Automatic Conversion in BW Authorization Issue

Hi All,
I am having issue in assigning authorization.
Below is the scenario:
ZFunction Code is authorization relevant.
Created 2 authorization object and restricted each with function code 312 and 313.
Authorization created as I-EQ-312 and I-EQ-313.
Created 2 roles for each authorization object.
Assigned these 2 roles to a user. When I execute the query with the user id. It displays no authorization.
When I check in the logs, it shows that it is automatically converting the condition to Between (BT) and checking function code greater than 311 and 314.
Not able to understand the reason for this conversion.
Searched on SCN for solution but could not find any helpful link.
So posting the query.
Will appreciate your quick reply in resolving the issue.
Attached are screenshot of authorization and logs for reference.
Regards,
new2sapbw

Hi All,
Sorry for the late reply.
The issue has been resolved.
Changes done to resolve the issue:
1) Authorization variable created had Variable Represents (under details tab) as "Several Single Values". Changed it to "Selection Option".
Reason being, Several Single value does not interpret values given in an order as individual values. It converts into between condition/range. Example, Fun code 312, 313, 314 are considered as Between 312 to 314.
2) We already had a exclude restriction on the info object/characteristic. After adding the authorization variable of type Selection option, we were not able to save the query and were getting "SELOPT error does not allow any further selections".
Reason being when using authorization of type selection option, we cannot add any further manual restriction.
Resolved this by dragging the info object to "Characteristic restrictions" area in filter tab and restricting it with authorization object.
dragging the info object again into "Default values" area in filter tab and restricting it with exclude restriction.
By doing above two steps resolved the issue.
Thanks a lot for all your valuable inputs.
Regards,
new2sapbw

Similar Messages

  • Aironet 1200 LWAPP Conversion and WLC Authorization Issues

    Please excuse the length of this.
    I am trying to convert several Aironet 1200 series APs to the LWAPP Recovery image and register them with a WLC. There is no WCS involved.
    All of the 1200s have b/g cards in them, specifically MP21G and MP31G, so per the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" guide, I am good. The 1200s are older and obviously do not have the manufacturer certificate.
    The WLC is running the latest code, AIR-WLC4400-K9-3-2-116-21.aes.
    The APs are running 12.3(7)JA2 or 12.3(7)JA3, all of which per the upgrade document and the Upgrade Tool utility meet the minimum requirements being 12.(7)JA or greater.
    I will first dive into the disaster of the conversion process.
    First, I upgraded a 1200 with a MP21G radio module. As far as the Upgrade Tool, I specified everything mandatory (AP credential file, recovery image, time source) while leaving the WLC and DNS server information absent. It successfully loaded the image and created all the necessary keys. Soon after I upgraded the image, the AP started rebooting continuously. I downgraded the AP to IOS, and found that the AP no longer has visibility of it’s radio module. It is simply gone. I upgraded and downgraded the code on the AP, hoping in the process that it would rediscover the radio module but it never did. I have not taken it apart yet to see if there is anything physically wrong and I will, but it was working fine previously, so even though it is possible that the radio module has checked out, my mind just can’t go there. Scratch one.
    So, AP number two has the same hardware. After attempting to convert it seven times with complete failure, on the eighth it successfully converted. I changed nothing is the upgrade process. Cool. So, with this success, I wanted to add it to WLC.
    Network overview: the AP and WLC (Management and AP-Manager) are in the same broadcast domain.
    Ok, the WLC configuration. The WLC is in Layer 3 mode which per the documentation is the only supported configuration that the converted Aironet APs will support. The Management and AP-Manager interfaces have been defined and are up and pingable by the converted AP. The AP information (AP MAC address, SSC, SHA key hash) has been entered in the WLC AP Authorization list as well. SSC certificates have been allowed.
    As far as DHCP options 43 and 60, none have been defined. Per the documentation, even if the WLC Controller is in Layer 3 mode, as long as the AP is in the same broadcast domain, the AP should do a LWAPP discovery and make a join request to the controller. Again, the AP can ping both the Managment and AP-Manager interfaces.
    So far, the AP has not been able to join the WLC. There is nothing in the logs. I have failed to do a debug on the WLC to see what is going on, but one thing I have seen is on the AP debug, a “AP-Manager not enough interfaces” message.
    All the documentation I have been referring to is the "Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode" guide.
    I will put the AP on a different segment tomorrow and try the DHCP route.
    It is probably something simple.
    Any ideas? :)

    Jason
    From your post I belive you've done everything the right way...excetp: Have you activated Master Controller Mode? If you haven't, no AP is ever gonna be able to register with a controller. You need to activate it temporarily when you want to add new (converted only?) radios. Once the AP is visible on the master controller (in the Wireless tab), define the primary / secondary / tertiary controller for it. If you're finished with registering any new radios, disable it again.
    You can find it under Controller -> Master Controller Mode
    And yes...always keep the AP you want to convert in the same subnet as the management int (so you don't have to use DHCP and fumble around with the option 43 setting to find the controller). To help the Upgrade Tool work troublefree: Enable Telnet mode on the controller. Also, don't forget to enter the mgmt IP / user name / password in the Upgrade Tool. At least with this I was able to complete my upgrading and registering process successfully in my own environment.
    Hope this helps...
    Toni

  • Automatic conversion of planned orders

    Hi PP Gurus,
    I have a requirement to convert planned orders to production orders automatically. I believe SAP standard does not offer this functionality.
    The possible solution seems to be writing new program which could be a copy of C041 transaction code.
    Did someone ever worked on this functionality?
    Request to share your experience and possibilities on this - Thanks
    Regards
    Seshu

    Dear Seshu,
    In my understanding there is no T Code for making the conversion of planned order into a production order as an automatic
    process.
    But you can use the T code CO41 for converting a list of planned order's into production orders.
    In many cases the planned order is only a proposal and only after converting it into a production order and releasing it then the
    exact shop floor activities starts like Good's issue.This activity is done by a production scheduler.So in case if you develop a
    program to convert automatically,then reservation gets generated for all the production orders, which is not recommended.
    Also check this link,
    http://www.sap-img.com/production/automatic-conversion-to-production-orders.htm
    Check and revert back.
    Regards
    Mangalraj.S
    Edited by: Mangalraj.S on Aug 11, 2009 10:04 PM

  • Automatic conversions...A Bug? or just a feature(How to turn it off?)

    I Using TS 3.0(.0.12373) I seem to have stubbled over a annoying 'feature' which I can't turn off...Any one got ant ideas.......
    Every sequence file I load(eg from the \examples\) when When loaded the '*' appears next to the file name indicating a change has happend. When closing the file TS asked "......file modified due to automatic conversions TestStand performed when loading file".
    The only change that happened to the .seq file is a change to the Path, timestamps, and Version(From 3.0.0.12373 in the original to 3.0.0.12374 in the Updated one) at certain points in the file (found using a examine differences program ExamDiff.exe) examples below.
    Any ideas how this feature is switched on,
    and more importantly how to switch it off?
    Cheers
    Attachments:
    rtebeep.seq ‏18 KB
    rtebeep_new.seq ‏18 KB

    Wojtek -
    It appears that somehow you have edited an NI type and incremented the version number. Your debug work was correct, so looking at the sequence file you will notice that the following sections have a changed version number:
    [Action]
    %VERSION = "3.0.0.12374"
    [Error]
    %VERSION = "3.0.0.12374"
    Basically TestStand assumes that the newly edited NI type superceeds the one the TestStand finds in the sequence file. For most NI types, the default copy is stored in the type palette files and these probably have the 3.0.0.12374 version. Depending on which NI type was edited, a copy of the newly edited type might also be in the INI files that TestStand uses in the Cfg directory.
    In TestStand 2.x if a user attempted to
    edit an NI type instead of creating your own copy of the type, the sequence editor would warn them and suggest not editing the NI type. In TestStand 3.0, we wanted to be more strict and not allow editing of NI types at all, but the code did not work properly when released and instead it allows anyone to edit NI types without a warning. TestStand 3.1 now propertly prevents the editing of NI types.
    What I recommend is to search all INI files under TestStand and all your sequence files for the '%VERSION = "3.0.0.12374"' text and hand edit them to replace this text with '%VERSION = "3.0.0.12373"'. This should address the issue for you.
    If you have sent sequence files to others, and you do not want them to see the automatic conversion issue, their files should also be hand edited. Sorry for the inconvenience.
    Sincerely,
    Scott Richardson (NI)
    Scott Richardson
    National Instruments

  • How does IDM takecare of Authorization issues

    Hi All,
    I am pretty new to IDM product. I am aware that using IDM we can automate user creation and role assignment, also with 7.2 we have password self service available.
    However i will like know whether IDM can also be used for regular authorization issues i.e., let say a user is facing an authorization issue in a particular tcode, in order to solve this issue we need to assign additional field values in one of his roles. will such issues where user id is already present and roles also assigned to that id but some changes to his roles is required be taken care by IDM.
    I couldn't get this info from Master and solution operation guide of IDM  7.2, so thats why i am posting it here.
    Regards,
    Siva.

    Hello - No IDM only manages the abap roles ie provisioning and deprovisioning. If the user requires additional authiorization and a role exists to solve this then this role can be assigned from IDM. However if you need to add extra values to a role this still needs to be done using PFCG.
    Hope this answers the question.
    Chris

  • In Pages 5, Maverick, How do I stop automatic conversation of URLs to hyperlinks and seeing them underlined

    There used to be a preference setting in Pages.  Now it seems gone in Pages 5.   So how do I stop automatic conversation of URLs to hyperlinks and seeing them underlined in text.  Sometimes I want it, but not always.

    The preference setting to turn off links is gone. When you enter content that triggers link detection, a link character style gets applied. Right-click on the link, choose Edit Link from the menu, and then Remove.
    To prevent Pages from automatically detecting links, visit Edit > Substitutions > and deselect Smart Links.

  • Secured WebDAV Mounted Volume Authorization Issues

    I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
    1) I am able to mount the secured WebDAV share using my security credentials.
    2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
    3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
    I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
    Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
    The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
    I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
    Thanks in advance for any insights.

    same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
    Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
    Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
    Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
    Jun 11 12:34:52: --- last message repeated 1 time ---

  • BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

    Hi All,
    This is regarding BI 7.0 Analysis Authorization issue.
    Overview:
    we have restricted some queries at infoobject level.
    Issue:
    a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
    b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
    c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
    d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
    e. But when we execute the same report with Auditors ID then we get a blank page.
    Any idea why this is so?

    Hi Neha,
    I tried the below also,
    GL Acnt
    I EQ 0000134010
    I EQ :
    but still it didn't work.
    No Infoobject is missing in Authorization Object.
    For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
    As mentioned earlier also it is giving me the below message,
    ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
    Kindly suggest, since this is a show-stopper for us!
    Thanks,
    Ishdeep Kohli.

  • Variable screen/variant screen authorization issue

    HI All,
    We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
    We have three selection fields:
    1.Company Code which is mandatory
    2.My controlling Area which is also mandatory
    3.Costcenter which is not mandatory
    The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
    can anyone guide me on how to go about on this authorization issue at the variable screen itself.
    Please treat this issue/requirement on high priority.
    Appreciated in advance.
    Regards,
    raps.

    Hi,
    I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
    As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
    In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
    I hope this helps you.
    Regards,
    Maximiliano

  • Authorization issue - help request

    Hi guys,
    One of the consultants is having an authorization issue ( He is not abele to run a t-code)
    I ask him to run a su53 report and i am not sure how to proceed with this.
    Please help.
    Here are the details from the SU53 report.
    DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
    User : VYXXX                       profile parameter authorization buffering    4
    Authorization Object: F_KNA1_GRP
    Description
    Authorization check failed:
          + Authorization object F_KNA1_GRP Customer Account Group Authorization
                Activity                                08
                Customer Account Group     ZM01
    Users Authorization Data :
          +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                   Authorization  T-PD19002300
                  Authorization  T-UG39000900
                  Authorization  T-UG39001000
    Please help me guys what need to  be performed.
    Regards,
    Vamsi.

    Hi Vamsi,
    SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
    Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
    Then check-> which auth object is failing.
    RC=4 means a object value is failing.
    RC=12 means an object is missing!
    Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
    You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
    Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
    Let me know if you have any questions
    EOD for me :P . take care
    Abhishek

  • Authorization issue during Jump

    Hi all,
    I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
    Both the multiprovider and the base infocube have the same authorization objects checked.
    Can someone please help?
    Regards,
    Ashmith Roy

    Pls have a look on the below thread:
    Authorization by InfoArea
    Regards
    Ganesh
    *Assign points if this helpful

  • Authorization issue in Info spoke

    Hi all,
    I am facing some authorization issue when executing info spoke in process chain.
    Info spoke is working fine in direct Scheduling (both background and Dialog).
    Am getting this error after execution of process chain
    "System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
    "System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
    "System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
    "Extraction Cube : Error in DataManager API".
    I dont know why this problem comes.
    Can anyone tel me what went wrong and how to solve it.
    Thanks in advance.
    Kind regards,
    Shanbagavalli.S

    Hi All,
        The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
    Thansk,
    Manjunatha

  • Authorization issue after the Support packs upgrade

    We're having problem on authorization issue after the SP upgrade.
    One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
    And the SU53 showing problem on S_TCODE FAGLL03.
    How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
    Thank you in advance.

    How can i send you the trace file? What is your email address?
    If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
    Anyhoo... (copy right @ David)
    What are the objects been caught in category RC=4, RC=12?
    Relate them with functional aspect of the transaction (error screen)
    Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
    Regards,
    Arpan Paik
    Edited by: P Arpan on Aug 23, 2011 2:36 PM

  • Authorization issue - need to know the Role providing this access

    Hi,
    User is facing an authorization issue below:
    "You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
    "You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
    Kindly let me know what Role is missing from the user's profile?
    Thanks and Regards,
    Sachin
    SAP Security Consultant

    Hi Murali,
    It helped.
    I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
    I did user comparision and then user is able to view the below DataSources....
    Thanks for your help, it triggered to find the root cause.
    Thanks
    Sachin

  • Authorization issue to execute query via analyzer

    Dear,
    We are experiencing an authorization issue that we can not solve...
    We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
    When we test in RESCEADMIN, everything is fine. We can execute the query.
    When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
    "There is no variable in the workbook, which allows user input"
    Does anybody have a direction to help us to orientate our investigation?
    Many thanks,
    Rodolphe

    Hello,
    What is the basic settings you have in the Query Properties basic setting tab
    Try making it mandatory
    Regards
    Nitin Bhatia

Maybe you are looking for