BEX 3.5 , enter to role, which authorization object?

Hi all,
I want to give user an authorization in BW 3.5 in BEX to enter a query into role, but i can not find authorization object that is used for this.
Regards,

Hi,
For Publish query in to role you must have authorization of perticular role.
Go to query designer -> open query -> Query -> Publish-> To Role.
Here you select the role and save it.
try this.
Regards,
Ganesh

Similar Messages

  • BW 3.5 which authorization objects available rssm (checks for infoprovider)

    Hi all,
    How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
    Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
    thanks for your help.

    Based on which criteria?
    Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
    Thanks,

  • Which authorization object we have to use for direct cube request ?

    Hello,
    In Analyser,  when we would like to request directly to Cubes, whe have 'No authorisation' message.
    Do you know wich authorisation objet we have to use for that ?
    Thanks in advance for you help.
    Best regards
    Nicolas Trinquand

    Hi Nocolas,
    Authorizations are two levels one is object level means if you want to access cubes, infoareas etc.
    second is data level, for this you need to create datalevel auth objects at RSSM.
    If you want to give authorization to queries relating to cube
    Use S_RS_COMP and give which cube you want.
    If you want to give authorizations to cube use
    S_RS_ICUBE .
    IF you have anyauthorization object ( Customized) data level select the infoprovider on which you want to activate this object at RSSM.then give permissions in your role.
    Check link
    http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm
    Hope it is clear now.
    Assign points if you felt it is useful.
    Regards,
    Vijay.
    Message was edited by:
            Vijay G

  • Identify duplicated authorization objects in a role

    Hi,
    We built some roles manually by drag and drop transaction through the menu tab. In some roles, we have duplicated authorization object
    For example, in PM : Maintenance Plant (object I_SWREK), we have 2 profiles with SWERK=* and TCD = (list of transactions).
    I'd like to generate a new role with only one profile which contains SWERK=* and a list of transactions in TCD
    The pb is i don't know at first which authorization objects or profiles are concerned by this duplicated objects
    Is there a program, trans code or function module i can run to get this information ?
    Thanks
    Guillaume

    Hi Guillaume,
    I would say, that there will be not much difference.
    The auth.-check scans one authorzation (not profile!!!) after the other for the requested values.
    So for example:
    check for TCD = IE03
    first hit is successful for both scenarios, as both list IE03 at first place.
    Scenario 1:
    SWERK=* and TCD = IE03, IL03, IP06, IQS1, IQS2, IQS3, IW3D
    Scenario2:
    SWERK=* and TCD = IE03, IL03, IP06
    SWERK=* and TCD = IQS1, IQS2, IQS3, IW3D
    second example:
    check for TCD=IW3D
    Scenario 1: the first authorization is loaded and verified, last value gives success.
    Scenario 2: no success for the first authorization, second auth. has to be loaded for analyzis and gives success with the last value.
    So scenario 2 could even be less performant....
    did you realize already some differencies???? Would be interesting...
    thx, Bernhard

  • Link users - positions - roles - authorization objects

    Hi guys,
    I want to write a report that would link USERS to POSITIONS to ROLES and finally to AUTHORIZATION OBJECTS. The user would enter the SAP username in the selection screen and the report should extract all the information listed above.
    I am able to link the following:
    + Users to positions via function module RH_BRANCH_GET
    + Users to roles via table AGR_USERS
    + Roles to authorization objects via function module PRGN_1251_READ_FIELD_VALUES
    Unfortunately, I dont know how to link positions to roles
    Does anyone know how to do that?
    Also, is there a more efficient way, than the approach highlighted above, to complete this requirement
    Thanks for your time
    -TR

    Hi,
    you can find a link between role and HR object in table HRP1001. The field SOBID contains name of the role. You need to find way how to convert object ID into position role. Be careful about additional fields from that table.
    Cheers

  • Authorization objects to avoid users to access workbook design mode

    Hi all,
    Does anyone knows an authorization object that stops the user to enter workbooks design mode?
    We use workbook protection but this disables most of the workbook properties.
    Many thanks,
    Mazzz

    Hi..
    see this thread.. hope it helps..
    How to prevent workbook users from saving workbooks
    You must set up security to control who can save workbooks, where they can be saved, and which workbooks appear in the BEx Browser for a specific user.
    Workbooks can also be created in the BEx Analyzer. After executing a query, choose Save u2192 Save as new workbook.
    Securing Workbooks
    In order to save a workbook, a user needs two authorization objects. The two objects listed below are the minimum authorizations a user needs to save workbooks.
    S_GUI: Authorization for GUI activities
    S_BDS_DS: Authorizations for document set
    Using both S_GUI and S_BDS_DS will enable a user to save workbooks to their Favorites folder.
    The authorization object S_GUI has one field, Activity. The activity field must be set to 60. For S_BDS_DS, the user needs activities 03 and 30. The Class Type field should be set to OT.
    Saving Workbooks to Roles
    If a user wants to save aworkbook to a location where it can be easily accessed by others, they need to save to a Role rather than saving the workbook in their own Favorites folder. Saving to a Role means saving to a security role.
    You may want to set up roles specifically for saving workbooks. You can then assign the role to all parties who need to share workbooks.
    Another option is to not allow users to save workbooks, but rather only allow power users to save workbooks. This is done to maintain the roles and to ensure that the workbooks are manageable. This also prevents users from changing workbooks saved by other users.
    In order to save workbooks to roles, a user needs:
    S_USER_AGR: Authorizations: Role check
    S_USER_TCD: Transactions in roles
    The authorization object S_USER_AGR has two fields:
    Activity and Role Name.
    Activity field -Must have at least values 01, 02 and If the user can delete workbooks, they will also need value 06.
    Role Name, you should enter the specific roles you have created for saving
    workbooks. Use proper naming convention for roles so that the roles can be restricted pretty easily.  The role name is the name of a role that will be used to hold workbooks. Saving a workbook to a role actually updates the Menu portion of a role, so object S_USER_AGR is a required object.
    Authorization object S_USER_TCD has one field
    Transaction Code. The user needs value RRMX in this field.
    Once a workbooks is saved, the data and the layout is saved in the workbook. For security reasons, we recommend that users save workbooks without the data. To save the workbook without the data, the users selects from following menu path from the BEx Analyzer: Tools > All queries in Workbooks > Delete results
    Sathya
    Edited by: sathya prasad anumolu on Jul 30, 2008 4:58 PM

  • How to restrict provide to a single account(by authorization object)

    Hello, i have two types of accounts.
    Account range 1: 10000000 -19999999
    Account range 2: 20000000 - 29999999
    For range 1 i have assigned authorization group AUT1.
    For range 2 i have assigned authorization group AUT2 (by transaction OB_GLACC12).
    So the general idea is some users will have access only to group 1 , etc. i have used autorization object F_BKPF_BES in  the role btw.
    I have created 4 roles:
    1) RANGE1_ALL (means user can create / modify delete GL from range 1)
    2) RANGE1_DISP(means user can only disp  GL from range 1)
    3) RANGE2_ALL(means user can create / modify delete GL from range 2)
    4) RANGE2_DISP(means user can only disp  GL from range 1)
    If i give RANGE1_ALL + RANGE2_DISP to the user, he can create/modify/delete for range1 and only display GLS from range2.
    Now the problem is if i want user to create/modify/delete for range1 but only display a specific account from range 2 ; say GL 29999000.
    Which authorization object can i use to specify the range 2 GL account directly?thx.

    Hi,
    The only option for you is to have a different authorisation object for that GL alone and assign it to the user. You dont assign RANGE2-DISPLAY object to that user.
    From FS00, you have to change the Auth group of that specific GL.
    Regards,
    Mike

  • How to use CRM authorization object.

    Hi All,
    I have a specific requirement to restrict user while he/she tries to save a record. It appears that if that restrictions are implemented the save logic for an entity has to be changed because there are some validation regarding relationship management in SAP system. SO I need to bypass that validation to allow some users of specific(Marketting) role to save the entity record bypassing that validation. here I am planning to use the CRM authorization objects. But dont know how to use these and which authorization object to refer.
    Please let me know if you guys have any idea.
    Regards,
    Bikramjit.

    Hi Bikramjit.,
    You might need to create a Custom authorization object and then use it. Else you can create one Z table and maintain the User ID of all users. The mainatin one field with flag and set it to X for the user that are aloowed to save the transaction.
    Also once you maintain the table, generate the table maintenance so that it becomes easier for future use.
    Hope this helps

  • Authorization objects to open workbooks

    Hi there,
    which authorization objects should i asign to a role in order to open any workbook ?
    thx in advance.

    In My Project we have created to view the saved work books by adding those workbooks in the menu
    Just we added S_TCODE and S_GUI.
    in S_TCODE we have added RRMX and in S_GUI we have given Activity 60 'import'.
    This works. Hope this would help you.

  • Authorization Object for Webclient UI BI-Links

    Hello,
    i created my first two BI-Reports for CRM Service and added them over navigationbar-profile to my businessrole.
    No i have the issue that i can see and process this new to BI-Links (authorization SAP_ALL and SAP_NEW).
    But i have an testuser which has the same authorization as our service users. With this testuser i can´t see the links.
    Does anybody know which authorization object i need to add to PFCG-role to see the links?
    Thank you
    Best regards
    Manfred

    Hello Robert,
    it must have to do with authorization.
    The buisnessrole is the same for both users "ZSRVHELPDESK".
    Authorization in BW is done for both users.
    But the user without CRM authorization SAP_ALL and SAP_NEW can´t see the two links to custom BW-Reports.
    Another idea?
    Thank you.
    Best regards
    Manfred

  • Authorization object to view & create EWA

    Hi Patrons,
    I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
    I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
    Kindly let me know which authorization object I should be using to achieve my requirement.
    Thanks in Advance,
    Vivek.

    Hi Vivek,
    Please check the security guide in below path for EWA roles
    Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
    Here you also find the 'Security Guide for Solution Manager'.
    Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
    Rg,
    Karthik

  • Authorization for reading Authorization object

    Hi,
    I've a query with Company Code authorization variable and a HRU hierarchy node variable which is for one of the attributes of company code.
    When I try to run the query with entering values only in HRU variable it gives me following error.
    You do not have authorization to read object ZCOCD01 'Authorization by Company Codes 1'
    Can anybody tell me which authorization object I should use to read authorization object.
    Regards,
    Amit

    Hello
    Try with RSECADMIN
    Enter the user concerned (flag the log) and then Run the query you want.
    Authorization will be displayed in the report
    Rgds

  • Authorization object to view Maintain Performance Documents on MSS

    Hi Experts,
    Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
    It gives following error :
    java.lang.NullPointerException
         at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
         at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
         at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
         at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
         at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
         at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
         at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
         at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
         at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
         at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
         at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
         at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
         at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
         at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
         at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
         at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Would appreciate kind guidance to resolve issue.
    Thanks in advance.
    Aashish

    I am closing this thread as opened at wrong place.
    Thanks,
    Aashish

  • Authorization Object to Control access for ContactData in Dispute Managmt

    Hello Experts,
    Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
    I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
    Thanks in advance.
    Best Regards,
    Vanessa.

    Hi Ravi,
    Thank you very much for your reply, but I have done this already.
    Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
    Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
    I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
    Thanks in advance.
    Best Regards,
    Vanessa Barth.

  • Authorization object to control BOM usage ?

    Hi ,
    Through which authorization object we can control the authorization for BOM usage ?
    We have to control authorizations for CS01 through BOM usage Production , PM ,Sales BOM etc...
    regards,
    madhu kiran

    Hi,
    The Authorization Object: C_STUE_BER
    BOM Usage - STLAN
    Generally it will be given as *.
    You can restrict the authorizations based on the Usage.
    Hope thi helps..
    Regards,
    Siva

Maybe you are looking for