Authorizations for report PC00_M99_CIPE  by field PayrollArea

Similar Messages

• Object level authorizations for reports

  HI
  I have 20 charactesr in cube , around 15 have navigational attributes.
  i need to give authorizations for 5 objects only .( navigational attributes).
  i have 10 reports, i need 2 reports only authorizations relavant.
  if i restrict 5 objects authorizations , its effect all queris? in this scenerio i need to create 2 cubes?
  ple let me know

  hi suneel,
  As you said you require authorization for 2 reports, you can restrict those Infoobjects with the authorization variables and in the other 3reports use that object but do not restrict to the authorization variables..
  So, the user will be able to see whole data for 3 reports where authorization is not used.
  Hope it is clear.
  Thanks
  Lavanya

• Authorizations for report by field PayrollArea

  Hi experts.
  I have the following requirement:
  I need that by authorization the system allows to the managers of HR execute the  report standard PC00_M99_CIPE .
  only for the employee that have in the infotype 0001 field payroll area the same value that have the manager
  in his role.
  Example :
  Employee1
  Payroll area = A1
  Employee2
  Payroll area = A2
  Employee3
  Payroll area = A1
  Employee4
  Payroll area = A1
  Employee5
  Payroll area = A3
  Employee6
  Payroll area = A3
  When the Manager of HR execute the report, the system just take into account the employee that have Payroll area = A1 and A3 and not the employee with  Payroll area = A2.
  How can do this using roles, if the object P_ORGIN not have the field  Payroll area . I checked the t.code SU24.
  Thank in advance for your help,
  Best Regards

  HI,
  Check how the payroll area is defaulted in feature "ABKRS".
  Include the PA/EG/ESG in P_ORGIN for the employee.
  Also check if any structural authorizations are there or not.
  Still if this doesnot resolves user TCODE -su53 after executing the report.
  -Param

• Authorization for Report Painter

  Hi,
  we have a report in report painter with Company Code selection. May I know how to restrict the company code selection such that userA will see only company codeA data?
  i see there's an authorization group. may i know how to use the authorization group? may i have the detailed steps? thanks.

  ZL Goay,
  Follow these steps.
  1. Go to T-code <b>SE54</b> there is radio button for authorization group just click it and create. authorization group say ZGOAY
  2. You can assign this to your report painter - go to header information and press F4 you should get 'ZGOAY' there.
  3. Assign this object group to the userA (Get help from Security team or BASIS)
  You may check the table TBRG for auth object and group relation
  reward if useful

• BW 3.5: flexible Authorizations for reporting

  Hi Experts,
  I am looking for a solution for flexible reporting authorizations.
  The background:
  There are lots for Profit Centers in our system. Currently, we have created lots of Roles/Profiles which include fix values defined to limit access for users. The maintenace effort is getting higher and higher.
  I heard there could be a flexible solution to use BEX variable typed Authorization and the authorization values can be determined via BEx user exit. Finally, I need only one profile for all users. But I don't know how to implement this flexible solution.
  If anyone out there could share the knowledge it would be great.
  Thanks for your help in advance!
  Regards,
  Sally

  Hi
  First make the info object authorization relevant in the business explorer tab of the info object.
  Plz follow the below steps:
  1. Goto RSECADMIN tcode to create analysis authorization object for Profit centre
  2. Click on Maintenance
  3. Give a name and click on create
  4. Give the info object name as profit centre under char/ dimension
  5. double click on info object profit centre or click on details
  6. Under value authoriztion tab, give the variable name. (The variable name should start with $ symbol ex $test).
  Write the logic for the customer exit variable in the function module EXIT_SAPLRRBR_001 inside of enhancement RSR0001 via tcode CMOD.A variable of processing type authorization reads the values from authorizations of a user. A variable of processing type customer exit reads the variable values using a selection routine placed in the function module.
  Assign the authorization object to all the user instead of creating new profile with the hard coded values.
  The advantage of this method is that you can give all users the same authorization by placing the variable name with a $ sign in front of it instead of a value in the characteristic value (or the hierarchy node).
  The variable can also of course be used in the query, but this is not absolutely necessary. You can also filter using another variable or with fixed value restrictions in the query.
  Hope it helps.
  Regards
  Sadeesh

• Authorizations for report

  hi
  i have this report
  employee emp group emp sub group number of employees
  what steps i need follow at rsa1
  what steps i need follow at rsecadmin
  what setps i need follow at pfcg
  can i gets tep by step process

  Hi,
  Do you want to restrict your report based on Employee ?? If so follow the below steps.
  RSA1 - Make the Employee InfoObject as Authorization revlevant in the Business Explorer tab of the InfoObject.
  RSECADMIN - Create an analysis authorization( AA ) with the following InfoObjects.
  0TCAACTVT
  0TCAIPROV
  0TCAVALID
  0TCAKYFNM
  and Employee InfoObject and restrict them with the values you feel you need to give authorization to.
  Now assign the analysis auth to the user directly in RSECADMIN or you can create a role in PFCG and under the Authorization Object S_RS_AUTH give the new AA name.
  Hope it helps.
  You can go through the following document for detailed infomation on Authorizations.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea
  Regards,
  Gaurav
  Edited by: Gaurav Kothari on Oct 15, 2008 5:10 PM

• Authorization  for Report Execution

  Hello Experts,
  There is a BEx Report in production, which is visible to me and i can execute.  But at the same time, the user is not able to view or execute the report. The report is developed in the production itself and not in development box  and transported.  This is surely related to authorizations.. Can anybody suggest how can I grant the user authorization so that he can view and execute the report but not modify.
  I have authorization at DEV, QA and PROD.
  Best Regards!

  Hi,
  Not sure whether its an authorization issue or something.
  But he may be unable to find the exact bex query.
  You can guide(info area-->info cube-->bex query) him how to find exact query while opening bex designer or anylaser.
  Mean while you can give bex query technical name to user and ask him run at RSRT.
  that may give some idea.
  whether its any authorization issue or he is unable to find at query designer while opening.
  Thanks

• User Authorization for a Query

  Hi,
  I have assigned a single role to a user, in which I have authorization for all the Infoproviders, including authorization for reporting. The user is able to access most of the queries, except one query. If there is a problem, he should not have accessed all the queries.
  What problem could have prevented the user from accessing on particular query???
  Any Ideas will be highly appreciated,
  Thanks and Regards,
  Ravi Sankar

  Some possibilities:
  The one query which the user is not able to run , who is the author of this query?
  You need to give authirozation for the object S_RS_COMP1.
  If the user has authorization for this object, then the next possibility is:
  The query may have a filter or a characteristic value for which the value is not set for the user.
  Ravi Thothadri

• Autorization for report RPUAUD00

  Hi all,
  is it possible to create authorization for report RPUAUD00 to work like this:
  if user start report it should display only changes which he makes.
  if hr manager start report it should display all changes for all users.
  Best regards.

  Hi,
  You can find the Date & Time from PCL4 cluster table.

• BW report authorization for restrict cost center

  dear all,
  i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
  note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
  below the customer exit :
  WHEN 'ZV_CCTR'.
      IF i_step = 2.
        DATA : gt_mstuidvscc TYPE TABLE OF  ztbw_mstuidvscc,
               gs_mstuidvscc TYPE  ztbw_mstuidvscc,
               wa_final2(10) TYPE c.
        SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
          WHERE userid = 'sy-uname'.
        LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
          wa_final2 = gs_mstuidvscc-kostl.
          l_s_range-opt = 'EQ'.
          l_s_range-high = wa_final2.
          APPEND l_s_range TO e_t_range.
        ENDLOOP.
      ENDIF.
  Regards,
  Tony

  i defined variable as ready for input and mandatory.
  regards,
  Tony

• Authorization for Web report

  Hello Experts,
  One of my user wants to see a report in the web and wants an authorization for the same. When he is trying to execute the query in the WEB he is facing the follwoing error.
  User SCANESIN has no RFC authorization for function group SDIFRUNTIME.
  What steps do i need to follow to resolve this issue.
  Regards,

  Hi,
  You can solve this problem with the help of your basis person.
  Go to the role of that use using RSECADMIN. Find the authorisation object S_RFC. Include SDIFRUNTIME in
  'Name of RFC to be protected' field. Activate the role.
  Regards
  Githen

• Authorization for the report

  Hi
  I have made one report,  I needed to check the authorization for the report, how to do it.
  Eg.  One employee is executing the report, he only needed to select his transaction
  If somebody from one sales organisation, they only needed to take the data belongs to the sales office.
  SELECT-OPTIONS: p_vkorg  FOR tvkot-vkorg.
  SELECT-OPTIONS: p_pernr FOR pa0001-pernr
  for example two selection parameter is displaying. if my employee no is 100, while trying to enter execute the report for 200 employee no. no data should show. like that vkorg filed also should work.
  Please let me know how it possible.
  Regards
  Sebastian John

  Hi,
  You can change the code below
  *---Authorization for Company code entered by the users.
  *---This code will restrict users to see data for company
  *---codes which they are not authorized to.
  *---Select all the company codes based upon selection entered by the
  *---user
  SELECT bukrs
     FROM t001
     INTO TABLE li_bukrs
    WHERE bukrs IN z_bukrs.
  IF sy-subrc EQ 0.
  *---Clear Screen variable for Company code
     CLEAR z_bukrs.
     REFRESH z_bukrs.
  *---Filter and prepare Select options for Company code table to be
  *---passed to query. Table will only have values of company codes he is
  *---authorized to for display.
     LOOP AT li_bukrs INTO lwa_bukrs.
       AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
                         ID 'BUKRS' FIELD lwa_bukrs
                         ID 'ACTVT' FIELD '03'.
       IF sy-subrc = 0.
         z_bukrs-sign = 'I'.
         z_bukrs-option = 'EQ'.
         z_bukrs-low = lwa_bukrs.
         z_bukrs-high = space.
         APPEND z_bukrs.
       ELSE.
         lv_flag = 'X'.
       ENDIF.
     ENDLOOP.
  *---Give warning message to the user in case he is not authorized to see
  *---data for all the company codes that he has entered.
     IF lv_flag = 'X'.
       MESSAGE ID 'ZFNG' TYPE 'W' NUMBER '015'.
     ENDIF.
  ENDIF.
  This code does an authorization check at company code level and removes all the company codes that user has entered but is not authorized to look for. After that we pass the filtered list of company codes for which user is authorized to in the select query and fetch the results. You can first select all the records from database for PERNR and VKORG. Then filter them and prepare new list of VKORG and PERNR after performing authorization check and pass it further to select queries in your program.
  KR Jaideep,

• Authorization for BI Reports

  Hi All,
  I am new to BI Authorizations. In my Project there are 150 Users are there.So for each user,Authorization Object
  is created in RSECADMIN and Roles are created in PFCG Tcode.
  Initially we have created 9 Reports and it is running in BI PRD. In all 9 reports we are using the Info Object
  "0CRM_PRCTYP - Business Transaction Type" and Authorization Relvent is Unchecked in this Case.
  Now the Client wants some more reports and need to provide Authorization for this Field "0CRM_PRCTYP - Business
  Transaction Type".And these new reports will be used by "New Users".
  So i have Checked the Authorization Relvent for the Info Object "0CRM_PRCTYP - Business Transaction Type" and
  Created Authorization Variable in Reporting Level.After doing this, I have executed the report by logging with new
  Users and it is working fine for new reports.
  Then i have checked the Old reports (9 Reports) ion RSRT and found that the error "NO AUTHORIZATION" for all 150
  users.
  Can you please help me how to rectify this error.
  Thanks,
  Jelina.

  Hello Jelina,
  First, try to check the reports by running them with the user account in transaction RSECADMIN -> tab Analysis -> Execute as user.
  If this will return an error please go with transaction SU53 and check what role/authorisation has generated the error. Afterwards, launch PFCG, go to Authorisation tabs, Display authorisation and add the reports BOTH under -> Business Warehouse-> Business Explorer Components  and ->Business Warehouse -> Business Explorer Components - Enhancement to the Owner.
  After this press the Generate button (looking like nuclear hazard but in red&white) and SAVE. Go to the TAB Users in PFCG and press the button USER COMPARISON and afterwards SAVE.
  Now it should work. Let us know if you still have problems.
  br,
  Dan

• We need to give field-level authorization for some fields

  The schenario is as follows :
  1. There are various storage locations within a plant.
  2. There is one or more people incharge of creating PO and receiving
  stocks for every storage location.
  3. We dont want to authorise the person incharge of one storage
  location to receive stock in another storage location or even view the
  other storage locations at the time of creating the PO or any other
  transaction. The user incharge of one storage location should not be
  able to view any other storage location in any storage location field's
  drop down.
  regards
  Manish
  +91 9811647727

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah

• Field level Authorization for IT0002

  Hi All,
  We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
  This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
  We want to disable the access of this field to every one, even the HR administartor.
  Kindly suggest if this is possible using authorizations.
  I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
  Regards,
  Umesh Chaudhari.

  Hi Umesh,
  Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
  SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu."  -> the pop-up "help - P_ABAP" appears.
  There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
  The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
  Object HR: Master data (P_ORGIN) (two authorizations)
    Infotype                  0002             ' '
    Subtype                   *                ' '
    Authorization level       R                ' '
    Organizational key        ' '              0001YYYYXXX
  Object HR: Reporting  (P_ABAP)
    Report name                SAPDBPNP
    Degree of simplification   1
  Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
  Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
  Hope this help
  Sarah