BEX 3.5 , enter to role, which authorization object?
Hi all,
I want to give user an authorization in BW 3.5 in BEX to enter a query into role, but i can not find authorization object that is used for this.
Regards,
Hi,
For Publish query in to role you must have authorization of perticular role.
Go to query designer -> open query -> Query -> Publish-> To Role.
Here you select the role and save it.
try this.
Regards,
Ganesh
Similar Messages
-
BW 3.5 which authorization objects available rssm (checks for infoprovider)
Hi all,
How does SAP generates the list of authorization objects in RSSM when you enter a specific infoprovider (checks for infoprovider)? Are only the authorization object related to this infoprovider listed?
Is there any documentation about the purpose in RSSM for the button 'update check status (Authorization objects, infoprovider).
thanks for your help.Based on which criteria?
Is there somwhere detailed documentation available about the RSSM part in BW authorizations? It seems hard to find any...
Thanks, -
Which authorization object we have to use for direct cube request ?
Hello,
In Analyser, when we would like to request directly to Cubes, whe have 'No authorisation' message.
Do you know wich authorisation objet we have to use for that ?
Thanks in advance for you help.
Best regards
Nicolas TrinquandHi Nocolas,
Authorizations are two levels one is object level means if you want to access cubes, infoareas etc.
second is data level, for this you need to create datalevel auth objects at RSSM.
If you want to give authorization to queries relating to cube
Use S_RS_COMP and give which cube you want.
If you want to give authorizations to cube use
S_RS_ICUBE .
IF you have anyauthorization object ( Customized) data level select the infoprovider on which you want to activate this object at RSSM.then give permissions in your role.
Check link
http://help.sap.com/saphelp_nw04/helpdata/en/80/1a6859e07211d2acb80000e829fbfe/content.htm
Hope it is clear now.
Assign points if you felt it is useful.
Regards,
Vijay.
Message was edited by:
Vijay G -
Identify duplicated authorization objects in a role
Hi,
We built some roles manually by drag and drop transaction through the menu tab. In some roles, we have duplicated authorization object
For example, in PM : Maintenance Plant (object I_SWREK), we have 2 profiles with SWERK=* and TCD = (list of transactions).
I'd like to generate a new role with only one profile which contains SWERK=* and a list of transactions in TCD
The pb is i don't know at first which authorization objects or profiles are concerned by this duplicated objects
Is there a program, trans code or function module i can run to get this information ?
Thanks
GuillaumeHi Guillaume,
I would say, that there will be not much difference.
The auth.-check scans one authorzation (not profile!!!) after the other for the requested values.
So for example:
check for TCD = IE03
first hit is successful for both scenarios, as both list IE03 at first place.
Scenario 1:
SWERK=* and TCD = IE03, IL03, IP06, IQS1, IQS2, IQS3, IW3D
Scenario2:
SWERK=* and TCD = IE03, IL03, IP06
SWERK=* and TCD = IQS1, IQS2, IQS3, IW3D
second example:
check for TCD=IW3D
Scenario 1: the first authorization is loaded and verified, last value gives success.
Scenario 2: no success for the first authorization, second auth. has to be loaded for analyzis and gives success with the last value.
So scenario 2 could even be less performant....
did you realize already some differencies???? Would be interesting...
thx, Bernhard -
Link users - positions - roles - authorization objects
Hi guys,
I want to write a report that would link USERS to POSITIONS to ROLES and finally to AUTHORIZATION OBJECTS. The user would enter the SAP username in the selection screen and the report should extract all the information listed above.
I am able to link the following:
+ Users to positions via function module RH_BRANCH_GET
+ Users to roles via table AGR_USERS
+ Roles to authorization objects via function module PRGN_1251_READ_FIELD_VALUES
Unfortunately, I dont know how to link positions to roles
Does anyone know how to do that?
Also, is there a more efficient way, than the approach highlighted above, to complete this requirement
Thanks for your time
-TRHi,
you can find a link between role and HR object in table HRP1001. The field SOBID contains name of the role. You need to find way how to convert object ID into position role. Be careful about additional fields from that table.
Cheers -
Authorization objects to avoid users to access workbook design mode
Hi all,
Does anyone knows an authorization object that stops the user to enter workbooks design mode?
We use workbook protection but this disables most of the workbook properties.
Many thanks,
MazzzHi..
see this thread.. hope it helps..
How to prevent workbook users from saving workbooks
You must set up security to control who can save workbooks, where they can be saved, and which workbooks appear in the BEx Browser for a specific user.
Workbooks can also be created in the BEx Analyzer. After executing a query, choose Save u2192 Save as new workbook.
Securing Workbooks
In order to save a workbook, a user needs two authorization objects. The two objects listed below are the minimum authorizations a user needs to save workbooks.
S_GUI: Authorization for GUI activities
S_BDS_DS: Authorizations for document set
Using both S_GUI and S_BDS_DS will enable a user to save workbooks to their Favorites folder.
The authorization object S_GUI has one field, Activity. The activity field must be set to 60. For S_BDS_DS, the user needs activities 03 and 30. The Class Type field should be set to OT.
Saving Workbooks to Roles
If a user wants to save aworkbook to a location where it can be easily accessed by others, they need to save to a Role rather than saving the workbook in their own Favorites folder. Saving to a Role means saving to a security role.
You may want to set up roles specifically for saving workbooks. You can then assign the role to all parties who need to share workbooks.
Another option is to not allow users to save workbooks, but rather only allow power users to save workbooks. This is done to maintain the roles and to ensure that the workbooks are manageable. This also prevents users from changing workbooks saved by other users.
In order to save workbooks to roles, a user needs:
S_USER_AGR: Authorizations: Role check
S_USER_TCD: Transactions in roles
The authorization object S_USER_AGR has two fields:
Activity and Role Name.
Activity field -Must have at least values 01, 02 and If the user can delete workbooks, they will also need value 06.
Role Name, you should enter the specific roles you have created for saving
workbooks. Use proper naming convention for roles so that the roles can be restricted pretty easily. The role name is the name of a role that will be used to hold workbooks. Saving a workbook to a role actually updates the Menu portion of a role, so object S_USER_AGR is a required object.
Authorization object S_USER_TCD has one field
Transaction Code. The user needs value RRMX in this field.
Once a workbooks is saved, the data and the layout is saved in the workbook. For security reasons, we recommend that users save workbooks without the data. To save the workbook without the data, the users selects from following menu path from the BEx Analyzer: Tools > All queries in Workbooks > Delete results
Sathya
Edited by: sathya prasad anumolu on Jul 30, 2008 4:58 PM -
How to restrict provide to a single account(by authorization object)
Hello, i have two types of accounts.
Account range 1: 10000000 -19999999
Account range 2: 20000000 - 29999999
For range 1 i have assigned authorization group AUT1.
For range 2 i have assigned authorization group AUT2 (by transaction OB_GLACC12).
So the general idea is some users will have access only to group 1 , etc. i have used autorization object F_BKPF_BES in the role btw.
I have created 4 roles:
1) RANGE1_ALL (means user can create / modify delete GL from range 1)
2) RANGE1_DISP(means user can only disp GL from range 1)
3) RANGE2_ALL(means user can create / modify delete GL from range 2)
4) RANGE2_DISP(means user can only disp GL from range 1)
If i give RANGE1_ALL + RANGE2_DISP to the user, he can create/modify/delete for range1 and only display GLS from range2.
Now the problem is if i want user to create/modify/delete for range1 but only display a specific account from range 2 ; say GL 29999000.
Which authorization object can i use to specify the range 2 GL account directly?thx.Hi,
The only option for you is to have a different authorisation object for that GL alone and assign it to the user. You dont assign RANGE2-DISPLAY object to that user.
From FS00, you have to change the Auth group of that specific GL.
Regards,
Mike -
How to use CRM authorization object.
Hi All,
I have a specific requirement to restrict user while he/she tries to save a record. It appears that if that restrictions are implemented the save logic for an entity has to be changed because there are some validation regarding relationship management in SAP system. SO I need to bypass that validation to allow some users of specific(Marketting) role to save the entity record bypassing that validation. here I am planning to use the CRM authorization objects. But dont know how to use these and which authorization object to refer.
Please let me know if you guys have any idea.
Regards,
Bikramjit.Hi Bikramjit.,
You might need to create a Custom authorization object and then use it. Else you can create one Z table and maintain the User ID of all users. The mainatin one field with flag and set it to X for the user that are aloowed to save the transaction.
Also once you maintain the table, generate the table maintenance so that it becomes easier for future use.
Hope this helps -
Authorization objects to open workbooks
Hi there,
which authorization objects should i asign to a role in order to open any workbook ?
thx in advance.In My Project we have created to view the saved work books by adding those workbooks in the menu
Just we added S_TCODE and S_GUI.
in S_TCODE we have added RRMX and in S_GUI we have given Activity 60 'import'.
This works. Hope this would help you. -
Authorization Object for Webclient UI BI-Links
Hello,
i created my first two BI-Reports for CRM Service and added them over navigationbar-profile to my businessrole.
No i have the issue that i can see and process this new to BI-Links (authorization SAP_ALL and SAP_NEW).
But i have an testuser which has the same authorization as our service users. With this testuser i can´t see the links.
Does anybody know which authorization object i need to add to PFCG-role to see the links?
Thank you
Best regards
ManfredHello Robert,
it must have to do with authorization.
The buisnessrole is the same for both users "ZSRVHELPDESK".
Authorization in BW is done for both users.
But the user without CRM authorization SAP_ALL and SAP_NEW can´t see the two links to custom BW-Reports.
Another idea?
Thank you.
Best regards
Manfred -
Authorization object to view & create EWA
Hi Patrons,
I need to create a role which will provide access to view and create EWA sessions for all solutions in my solman 7.1 system.
I have managed get access to solman_workcenter transaction (System Monitoring tab) > Reports > SAP Early Watch Alert & SAP Early Watch Alert for Solution by using authorization objects S_TCODE (txn solman_workcenter), SM_WC_VIEW (for workcenter "WDC_WBA_SYSTEM_MONITORING"). But I am unable to view the systems in my landscape.
Kindly let me know which authorization object I should be using to achieve my requirement.
Thanks in Advance,
Vivek.Hi Vivek,
Please check the security guide in below path for EWA roles
Installation and configuration guides at http://service.sap.com/instguides -> SAP Components -> Solution Manager.
Here you also find the 'Security Guide for Solution Manager'.
Also check the Note 1257308 - FAQ: Using EarlyWatch Alert note setup2. for more information.
Rg,
Karthik -
Authorization for reading Authorization object
Hi,
I've a query with Company Code authorization variable and a HRU hierarchy node variable which is for one of the attributes of company code.
When I try to run the query with entering values only in HRU variable it gives me following error.
You do not have authorization to read object ZCOCD01 'Authorization by Company Codes 1'
Can anybody tell me which authorization object I should use to read authorization object.
Regards,
AmitHello
Try with RSECADMIN
Enter the user concerned (flag the log) and then Run the query you want.
Authorization will be displayed in the report
Rgds -
Authorization object to view Maintain Performance Documents on MSS
Hi Experts,
Would like to know which authorization object would require to view Maintain Performance Documents on MSS. Currently, we removed SAP_ALL access from MSS user and not able to peform Maintain Performance Documents.We are on EP 7 and ECC 6.
It gives following error :
java.lang.NullPointerException
at com.sap.xss.hr.mbo.blc.BMboStatusComp.resetGlobalMboR3Data(BMboStatusComp.java:260)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusComp.resetGlobalMboR3Data(InternalBMboStatusComp.java:195)
at com.sap.xss.hr.mbo.blc.BMboStatusCompInterface.resetGlobalMboR3Data(BMboStatusCompInterface.java:150)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:168)
at com.sap.xss.hr.mbo.blc.wdp.InternalBMboStatusCompInterface$External.resetGlobalMboR3Data(InternalBMboStatusCompInterface.java:224)
at com.sap.xss.hr.mbo.vac.VMboStatusComp.onBeforeOutput(VMboStatusComp.java:227)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusComp.onBeforeOutput(InternalVMboStatusComp.java:185)
at com.sap.xss.hr.mbo.vac.VMboStatusCompInterface.onBeforeOutput(VMboStatusCompInterface.java:143)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface.onBeforeOutput(InternalVMboStatusCompInterface.java:136)
at com.sap.xss.hr.mbo.vac.wdp.InternalVMboStatusCompInterface$External.onBeforeOutput(InternalVMboStatusCompInterface.java:212)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.callOnBeforeOutput(FPMComponent.java:603)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:569)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:733)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:668)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:860)
at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:220)
at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1288)
at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:355)
at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:548)
at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:192)
at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:754)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:289)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Would appreciate kind guidance to resolve issue.
Thanks in advance.
AashishI am closing this thread as opened at wrong place.
Thanks,
Aashish -
Authorization Object to Control access for ContactData in Dispute Managmt
Hello Experts,
Do you know which Authorization Object is necessary to use to be able to control Contact Data available in Dispute Management? Any hint will be much appreciated.
I want to have greyed out the contact data fields (contact person, e-mail, phone and fax number) in change mode.
Thanks in advance.
Best Regards,
Vanessa.Hi Ravi,
Thank you very much for your reply, but I have done this already.
Transaction is UDM_DISPUTE but they are so many authorization objects available and none of them seems to be related to contact data. Please kindly check within transaction the part of the screen that I am talking about.
Also check the list of objects in SU24 to Transaction UDM_DISPUTE. Do you know which one is related to 'contact data' part of the screen?
I need to know which authorization object valid to Transaction UDM_DISPUTE is the one related to contact data. Any other idea?
Thanks in advance.
Best Regards,
Vanessa Barth. -
Authorization object to control BOM usage ?
Hi ,
Through which authorization object we can control the authorization for BOM usage ?
We have to control authorizations for CS01 through BOM usage Production , PM ,Sales BOM etc...
regards,
madhu kiranHi,
The Authorization Object: C_STUE_BER
BOM Usage - STLAN
Generally it will be given as *.
You can restrict the authorizations based on the Usage.
Hope thi helps..
Regards,
Siva
Maybe you are looking for
-
How can I upgrade the Mac OS X 10.7.5 to better operational system?
-
Reconnecting clips weirdness no file path listed
Every time I open my project I have to reconnect 10 clips. 7 of the clips have no file path. Does anyone know how to fix this? Here's a snapshot http://snipr.com/uw311-q2w
-
Hi Sanjeev, I have a question , 1)How to join two data objects 2) How to pass parameters from one report to the other Scenario 1) : I created two data objects,then I could create a plan and and bring in basic reports on the Dashboard using the SQL Qu
-
OIM Deployment Manager Export Failure
I have OIM 9.1 running on Websphere and the deployment managers export feature is not working. You can go through the entire export process and even get to the point where you select the file to export the XML to. The file is created but always empty
-
Am evaluating SBE 2.5 , and it going quite well except I can't get to the server console. Which user and password can be used to get passed the very nice looking screen saver? Thanks.