BISQLGroup Provider - Authorization

Similar Messages

• Providing authorization for parameter transaction

  hello all,
            I have created a parameter transaction for a table maintainance generator(table a z-table). the requirement is, we want to provide authorization only for few users so how can we go forward...
  with regards,
  sandeep akella.

  When you are parametrizing any TCoe then there is no changes happen in the Authorization checks from the original. So you need to take care this in the following way:
  1. Go to table TDDAT and find out the Authorization Group of that z-table. If nothing found, please create a Custom Auth group and assign the table to that grp in SE54.
  2. Now go to the role through which you want to provide access to that table to the users or create a new role and add the Parametrized Tcode in the menu of the Tcode.
  3. In authorization data, please assign the Authorization group for that particular table in S_TABU_DIS and provide the activity as per your requirement.
  4. Assign the role to the users.
  Regards,
  Dipanjan

• Characteristic as data provider authorization

  Hi all,
  Well, as the title says we got a char used as data provider and it has some query. The problem is that I dont know how can I do to give authorizations to users. I have tried with the S_RS_COMP, but that one requires an infoobject and also I have tried with RSSM making it relevant for authorizations... but it seems it works only with values.
  Can someone help please?
  Regards
  Ignacio

  Hi,
    Yes need to use S_RS_COMP ,S_RS_COMP1 and S_RS_IOBJ authorization objects.Under S_RS_IOBJ--> you have the following
  Activity 03
  Info object < IOBJ NAME>
  Info object catalog < IOBJ CATA>
  Hope this helps.
  Cheers,
  Balaji

• Provider : Authorization Required (Workflow Provider)

  I am trying to use Oracle Workflow as a provider.
  I have defined an external application (using basic authentication) - that works fine.
  I have created a provider.xml, it is registered, the config files modified etc - the test page works fine.
  I have linked the provider to the external application.
  When I add the portlet to a page I always get the following error message (from the Workflow Application Server) :
  Authorization Required
  This server could not verify that you are authorized to access the document requested. Either you supplied >the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials >required.Here is my provider.xml :
  <provider class="oracle.portal.provider.v1.http.URLProvider">
  <session>true</session>
  <authentication class="oracle.portal.provider.v1.http.Authentication">
  <authType>basic</authType>
  </authentication>
  <portlet class="oracle.portal.provider.v1.http.URLPortlet">
  <id>1</id>
  <name>CCC_PROV_WF_JMR_2</name>
  <title>Job Manager Workflow Provider</title>
  <description>Job Manager Workflow</description>
  <timeout>100</timeout>
  <timeoutMessage>Job Manager Workflow timed out</timeoutMessage>
  <showEdit>false</showEdit>
  <showEditDefault>false</showEditDefault>
  <showPreview>false</showPreview>
  <showDetails>false</showDetails>
  <hasHelp>false</hasHelp>
  <hasAbout>false</hasAbout>
  <acceptContentType>text/html</acceptContentType>
  <registrationPortlet>false</registrationPortlet>
  <accessControl>public</accessControl>
  <renderer class="oracle.portal.provider.v1.RenderManager">
  <showPage class="oracle.portal.provider.v1.http.URLRenderer">
  <contentType>text/html</contentType>
  <pageExpires>60</pageExpires>
  <pageUrl>http://sirius.caprion.com:7777/pls/wf_drep</pageUrl>
  </showPage>
  </renderer>
  <securityManager class="oracle.portal.provider.v1.http.URLSecurityManager">
  <authorizType>public</authorizType>
  </securityManager>
  </portlet>
  </provider>
  ANY IDEAS ?
  Thanks

  The relative links need to be converted to absolute links. You can use a filter to achieve this. You need to define your filter similarly to this after the pageURL definition:
                      <filter class="oracle.portal.provider.v2.render.HtmlFilter">
                           <headerTrimTag>&lt;body</headerTrimTag>
                           <footerTrimTag>/BODY></footerTrimTag>
                           <baseHRef>your_page_url</baseHRef>
                           <convertTarget>true</convertTarget>
                      </filter>

• How to Provide Authorizations to LSMW

  Can we provide any authorizations to LSMW is there any proper way that we can restrict the LSMW which we crated  to few users

  Hi Prasad,
  check this [how to handle  authroziation levels in LSMW.;
  hope u'll get some idea.
  Regards,
  Sneha.

• How to provide authorization to set the statuses in Design registration

  Hi All,
                 For HTOR transaction type CRMDRGO status profile has been configured. So based on this status profile the user can set any of the statuses which are there in CRMDRGO.Here the requirement is the user should not be able to set few statuses whicha are there in the CRMDRGO. Means for some of the statuses the user shouldn't have the authorization to set.For this I have created one authorization code and i have configured in CRMDRGO.How can i achieve this requirement.can anybody help me out regarding this.Thanks in advance....
  Regards,
  Laxman.P

  In webUI GET_V for this attribute, make the available values as desired by restricting some values for a certain usergroup or role or on a certain value of a certain Authorization Object.

• How to provide authorization.

  Hi all,
  In my report program by selecting a radio button and execute it,
  it will take to TMG of a table.
  Now what i want is,  this radio button should be visible only to some set of users and for all others it should not be visible.
                        (or)
  Only for those set of users it should take to the TMG and for others it should display the message as 'You are not authorized to view the table' or they can allowed in only display mode.
  Pls provide any suggestion on this.

  Hi,
  try this short example:
  SELECTION-SCREEN: BEGIN OF LINE.
  SELECTION-SCREEN: COMMENT 06(30) T_BUT1.
  PARAMETERS:       P_BUT1 RADIOBUTTON GROUP PRI1.
  SELECTION-SCREEN: END   OF LINE.
  SELECTION-SCREEN: BEGIN OF LINE.
  SELECTION-SCREEN: COMMENT 06(30) T_BUT2.
  PARAMETERS:       P_BUT2 RADIOBUTTON GROUP PRI1.
  SELECTION-SCREEN: END   OF LINE.
  SELECTION-SCREEN: BEGIN OF LINE.
  SELECTION-SCREEN: COMMENT 06(30) T_BUT3.
  PARAMETERS:       P_BUT3 RADIOBUTTON GROUP PRI1  MODIF ID DS0.
  SELECTION-SCREEN: END   OF LINE.
  AT SELECTION-SCREEN OUTPUT.
    LOOP AT SCREEN.
      IF SCREEN-GROUP1 EQ 'DS0'.
        IF P_BUT3 = ' ' AND SY-UNAME <> 'TEST01'.
          SCREEN-INPUT     = '0'.
          SCREEN-INVISIBLE = '1'.
          T_BUT3           = SPACE.
          MODIFY SCREEN.
        ENDIF.
      ENDIF.
    ENDLOOP.
  INITIALIZATION.
    T_BUT1   = '1. Button'.
    T_BUT2   = '2. Button'.
    T_BUT3   = '3. Button'.
  START-OF-SELECTION.
    BREAK-POINT.
  END-OF-SELECTION.
  Hope it helps.
  regards, Dieter

• Problem with Authorization for Planning folder

  Hi an having a problem with providing authorization for a planning folder
  i am getting the following error when i test it with test user
  Error while calling up RFC
  Message no. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "You do not have authorization for InfoCube ZT_MR_T "
  Procedure
  Inform the system administrator.
  we are not pulling the data from any other server, all the data is on the sif any one has faced the same issue let me know.
  Regards,
  Abraham

  Calling Thru Trans code: BPS0 in ECC 6
  getting this error:
  Error while calling up RFC
  Message No. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "An error occurred during the receipt of a complex parameter."
  after i check in bw trans code:st22
  Following this error message:
  Category                   Internal Kernel Error
  Runtime Errors         PARAMETER_CONVERSION_ERROR
  Application Component  BC-MID-RFC
  Short text
      An error occurred during the receipt of a complex parameter.
  What happened?
      During a remote function call, an error occurred while converting
      a complex parameter.
  What can you do?
      Note which actions and input led to the error.
      For further help in handling the problem, contact your SAP administrator
      You can use the ABAP dump analysis transaction ST22 to view and manage
      termination messages, in particular for long term reference.
  Error analysis
      An error occurred during the conversion of a complex parameter.

• Problem with Authorization for BW BPS planning Folder

  Hi an having a problem with providing authorization for a planning folder
  i am getting the following error when i test it with test user
  Error while calling up RFC
  Message no. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "You do not have authorization for InfoCube ZT_MR_T "
  Procedure
  Inform the system administrator.
  if any one has faced the same issue let me know.
  Regards,
  Abraham

  HI ,
  I Checked it out we dont have that cube in our system.
  Regards,
  Abraham

• Error in  Authorization even after giving Colon authoriztion to users

  Dear Experts
  We have built a query which is having Sum GT function used and also Constant for some characterstics.
  But when we execute the query the user is getting not authorized message. If i run the query without  the SUM GT and Constant RKF and CKF its running fine.
  We have checked the rsec log for the error it says Colon authorization is required for the some chars which are authorizaiton relavant but we have given all the other chars : authorization but still i am getting the below message.
  Authorization Check Log
  For a general description see the Note 1234567
  Date and Execution Time (Local Server)
  Execution Date: 01.12.2011
  Execution Time: 15:33:23
  Executed Query: ZM_SD_M22/ZM_SD_M22_Q_00010
  Transaction RSRT ( BW - output test )
  Executed by User P00010784
  Executed with Analysis Authorizations of Another User P00007960
  Software Component  Release  Level  Support Package 
  SAP_ABA  700  0021  SAPKA70021 
  SAP_BASIS  700  0021  SAPKB70021 
  SAP_BW  700  0023  SAPKW70023 
    InfoProvider Check  
  Building the Buffer...
  ...Buffer Built
  Are there authorizations for accessing InfoProvider ZM_SD_M22 with activity 03?
  Authorization exists for general access to InfoProvider ZM_SD_M22 with activity 03 
    Relevant Characteristics for Detailed Authorization Check  
  (Characteristics with Full Authorization Are Not Listed!)
    List of Effective Authorization-Relevant Characteristics for InfoProvider ZM_SD_M22:  
  0DF_HRPOSTN 
  ZCUS_MAT__ZSD_HEQT 
  ZC_CUST__ZSD_HEQT 
  ZSD_HEQT 
    Authorization Check  
    Detail Check for InfoProvider ZM_SD_M22  
    Preprocessing:  
  Selection Checked for Consistency, Preprocessed and Supplemented As Needed
  Subselection (Technical SUBNR) 1
  Check Node Definitions and Value Authorizations...
  Node- and Value Authorizations Are OK
  Subselection (Technical SUBNR) 2
  Check Node Definitions and Value Authorizations...
  Node- and Value Authorizations Are OK
  End of Preprocessing
  Filling the Buffer...
  ...Buffer Filled
    Main Check:  
    Subselection (Technical SUBNR) 1  
  Supplementation of Selection for Aggregated Characteristics
    Check Added for Aggregation Authorization:     0DF_HRPOSTN  
    Check Added for Aggregation Authorization:     ZCUS_MAT__ZSD_HEQT  
    Check Added for Aggregation Authorization:     ZC_CUST__ZSD_HEQT  
    Check Added for Aggregation Authorization:     ZSD_HEQT  
    Authorizations missing for aggregation (":")  
  Characteristic  1        2       3 
  0DF_HRPOSTN    Node      I EQ :      I EQ :   
  ZCUS_MAT__ZSD_HEQT    I EQ :      I EQ :      Node   
  ZC_CUST__ZSD_HEQT    I EQ :      I EQ :      I EQ :   
  ZSD_HEQT    I EQ :      Node      I EQ :   
  Entries marked with red do not have aggregation authorization
  You can find more information about this here 1140831
    The authorization check stops here as this selection is no longer needed  
    Message EYE007: You do not have sufficient authorization  
    No Sufficient Authorization for This Subselection (SUBNR)  
  Following CHANMIDs Are Affected:
    Subselection (Technical SUBNR) 2  
  Supplementation of Selection for Aggregated Characteristics
    Check Added for Aggregation Authorization:     0DF_HRPOSTN  
    Check Added for Aggregation Authorization:     ZC_CUST__ZSD_HEQT  
    Check Added for Aggregation Authorization:     ZSD_HEQT  
  List of authorizations that provide authorization for selection on ":" (aggregation):
  Characteristic  3 
  0DF_HRPOSTN    I EQ :   
  ZC_CUST__ZSD_HEQT    I EQ :   
  ZSD_HEQT    I EQ :   
  Please guide me what else is required to get the report running.
  Thanks and Regards
  Sree
  Edited by: CRMKNW on Dec 4, 2011 9:43 AM

  Shivraj,
  I have done the way to display the authorization but still its giving the error no authorization  and for change  i have removed the Auth relavant Char from the filter which is having the variable (authorization type ) now its showing the report but four Key figure columns are not shown.
  These key figure columns are SUM GT function  which will bring the total value of a characterstic. So where am i going wrong because as i have given the : authorizaiton it should give the aggregated value for these columns and give full details for his authorized zone.
  if i don't add the variable its giving all the data without these four key figures what i am expecting is it should give data for the authorized zone but also show the aggregated value in the SUM GT key figures as they are authorized with : authoriztion.
  Thanks and Regards
  Sree

• Authorization in SAP BI

  Hi everyone,
  i am new to this Authorization Concept. I need to create a few Roles for End Users and Developers. Can anyone please guide me through.
  We have a Report A.
  Now ,
  1) I need to provide authorizations for creating a query, modifying an existing query , Executing and Displaying the Query result .This is for the Key User
  2) I need to Provide authorizations only to execute the Query and display the Query Result. This is for normal End User.
  3) I need to provide a Development Role to the IT Manager who is at the client place. He should be able to design the BI Development as well, Like Creating Cubes etc.
  Please provide some valuable inputs.There are no Object level authorizations. Its only Reporting Level Authorizations.

  Rajiv,
  You can create roles via T.Code PFCG.
  There you need to give 4 Authorization objects:
  S_RFC
  S_RS_AUTH
  S_RS_COMP
  S_RS_COMP1
  In Auth Objects S_RS_COMP & S_RS_COMP1 You can define following autorizations for query in activity tab:
  02  Change
  03  Display
  06  delete
  16  Execute
  22  Enter, Include, Assign
  Create different roles Normal user, Key user & BI developer.
  Provide T.code Rsa1 to developer & related autorisation in PFCG
  Regards,
  Shilpi Gupta

• Plant Specific Authorization of  VA42,VA02,VF03

  Hi,
  I have to provide authorization for Change or Display of Contract Orders,Sale Orders, Billing docs for the Users of the plant in which they were created and for other Plant users i need to restrict. For example, If a billing doc was created in Plant 1100,then users of the Plant 1100 should only have the authorization for Change or Display of that billing doc. For other Plant Users it should throw an error message 'This billing doc belongs to another Plant'. Please guide how can i do this? What input i have to take from Basis Consultant?
  Regards
  K Srinivas

  Please guide in arriving at solution.
  Regards
  K Srinivas

• SOAP adapter - WS authorization

  Hello,
  I am trying to expose an RFC as a web service using the SOAP Adapter.
  The problem is that in order to consume this web service, authorization is required by the client application(Otherwise the call returns code 401 - Unauthorized)
  Is it possible to allow anonymous calls to the WS ?
  If not, can anyone instruct me how to provide authorization data during the call to the WS (using C#) ?
  Thanks,
  Elad.

  Hi,
  From the thread , <u><b>User Names and Passwords in SOAP adapter
  <i>in order to turn off the authentication for SOAP interface, please remove the authentication
  restriction in web.xml for aii_af_soapadapter.sda.
  Extract the SOAP-adapters WAR-file from the corresponding sda. Then extract the deployment-descriptor from the war-file and delete the related security-constraint, login-config and security-role sections (makes absolutely sense to save the original descriptor beforehand). ZIP the files again with the new deployment descriptor and deploy the SDA via SDM.
  comment the following portion.( It's already commented below).
  <! security-constraint >
  <><security-constraint>
  <display-name>message</display-name>
  <web-resource-collection>
  <web-resource-name>message</web-resource-name>
  <url-pattern>MessageServlet</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>xi_adapter_soap_message</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <display-name>helper</display-name>
  <web-resource-collection>
  <web-resource-name>helper</web-resource-name>
  <url-pattern>HelperServlet</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>xi_adapter_soap_helper</role-name>
  </auth-constraint>
  </security-constraint>
  >
  <! login-config >
  <><login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>XISOAPApps</realm-name>
  </login-config>
  >
  <! security-role >
  <><security-role>
  <role-name>xi_adapter_soap_message</role-name>
  </security-role>
  <security-role>
  <role-name>xi_adapter_soap_helper</role-name>
  </security-role>
  >
  The safest way to change this web.xml is described as followed, you
  could do the changes also direct on the file system, but it will need
  reboot of J2EE and does not guarantee to work.
  The web.xml is located in the aii_af_soapadapter.sda, please extract
  this sda file with normal zip function. There is one
  aii_af_soapadapter.war inside, please extract this war file again,
  change the web.xml as described above. Please zip the folder with
  modified web.xml for aii_af_soapadapter.war and than for the
  aii_af_soapadapter.sda. Please do not modify the folder structure.
  Deploy this modified sda with SDM. After the deployment you can double
  check whether changes for web.xml is done on the file system, this
  web.xml is located under
  /usr/sap/xxx/DVEBMGS00/j2ee/cluster/server0/apps/sap.com/com.sap
  .aii.af.soapadapter/servlet_jsp/XISOAPAdapter/root/WEB-INF.
  I am not sure whether you will need to restart the J2EE after this
  deployment to make the changes from web.xml active, please try it out.</i>
  Regards,
  Bhavesh

• Authorization control for ordering specific materials

  Hi Experts
  Is it possible to set up control on specific materials, so that those materials can not be allowed for procurement unless the authorization is provided.
  In this context, can we use DG profile and assign certain authorizations?
  The specific requirement is intended for identifying such material as well as for providing authorization for ordering.
  warm regards
  marias

  Hi,
  If you want to control on ordering material, you can set up Release Procedure, so that without approval ,purchase order can not be processed.
  If you want to block the material for procurement, you can use Source list ( ME11), block the material , when ever required, you can remove the block and procure it and again block it.
  Regards,
  Biju K

• BOM usage authorization

  Hello,
  I have total 6 usages in BOM (CS02)
  we have created the bom with usage "2"
  my client wants no one will authorize for to change this bom which is having usage "2"
  Please suggest..
  Thanx & regards,
  Nilesh

  Hi
  You can block create Roles for the persons. First role contains all bom usage except 2. Second role contains only bom usage 2. Assign this 2 roles to user and provide authorization for first role to change all bom usage except 2. For second role provide to display only.
  First role
  C_STUE_BER - ACTVT - 02
                          STLAN - 1,3,4,5,6
                           STLTY - M
  Second role
  C_STUE_BER - ACTVT - 03
                        STLAN - 2
                         STLTY - M
  Try this