO for Field Name and run it.
  2. Goto SE16 --> table AGR_USERS. Give Z* for Role and execute it.
  Vlookup both the reports in step 1 & 2 to get the list of users having access to a particular Release Code in the system.
  Regards,

• Populating Authorization value in Customer exit

  Dear Experts,
  I have two info objects Sales org and Plant and both are hierarchies.And both are having the same values
  ie Sales org A100 = Plant A100
  And Sales org hierarchy is like this:
  A100 ( Top Node)
  -A110 (Child of top node)
  --A111 (child of A110)
  -A120 (Child of top node)
  --A121  (child of A120)
  Sales org is authroziation object and plant is not.
  Users are provided authroziation based on Sales org , but our requirement is to popullate the same value to plant variable as well in the query.So in case if they want to drill down there wont be any problem.
  I have created a query with sales org as input varible and plant as customer exit variable.
  Suppose a user is authorized to top node ie A100 sales org and in the query if he inputs sales org as A111 which is a child node of A110
  then my plant vairable should  be populated with the top node which user is authroized to ie A100 iresepective of what ever he enters.
  If the user is authorized to A110 and if he enters A111 then my plant should be populated with A110.
  I am trying to get that info from tables UST12 etc but it would be great if someone throws some light on how to do this requirement.
  Thank you for the help.

  Please see my reply to your another thread.
  Please do not open the thread for same issue twice.
  Regards,
  Ganesh Bothe

• FM Delivering Authorization Values

  Hello All.
  I am working with SAP Netweaver 2004S.
  I need an ABAP function module which imports
  - a user name
  - a cube name
  - a name of an infoobject (included in the cube).
  The module then should deliver the list of this infoobject's values which the user is authorized for.
  Is there any SAP standard function module that meets my requirements?
  Regards. Peter.

  CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
      EXPORTING
        RETFIELD               = 'KUNNR'
        DYNPPROG               = SY-REPID
        DYNPROFIELD            = 'P_OWNER'
  *    VALUE                  = ' '
        VALUE_ORG              = 'S'
  *    MULTIPLE_CHOICE        = ' '
  *    DISPLAY                = ' '
       CALLBACK_PROGRAM       = SY-REPID
  *    CALLBACK_FORM          = ' '
  *    MARK_TAB               =
  *  IMPORTING
  *    USER_RESET             =
      TABLES
        VALUE_TAB              = IT_KNA1[]
  *    FIELD_TAB              =
       RETURN_TAB             = IT_RETURN[]
  *    DYNPFLD_MAPPING        =
     EXCEPTIONS
       PARAMETER_ERROR        = 1
       NO_VALUES_FOUND        = 2
       OTHERS                 = 3
    IF SY-SUBRC   0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    READ TABLE IT_RETURN INDEX 1.
    WRITE : IT_RETURN-FIELDVAL TO P_OWNER.
  Code Formatted by: Alvaro Tejada Galindo on Jan 7, 2009 12:26 PM

• Dynamic Authorization VDSK1 Values?

  Hello,
  I was wondering if there is a way i can get some of the authorization values (e.g. org unit in HR) dynamically without specifically giving these values in the authorization Object P_ORIGIN, vield VDSK1?
  there is a lot of users with different access depending on their org key, and it is not reasonable to create 30 or 50 roles just for them to be able to access system ?
  I hope there is a solution for this. thank you all in advance.
  regards,
  Mo A

  Thanks,
  but could you tell me how ? This is first time i read bout structural authorization and i read a document on how to use it but it seems there is something missing which is giving that "Failed HR Structure Authorization".
  what i did is as follows and if there is something missing or done wrong please comment on that:
  1. Maintain structural authorization profile in view T77PR
  2. Assign structure authorization profile to user in view T77UA.
  thats all i did ? is there more steps or configuration to be done beside the above 2 steps, please advise ?
  Regards,
  Mo A

• Authorization in BPS

  Hi Everybody.
  We have Multi-Planning Area ZMPA that consists of standard planning areas ZSPA1 (infoProvider ZICPA1) and ZSPA2 (infoProvider ZICPA2).
  ZICPA1 infoProvider has:
  - characteristics
       0BUS_AREA;
       0CALQUART1
       0CALYEAR;
       0CMMT_ITEM;
       0FM_AREA;
       0FUNDS_CTR.
  - a key figure 0OI_EXPENSE.
  ZICPA2 infoProvider has:
  - characteristics
       0BUS_AREA;
       0CALQUART1
       0CALYEAR;
       0CMMT_ITEM;
       0FM_AREA;
       ZFUNDCTR.
  - a key figure 0OI_EXPENSE.
  ZFUNDCTR is compounded with 0CALYEAR, 0CMMT_ITEM, 0FM_AREA. ZFUNDCTR has a navigation attribute 0FUNDS_CTR.
  Example of ZFUNDCTR master data:
  ZFUNDCTR   0CALYEAR    0CMMT_ITEM   0FM_AREA      ZFUNDCTR-0FUNDS_CTR
  01        Y1          A1           2700          01
  01        Y1          A2           2700          01
  02        Y1          A1           2700          02
  02        Y1          A3           2700          02
  03        Y1          A3           2700          03
  03        Y1          A4           2700          03
  Where Y1 - year value,
  A1..A4 - different values.
  0FUNDS_CTR is an authorization relevant characteristic. We have selected the 'Obsolete Concept with RSR Authorization Objects' and have created an authorization object ZOFUND for InfoProvider ZICPA1 only.
  The planning function ZMPAPF at the ZMPA area should copy data from ZSPA2 to ZSPA1 with formula like this:
  === begin ===============
  Operand {0FUNDS_CTR,ZFUNDCTR,Plng Area}
  DATA s_fund TYPE STRING.
  DATA V_0FUNDS TYPE 0FUNDS_CTR.
  DATA V_ZFUNDS TYPE ZFUNDCTR.
  foreach V_ZFUNDS in REFDATA.
    s_fund = V_ZFUNDS.
    V_0FUNDS = s_fund.
    {V_0FUNDS,#,Plng Area} = {#,V_ZFUNDS,ZSPA2} .
  endfor.
  === the end ==============
  1) A User has an authorization object ZOFUND with values '01' and '02' .
  But when he performs this planning function there becomes an error that he hasn't an Authorization. System can not to read data from {#,V_ZFUNDS,ZSPA2} because User hasn't an Authorization ZOFUND = #. But ZOFUND authorization have not been selected for ZICPA2 infoProvider.
  Have you any comments?
  2) We have given an authorization value '#' for this User to solve the problem. And now User can see all values in the list of authorization relevant variable in the BPS. I think it's not correct. For example he can see only '#', '01', '02' values for autorization type variable in the BEx Analyzer .
  SAP NetWeaver BI 7.0, Support Package 15.
  With best wishes, Alexander.

  Hi,
  To answer ur first question, as u didnt select infocube2 for authorization and the planning function level contains 0FUNDS_CTR, system cant read any record from infocube2 example {#,V_ZFUNDS,ZSPA2}.
  Now after giving # access, he can see all values for the variable but the planning function wont work because authorization is not checked for cube2.
  i hope u should give authorization check for cube2 also. and see giving only # value to cube2.
  i didnt understand what exactly is the planning function doing.
  i guess it is dealing only those records which have 0funds_ctr as # from cube2.
  u can try this.
  Bindu