Basic Authorization  concept

Similar Messages

• Not clear with the Authorization concept for Marketing Plan

  Hi All,
  I am new to CRM and was going through some of the prescribed document for CRM marketing
  when i encounter with the authorization concept in marketing plan,for example how
  can i restrict a user with a campaign manager role from changing marketing plan.please
  provide the step by step procedure.
  Regards,
  Sanju

  Hi Sanju
  User with a campaign manager role can be restricted for changing marketing plan using authorization group.
  We define authorization groups for use in the Marketing Planner. Authorization groups can be maintained at both marketing plan level and campaign or trade promotion level. Authorization groups enable us to control which users are authorized to change which of these two types of marketing project. We could, for example, define one authorization group to be assigned to a marketing plan, then define further authorization groups to be assigned to the different campaigns within the marketing plan. In the Marketing Planne.
  Follow below steps
  1. Define authorization group using following IMG Path
  Customer Relationship Management / Marketing / General Settings / Define Authorization Group.
  2. In authorization object CRM_CPGAGR of the role Campaign manager maiantian activity 01, 02, 03 ,06 (this will allow user to create, change, display and delete)
  3. IMG defined authorization group ex: ABC can be seen under the tabstrip Basic Data of marketing plan.
  4. Now user have to choose the Authorization group ABC from the drop down in Basic tab to create a marketing plan. User will get the change access for all the marketing plan which have the authorization object ABC.
  Hope this will help...
  Rgds
  Mallikarjun

• Bw upgrade - Authorization concept

  Hi,
  We have just completed the BW3.5 upgrade to BI7.3.
  I'm trying to work out the authorization concept in our system again.
  I've created one simple query on a multiprovider with only 1 characteristic and 1 KF.
  -Authorization object S_RS_MPRO for this multiprovider given.
  -User has one role which has the basic  0TCAACTVT , 0TCAIPROV,0TCAVALID
  -Basic BW end user authorization for RS Class is available.(S_RS_COMP,S_RS_COMP1,S_RS_FOLD,S_RS_HIER,S_RS_ICUBE
  S_RS_IOBJ,S_RS_ISET,S_RS_ODSO)
  Now when i run the query, i have 'No authorization'.
  Display authorization check shows authorization check failed for S_RS_AUTH with object 0BI_ALL.
  From my understanding 0BI_ALL should be given to user who is allowed to access all queries.
  Appreciate advice from anyone whos familiar on this. Is it safe to give 0BI_ALL or there is some other object which i am not assigning?
  Thank you.
  Regards
  Maili

  Hi,
  With NW2004s, a new concept was introduced to check analysis authorizations. You can activate this using Transaction RSCUSTV23 or the IMG entry "Analysis authorizations: Select concept".
  To do this, select the "Current procedure with analysis authorizations"
  option. For detailed information, refer to the following link:
  http://help.sap.com/saphelp_nw04s/helpdata/de/80/d71042f664e22ce10000000
  a1550b0/frameset.htm
  Using the new analysis authorizations, the check of the MultiProvider authorization is not carried out any longer.
  If you cannot use the new analysis authorizations, assign corresponding
  authorizations for the "Data Warehousing Workbench - MultiProvider"
  authorization object (S_RS_MPRO).
  The settings of Transaction RSCUSTV16 listed above are obsolete as of
  Release NW2004s and are not analyzed any longer. Instead, the
  MultiProvider authorization is always checked when you execute queries
  using the usual authorization concept.
  Please refer notes
  820183     New authorization concept in BI
  727354    Colon authorization during query execution
  1122407   dealing with prerequisits for message processing in OLAP!!
  Thanks,
  Venkat

• Call secure RestFul WebService with basic authorization via https

  Hi,
  is there a way to call a secure RestFul WebService with basic authorization via https from APEX?
  Database: Oracle 11g XE
  APEX: 4.2.1
  I have a solution by calling the WebService from Java which was called from the database via scheduled job (execute).
  As my hosting partner does not support Java I am looking for another option.
  Regards
  Markus

  Hi,
  I think its not possible, in this link you can find in more detail why.
  Its related with the use of wallets to acess https requests.
  http://www.apexninjas.com/blog/2011/06/https-access-with-utl_http-on-oracle-xe-has-anyone-managed-to-do-this/
  Edit: Because you are using Oracle XE
  Edited by: carlos.pereira on Jan 23, 2013 6:15 PM

• Authorization Concept - BI7

  Hi ,
  I'm working on authorization concept for BI7 which seems to be having a conflicting statement.
  User : Mary
  InfoObject : ZORDER
  Set 1 : Queries built on multiproviders within infoArea ZSALES should display ONLY order number 123.
  Set 2 : Queries built on multiproviders within infoArea ZPROJECT should display ALL order numbers.
  Its a conflicting scenario.
  Its giving an output for ALL orders for both set 1 and set 2 queries.
  Appreciate if anyone could provide some ideas if this is feasible to achieve within RSECADMIN.
  Thank you.
  Regards
  Maili
  Edited by: Maili06 on Jan 12, 2012 1:19 PM

  hi,
  plz try creating the analysis auth objects for the mentioned scenarios can be:
  1)1st auth object can have  infoarea=ZSALES and order number=123
  2)2nd auth object can have infoarea=ZPROJECT and order number=*
  Both these analysis authorization objects can be assigned to the user via RSECADMIN.
  In the auth profile, S_RS_AUTH = Inactive, read analysis auth from RSECADMIN and manual assignement.
  regards
  laksh

• Switching BW authorization concept back and forth on the fly

  After upgrading to BW 7.0, we are currently developing the BW authorizations from scratch with the new analytical authorizations. The system is currently set to the legacy RSR authorization objects. The idea is now to define two timeframes on our development system, one for the users working with old authorizations, and a second timeframe for testing the new analytical authorizations.
  Can we switch the authorization concept back and forth on the fly, or are there any obstacles?
  Thanks in advance!

  Andreas,
  The latest version of BW is 7.3 which is also Analysis authorization concept like 7.0. So please clarify from the system status what level are you upgrading to.
  Under 7.0, the RSR objects were still available i.e. you can switch the concept back and forth on the fly, it will trigger a transport. AFAIK - In 7.3 however there is no support for RSR anymore in fact even the object class is not visible and so does the switch for the concept and even RSR objects (Z-objects) do not show up in PFCG either.
  So if you are moving to 7.0 switch is possible, 7.3 it is not. But in either case, you should be upgrading using a dual landscape with upgrade work being done & tested in separate boxes than daily production support landscape. It will come in handy at the time of testing also.
  Regards,
  Shivraj Singh

• Basic Authorization

  I have been trying to get this to work for 2 days. My app us
  up and running using Basic Authorization. I've used Curl to confirm
  that I can access protected URLs. But from my Flash movie it
  doesn't work. My script is pretty normal, as you can see in the
  attached code.
  If I run it from with Flash CS3 the response is my login
  page. This should not be happening since I am sending the username
  and password in a header. But I am not sure which version of the
  Flash player it is using (it just says version 9 ...) I know that
  version 9.0.115.0 won't allow the Authorization header. Perhaps
  that is the problem.
  So I upgraded my Flash player plugin for Firefox to the
  latest, 9.0.124.0, saved my movie and stuck it in a web page on the
  same server as my application. And there is no response. Not even
  the login page. It's as if the request isn't even being sent. The
  contents of the dynamic text box 'escupe' says 'XML Loaded: false'.
  I am at my wit's end. Can anyone give me a hand with this?
  I've seen this code or variations thereof posted a thousand times
  all over the web and in some places I have read it WON'T work in a
  web browser. Is this true?
  Many thanks!
  Bob

  Well, I’ve kind of figured it out, at least using Flash
  player. I messed up a couple things:
  1. I was missing the space between “Basic” and
  “pass”.
  2. I was missing the Base64 class. I thought Base64 was an
  included library.
  So now it works in Flash Player … but still doesn't
  work in FF or IE7.
  In the article (at the attached link below) the author says
  it will not work in a browser. But that was 2 years ago. Is this
  still true? How absolutely annoying!!
  Using
  HTTP Authorization headers with Flash

• New Authorization concept

  Hi experts,
  what is new Authorization concept in NW2004s.
  All of our queries are created in Query Designer 3.x and our generic Authorization objects are created in RSSM.
  Is it necessary to use new Auth.concept ?
  What are the advantages or disadvantages of new concept?
  Thanks

  Hi there again,
  If you have that entry in RSCUSTV23 it means you're using the old concept of RSSM authorization not mantained anymore by SAP:
  I recommend (as well as SAP) to use the new concept. For that, since you've already the old authorizations, you can do a migration of authorizations with a standard report (transaction se38) called RSEC_MIGRATION.
  This report is of ease to use and does the migration of the old concept to the new one, therefore you can after running the migration use the new concept.
  The worst part, is that is recommended (and you should) do an exaustive battery test, to ensure, no errors are encountered with the new authorization concept after migration.
  You can also read about the migration of authorizations (and the detal of how to use the standard migration report) in here:
  [http://www.sdn.sap.com/irj/scn/events?rid=/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea&overridelayout=true]
  Diogo.

• New authorization concept - Access to data

  Hello, i'm new in SAP BW and i'm in migration process to the new authorization concept.
  Here is what happening:
  I have a role with all access to a company (*) of a provider X.
  I have another role with restricted access to a company (ex: COMPANY1, COMPANY2 and COMPANY3) of a provider Y.
  When i attribute those 2 roles to a user and access a query of the provider Y, i can see all the companies when it was supposed to only see the 1, 2 and 3.
  What am i doing wrong?
  Thank you in advance.
  João Gonçalves

  Hi friend,
  The Authorization concept works on sets concept of mathematics.
  Explanation to your scenario:
  For user A you apply company (*) on provider X and company 1, 2, 3 on provider Y. i.e. u are collectively applying All company codes for provider X and Y. as Company (*) set is a bigger set and the providers set is extended to 2 elements X and Y to get her and not separately.
  Way to check the actual set by which authorization is getting applied:
  RSECADMIN -> Analysis tab -> Execute as user (check with load check box, and RSRT radio button) ->  Execute -> Put a query on which you need to check authorizations (the query must have authorization variable if relevant) -> execute the query -> return back after execution -> on the Execute as user screen hit on Display log option.
  You will get a detailed log for your query execution. Here you will also get a log where what set is applied for the query execution is displayed. You will get an understanding of your issue there.
  Regards,
  Sourabh Deo

• BPS_WIF0 authorization concept

  Authorization object R_PM_NAME can be used to control the access to different planning folders within UPSPL. What is a similar object for Web folders of the kind that can be executed from BPS_WIF0 or directly from the appropriate BSP. How is this same type of authorization concept applied, or does it need to be integrated directly into portal roles?

  Blake,
  there is no special authorization object for BPS web interface. You have to restrict access to the generated BSP application by using roles. However, even if someone had access to the BSP application, the next level of authorizations should be fully sufficient (BW auth. on transaction data, RSSM, or R_AREA, R_PLEVEL, etc).
  Regards
  Marc
  SAP NetWeaver RIG

• BW-BPS and new analysis authorization concept

  We are using BW-BPS on Netweaver 2004s SP8 and the new autorization concept is switched on.
  Where do we need to pay attention?
  Which authorization objects stay the same and which are now to be maintained in analysis authorizations?
  Thanks for your suggestions.
  Anja

  In NW04S, BPS and BI IP share the same new authorization concept so you tend to have to rebuild specific profiles used for BPS.   The old BW-BPS tend to have authorization for R_* and they need to be redone using the new authorization concept and it can take some time if you have a lot of profiles.

• Authorizations concept in SAP BI

  Hi All,
  Can you please tell me about Authoriions concepts in SAP BI ?
  Regards
  Syed

  hi ,
  About Authorizations Concept in SAP BI .....
  SAP BI 7.0 Authorization concept (analysis authorization) change a lot in accessing, analyzing and displaying BI information. The approach allow to restrict data access on Key figure, Characteristic, Characteristic value, Hierarchy node, and InfoCube levels. It enables more flexible data access management.
  Check this links
  http://help.sap.com/bp_bw370/documentation/Authorization_BW_Proj.pdf
  and
  check this two links too
  http://www.bwarea.com/2009/01/sap-bi-70-authorization-part-1.html
  http://www.bwarea.com/2009/01/sap-bi-70-authorization-part-2-creating_18.html
  Regards
  ChandU
  <removed by moderator>
  Edited by: Siegfried Szameitat on Jun 1, 2011 2:26 PM

• SAP Authorizations Concept Project

  Hello,
  Before, i would like to say that this thread will stay open, with questions and answers. Thanks
  I am starting a little project on authorizations. The company has only 9 users, and all of them have the SAP_ALL, SAP_NEW profiles, wich after an audit generated the need to have them removed and the need to implement an Authorization Concept from the root.
  The first step and most important is to get the profiles fixed before the next audit, wich i think will only give me time to create generic profiles based on a List of Transactions and Reports, that each one of them, or a group, executes. I've been reading the ADM940 module, and i have some experience in SAP BI Authorizations, but no experience in Authorizations at a higher level.
  My questions are, Recomendations and attentions i must have to implement this concept i've described and
  Is the automatic profile generator, based only on transactions and reports enough to fullfil the needs i described before enough? Or after that i'll have to maintain some Authorizations objects manually?
  Thank you very much
  JO

  Closing the thread, as it has a lot of days by now

• Contract authorization concept

  Dear Experts,
  I have a question regarding the working of contract authorizations in SRM 7.0.
  When we create a central contract, we can assign specific authorizations, to specific parts of a contract to a particular user outside the  startegic purchasing.
  If I assign display authorizations to a user A who is not having the startegic purchasing role, how will this user be able to view the contract?
  The user A does not have the starategic purchaser role and hence does not have the iview access on the portal. Where will this user be able to access the contract?
  also, do we need to assign any specific authorization objects in SRM for this user to view the contract?
  the only documentation that i found for this topic was http://help.sap.com/saphelp_srm70/helpdata/EN/45/dce925088a6976e10000000a1553f6/frameset.htm and this did not answer my questions.
  Could anyone help me here?
  Thanks & Best Regards,
  Vidhya

  We too are looking at this functionality and struggling to understand the concept!
  What we think needs to happen is that all users should have contract display access in their role and this would be linked to a very basic view of the contract, a little bit like the Overview tab. You may have enhance the Overview tab so that no sensitive or confidential information is on view. Then if you want a user to be able to see a confidential contract then you can use the enhanced authorisation to grant them access, so we describe this as 'uplifting' their basic contract access allowing them to see more details.
  Please note we have not yet developed this solution and we are currently in the process of assessing whether or not it will work. Also note we are running SRM-PPS with enhancement pack 1.

• Basic Java Concepts

  I'm a Java novice, trying to learn it along with Jdeveloper side by side. My learning of the Java fundamental concepts led to the below understanding, please see if my understanding is not correct in any way.
  The fundamental concept with Java is a CLASS, whose feature are its state and behaviour. The state of the class is stored in the definition of the class itself via ATTRIBUTES or in lay man's language VARIABLES. These attributes can be static, public, private or protectd.
  The behaviour of a class is stored via METHODS within the definition of a class. METHOD is nothing but a block of code performaing a certain action.
  A good example of a CLASS's state a behaviour can be a stock. A stocks state is available via its ticker symbol, price of the stock, and the date i.e. on a given date, a given stock has a particular price. So there are 3 attributes.
  Now METHOD in the context of the above example is a means to capture the ever changing state of the above 3 attributes.
  In short attributes or fields ( defined via declaration of variables inside the class) capture the state of an object, where as its interaction with the world external to the object captured by METHOD.
  These 3 attributes are common to thousands of stock's in the outside market, so a common class called STOCK can be created to capture the state and behaviour of thousands of stocks. The same class can be called at the same time to capture the behaviour of N number of stocks. When a class is called as explained, each such call is called an INSTANCE of the CLASS. An OBJECT is an instance of SUCH a class.
  Similar to CLASS is INTERFACE. A given class can only call the attributes and methods from one another class. If a class needs to inherit from more than one another class then it is accomplished via an INTERFACE. An Interface contains only the spec of the methods from other classes and not the entire piece of code for he method itself. The methods that are declared in the interface are implemented in the classes to which they belong to.
  A PACKAGE in turn is a collected of CLASSES and INTERFACES. A PACKAGE helps in keeping the code oraganized and grouped by the functionaliy it delivers.
  A Class can in turn be either a SUPERCLASS or a SUBCLASS. In our given example CLASS, there are some stocks which offer OPTIONS and some which do not. In order to cover that behaviours we will like to create sub class called STOCSKWITHOPTIONS, which will then refer to STOCK class to inherit the attributes and methods from that class. In this case STOCK is the SUPERCLASS, and STOCKOPTIONS is the SUBCLASS.
  Thanks in advance

  Nagarjuna,
  there is an excellent tutorial series from Sun for basic and advanced Java features. It contains a lot of examples and explains every concept. You even download the tutorials.
  See http://java.sun.com/javase/reference/tutorials.jsp
  --olaf