BI analysis authorization- checking for not equal to values
hello,
the info provider (ZIC_COPA) is having auth. relevant char. are 0COMP_CODE, PLANT, 0SALESORG.
When i am executing query which is built on ZIC_COPA info provider. It is checking all above charcteristics value. But in RSECADMIN i found that system is checking for not equal to values. For ex. please see below RSECADMIN trace. It is checking not equal to values for PLANT. does anybody know why it is checking NOT PLANT IN values??
0COMP_CODE
0PLANT
0SALESORG
SQL Format:
COMP_CODE IN ('1000',,'3200')
AND NOT PLANT IN ('1000','3200')
AND SALES
ORG IN ('1000',','3200',')
AND TCAACTVT = '03'
Note: There is no hardocoding or exclusion values in the query.
Regards
Imran
Edited by: Imran Mulani on Jun 21, 2009 1:13 PM
ok
Similar Messages
-
Authorization check for Selection of Filter Values for Query Definition
I am looking for a solution to the following problem:
Assuming you have confidential master data in your development system.
How can I protect a query developer to see only master data values, that he is allowed to see when e.g. creating a restricted key figure.
I know that you can enable a setting in the "Business Explorer" tab that says "Query Def. Filter Value Selection". The help says:
This field describes how the selection of filter values and the restriction of characteristics function when you define queries.
The values from the master data table are normally displayed when you restrict characteristics. For characteristics without a master data table, the values from the SID table are displayed instead. In a number of cases, however, it could be better to display only the values that are in the InfoProvider. The setting "InfoProvider Values Only" is permitted for this reason.
This would almost do it, but it can be overwritten in the BEx Query Designer.
Is there a way of preventing Query Developers from seeing all InfoObject values when creating restricted key figures?
Thanks for your replies.Hi,
Thanks for the points. I am not too sure how you guys go about implementing SAP. Sorry I am not trying to be rude but you're not suppose to see any "real" data in DEV where all development takes place. You can't prevent query developers to see data. Without data there is no way they know their queries are right or wrong. Ask ECC guys to load dummy data to DEV environment that closely resemble those data currently in legacy e.g. real data. Sorry it was my mistake at the beginning when i thought it was preventing specific end users to see data that are not belong to them. -
Issues with Analysis Authorization checks in APO
Hi Friends,
I am facing an issue with Analysis authorization checks in APO.
We have setup user access based on Management Entity (Analysis authorization - AGMMGTENT and 0TCAACTVT) and core APO authorizations (based on the work profile - e.g: Demand Planner).
Scenario: Consider User A has access to India and Australia Management Entities with 0TCAACTVT - *
This user also has display access to all management Entities (AGMMGTENT - * and 0TCAACTVT - 03). This scenario works very well in Quality where the RSECADMIN trace shows check on both Characteristics. However in Production the RSECADMIN trace shows up only against AGMMGTENT (*) and by default takes 0TCAACTVT as (*).
In Quality the Characteristics that get checked are as below : and it works as expected. Display access for Management Entities that are supposed to be displayed only and change access to only the Management Entities that it should.
However the Trace for Production shows the following : As a result it is allowing the user to change access to all management Entities. Which is not desirable..
Resultant trace results are as below: This should not happen..
I have compared all Analysis Authorizations and it is same across both Instances. The Demand planner access is consistent too..
Will it be possible for you to advise on what could I be missing.Hi All,
If it helps, in Quality: the Authorization checks are listed as: Subselection (Technical SUBNR) 1
while in Production it checks Subselection (Technical SUBNR) 1 in one place, however where it fails - the check happens as Subselection (Technical SUBNR) 0.
Is there a way we can change this to SUBNR 1. Is there any table entry that I can look at to check if the Authorization check is functioning incorrectly..
Please advise.. Thanks..
Regards,
Prakash -
In a purchase order for 3 GR's Quantity does not equal the value
Hi,
I have found the difference in one purchase order, there have been 3 GRs where the Qty does not equal the Value. How has this happened?
Any guesses why the difference has come.
Thanks®ards,
VeenaHi Vishal,
In po history for agt 3 Gr's Quantity does not equal the values. I hope the difference is Movement types. But exactly where to check this movements i am not getting.
Can you tell me this which T.code.
Tx, -
Authorization checks for PNP LDB
question : how to validate authorization checks for pnp logical database?
2 nd question: hr report
this report is basically for salary survey. in this i had so many fields can any body let me know how
can i form the internal tables. and i have to display overall 150 fields in csv file for that
how can i take in to the final internal table.
what is the logic behind this:
T71JPR09-JOBCODE
PA0000-PERNR
HRP1000-STEXT
P0006-PSTLZ
PA0008-ANSAL * 100 / PA0008-BSGRD
PA0015-BETRG
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-GRADT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
like that i had.
please give me the steps how can i proceed.Hi,
The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
Hope this helps. -
Authorization checks for bank account number in vendor master
I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
Thanks
-PeruHI Peru,
To supress a field in FK03 u will have to check
Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
But there bank account no is not there.
Moreover there r no authorization objects for all the fields that u gave.
So try creating screen variant/ transaction variant in SHD0.
Regards,
Kiran -
How to turn off the authorization checks for a object in infoproviders?
Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
Thanks,
Raj.Hi Raj,
Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
In BW3.5, use RSSM transaction to do thins.
OR
Go to transaction RSECAUTH ---> Choose the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
If you are using old authorization concept in 3.5 or in 7.0
Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
Hope this helps you,
Best regards,
Sunmit. -
ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole
Hi
After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
<i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
I have not found anything helpfull thusfar.
Thank you for your help in advanceHi,
We had the same problem after upgrading to 2004s sp13.
We applied all available patches and it went away.
Check out this thread:
<a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
Best regards,
Avisahi Zamir -
Failed to activate authorization check for user SAPSYS
Hi Experts
I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
i am getting a error Failed to activate authorization check for user SAPSYS.
Please help me to solve this issue.
Regards
VenkatHi, Mr. Joe Bo.
Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
Basis Patch - 15, Kernel 159
I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
Thanks & Regards
Venkatesan J -
Authorization Check For Pricing Reference Materail In VA01 & VA02
Hi Expert,
User has requested to do authorization check for pricing reference material in line item in VA01/VA02. currently SAP does not has any authorization check for pricing reference material field at line item in VA01/VA02. Is there any standard authorization object for this purpose or needs to use user exit to do this checking ie if the pricing reference material entered does not belong to the sales org as entered in sales header data then system will issue warning/error message. What will be the standard user exit routine if there is no standard authorization object for this purpose ?
Thanks.
Regards,
Tay
Edited by: Hung How Tay on May 13, 2010 2:48 AMHi,
Try below in MV45AFZB
USEREXIT_SOURCE_DETERMINATION
Best regards,
Anupa -
Authorization check for surveys
Hello Friends,
Does anybody know if there is Authorization check for surveys?
I want to restrict access to surveys, depend on user and status of surveys (answered or not).
Thanks for any help.
LalasDear Lalas,
Unfortunately the survey runtime itself doesn't check any authorization.
But for my personal point of view, you might be able to look into the
following to fulfil your requirement:
1.add java script into the survey xml file
Or
2.define your own function module with additional authorization check,
and assign it to survey attributes in transaction CRM_SURVEY_SUITE,
as PBO or PAI function module.
(relevant steps necessary to activate the customer defined
authorization obj.)
Hope these could do help!
Regards, Gerhard -
Dear all,
I found there is no authorization check for plant in CO88, this means if user do not enter the plant, then all the orders will be settled, would anyone tell me how to control this?
thanks,
BenBen,
You can control this by creating seperate roles and giving plantwise authorization in these roles.. Please check Tcode PFCG for further details...
Thanks -
Authorization check for Removing of Delivery block in Sales Order
Hi,
I want to have an authorization check for the person removing the delivery block in the Sales Order.
By Default all Sales Orders will have a delivery block. I want to ensure that the user does not have the authorization to Remove the Delivery block.He should be able to choose any reason in the Delivery block if required.
Only the user which has the authorization to remove the delivery block should be able to do so.
I have checked that the Delivery block field does not have an Auth Object.
I want to enable delivery block removal for some users and restrict the same for others.
Please AdviseHi,
In object V_VBAK_AAT you can find the activity 43 that is meant for authorisation, that should be removed for the users who are not supposed to release the sales order for any blocks.
Try that it will work.
Regards,
Mann. -
Authorization check for action
HI Experts,
I am facing a Scenario, where PPF actions need to be restricted for users. For example, if there are 5 actions, I would like to have User A to execute the first 2 and User B to execute the other 3 alone.
Is there any authorization Object that i could make use of or is there any other way where i can achieve this.
Regards,
KumarHello there,
for ChaRM I found 1002541, which provides extended authorization checks for tasks in the SCMA task list.
The code may be already in your system, but in the note you will find the names and descriptions of all the authorization objects.
Note 517491 might help as well.
Best regards,
Miguel Ariñ -
Authorization check For T code
Hi everyone,
Can anybody guide to set a authorization check for a particular Tcode.
I have ztable where users are assigned particular numbers.
I want the users who are assigned some numbers should be able to use this particular t code
Thanks in advancehi
chk this out
AUTHORITY-CHECK
Basic form
AUTHORITY-CHECK OBJECT object
ID name1 FIELD f1
ID name2 FIELD f2
ID name10 FIELD f10.
Effect
Explanation of IDs:
object
Field which contains the name of the object for which the authorization is to be checked.
name1 ...
Fields which contain the names of the
name10
authorization fields defined in the object.
f1 ...
Fields which contain the values for which the
f10
authorization is to be checked.
AUTHORITY-CHECK checks for one object whether the user has an authorization that contains all values of f (see SAP authorization concept).
You must specify all authorizations for an object and a also a value for each ID (or DUMMY).
The system checks the values for the IDs by AND-ing them together, i.e. all values must be part of an authorization assigned to the user.
If a user has several authorizations for an object, the values are OR-ed together. This means that if the CHECK finds all the specified values in one authorization, the user can proceed. Only if none of the authorizations for a user contains all the required values is the user rejected.
If the return code value in SY-SUBRC is 0, the user has the required authorization and may continue.
The return code value changes according to the different error scenarios. The return code values have the following meaning:
4
User has no authorization in the SAP System for such an action. If necessary, change the user master record.
8
Too many parameters (fields, values). Maximum allowed is 10.
12
Specified object not maintained in the user master record.
16
No profile entered in the user master record.
24
The field names of the check call do not match those of an authorization. Either the authorization or the call is incorrect.
28
Incorrect structure for user master record.
32
Incorrect structure for user master record.
36
Incorrect structure for user master record.
If the return code value is 8 or 24, inform the person responsible for the program. If the return code value is 4, 12, 16 or 24, consult your system administrator if you think you should have the relevant authorization. In the case of errors 28 to 36, contact SAP because authorizations have probably been destroyed.
Individual authorizations are assigned to users in their respective user profiles, i.e. they are grouped together in profiles which are stored in the user master record.
Note
Instead of ID name FIELD f, you can also write ID name DUMMY. This means that no check is performed for the field concerned.
The check can only be performed on CHAR fields. All other field types result in 'unauthorized'.
Example
Check whether the user is authorized for a particular plant. In this case, the following authorization object applies:
Table OBJ: Definition of authorization object
M_EINF_WRK
ACTVT
WERKS
Here, M_EINF_WRK is the object name, whilst ACTVT and WERKS are authorization fields. For example, a user with the authorizations
M_EINF_WRK_BERECH1
ACTVT 01-03
WERKS 0001-0003 .
can display and change plants within the Purchasing and Materials Management areas.
Such a user would thus pass the checks
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0002'
ID 'ACTVT' FIELD '02'.
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' DUMMY
ID 'ACTVT' FIELD '01':
but would fail the check
AUTHORITY-CHECK OBJECT 'M_EINF_WRK'
ID 'WERKS' FIELD '0005'
ID 'ACTVT' FIELD '04'.
To suppress unnecessary authorization checks or to carry out checks before the user has entered all the values, use DUMMY - as in this example. You can confirm the authorization later with another AUTHORITY-CHECK
Maybe you are looking for
-
Hi, I have been editing a project for a week and over the past 2 days iMovie 10.0.5 has crashed into millions of colored pixels about 6 times. I am working on a 27" iMac running OS X 10.9.4 with 6GB of Ram, plenty of space on start up disc (217 GB's)
-
Java mapping for Remove and Add of DOCTYPE Tag
HI All, i have one issue while the Java mapping for Remove and Add of DOCTYPE Tag in Operation Mapping . it says that , while am testing in Configuration Test " Problem while determining receivers using interface mapping: Error while determining
-
Issue with VO extension after upgrading from 11i to R12
Hi All, We are facing issue with VO extension after upgrading from 11i to R12(12.1.3). Most of the cases we are facing issue as given below, oracle.apps.fnd.framework.OAException: oracle.jbo.AttributeLoadException: JBO-27022: Failed to load value at
-
How to email purchase order along with body and subject line
hi experts, i have to email the purchase order along with the body and subject line. I am able to send the purchase order as a pdf attachment, but i have still not got a solution how to add body and subject line to this mail. plz help me out.
-
I have a row of buttons within a container, all with instance names. When one of the buttons is clicked and using a switch statement, I want to navigate to a timeline frame and stop to display the desired page. Could someone provide an example of AS