Character Level Authorization

HI All,
I am giving authorization to a user for a particularly country data which is for example India.Other countries are US,UK. I want to give authorization only India related data to the user.
Maintained the authorization variable for my country Info object in the query. I made the country info object authorization relevant. I have created the authorization object Zcountry and assigned India to it. Created the User as well. Created the Role and maintained authorization data.
1.  Do I need to give anything in the MENU tab when creating a role?
2. When I click on change authorization data in the authorization tab, a choose template window appears. I selected S_RS_RREPU: BI Role: Reporting user. Is it the correct template for my requirement. When I select this template and go to the next
screen, what all fields have to filled here...Please be very clear in answering this step. Please I want a detailed explanation.
Could I get detail steps of creating Role in RSECADMIN. Particularly Menu, Authorization TABS.
Regards,
Sravan.

Hi Kavitha,
I have already gone through every document available, even the one you sent. My question was about the Menu and authorization tab, which is not explained at all in the document you sent. When we go to change authorization data, the document only mentioned about giving the authorization object name under the S_RS_AUTH. What about S_RS_COMP and S_RS_COMP1.
I followed all the steps like giving Infoprovider name, cube name, report name under S_RS_COMP. At the end when I open the analyzer with the new user I can see  the authorized  Infoprovider name, cube name, Query name but when I execute my query I don't get any data. It say NO APPLICABLE DATA FOUND.
In the document the MENU tab is in active version, normally if we don't fill anything in it, it will be in inactive version(RED), but it is in active version. So what did he do in the menu tab. It is not explained. I am getting very much confused as no document available gives a detailed view.
It would be great if you could help regarding this. Thanks a lot. Kindly help.
Edited by: Sravan Sabbineni on Jan 27, 2012 12:58 PM

Similar Messages

  • Direct database data access without data level authorization check

    Hello,
    My customer raised issue about direct database data access. Due to the customeru2019s strong security policy, it shouldnu2019t be allowed.
    To prevent this kind of illegal data access, customer ask me to list up all the possibilities to display data without data level authorization check.
    The things in my mind are
    SQL Command Editor (for Oracle based system) : ORASPACE, DB02, ST04
    Query Based : SQVI (Quick Viewer), SQ01/SQ02/SQ03 (SAP Query)
    Data Browser : SE11, SE12, SE16, SE16N, SE17
    Table Maintenance : SM30
    Function Module : RFC_READ_TABLE
    Function Module : DB_EXECUTE_SQL (DML)
    Anyone knows anything which is not listed above?
    Thanks

    HI,
        Generally in production user's should not be given all these authorizations.
    Ram.

  • Organization level authorization restrictions

    Hello All,
    Please can you let me know
    1) f it is possible to org level authorization restrictions for CLM documents and master data without any development?
    - E.g. while creating suppliers the user should only be able to create for the Company assigned to the user id?
    2) What is the significance of the company and organization unit fields in the user account information page?
    Regards,
    Subramaniam Iyer

    Hi ,
    Could you share about your solution ? I think I have face the same problem as yours.

  • Tab Level Authorization

    One of My application I plan to give the tab level authorization. I used two level tabs.
    for example, the sub tabs are like aa,bb,cc. I need to write the authorization schemes and I need to get the tab name dynamically here to show this tab for only few users. This scheme will be seleted for all the tabs.
    When I try with :app_tab_id, :parent_tab_cells bind variables, it's not working properly. Any one can suggest me how can I refer the tabname or tab label (like for page we are using app_page_id)
    Advance thanks for your help
    Balaji

    Balaji:
    I don't understand why you need to know the current-tab etc.
    Authorizations can be applied at the tab level declaratively (in the tab's defintion).
    So, your authorization should simply be something like 'return true for user1, user2, user3...' and this authorization should be specified as the 'Authorization' for the tab's authorization.
    Varad

  • Object level authorization for SLT Configuration schema in HANA DB

    Hi All,
    We have connected SLT with HANA DB (& ECC as source system).
    Now for certain users we wanted to restrict the access for certain tables ( tables owned by SLT Schema, i.e schema created in HANA DB with the configuration name provided in the SLT configuration).
    With the SYSTEM user object level authorization's of another schema is not possible hence , an error is thrown when we are trying to provide/control the access of single table for a user.
    Is it ok that we generate a password for SLT schema and try login with schema owner. Is it the best practice or Is there any other way around.
    Regards,
    Kumar

    Hi Santosh,
    You can find more info about SLT Roles and Authorization from below security guide.
    http://help.sap.com/hana/SAP_HANA_Security_Guide_Trigger_Based_Replication_SLT_en.pdf
    Regards,
    V Srinivasan

  • "Low-level" authorizations for accessing BW reports - add users to role

    Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
    Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.

    Hi!
    i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
    with regards
    ashwin
    <i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i>

  • Field Level Authorization

    Hi Gurus,
    Can you explain me how to proceed forward inrelation to Field Level Authorizations in SAP HR. For instance I want to restrict roles of individuals based on Field for example restrict users based on Field Workschedule in IT 0007 ( Planned Working Time).
    Regards,
    Happy

        AUTHORITY-CHECK OBJECT 'S_TABU_LIN'
          ID 'ORG_CRIT' FIELD 'MOLGA'
          ID 'ACTVT' FIELD '03'
          ID 'ORG_FIELD1' FIELD '10'
          ID 'ORG_FIELD2' FIELD '*'
          ID 'ORG_FIELD3' FIELD '*'
          ID 'ORG_FIELD4' FIELD '*'
          ID 'ORG_FIELD5' FIELD '*'
          ID 'ORG_FIELD6' FIELD '*'
          ID 'ORG_FIELD7' FIELD '*'
          ID 'ORG_FIELD8' FIELD '*'.
        IF sy-subrc NE 0 .
          MESSAGE e000 WITH 'No Authorization for area' v_text.
        ENDIF.
    Use S_TABU_LIN authority object for field level authorizations.

  • SM30 Field level authorization check

    Hi,
    I have a requirement to add the authorization check in SM30 for the company field in the custom table. Please suggest.
    Thanks,
    Gagan Chodhry

    Hi,
    I have this requirement for both type of tables i.e. custom as well as standard. Tables has got field profit center.. I need to show the table based on the loggedin user authorization to the profit center.
    If it is a custom table then as mentioned by Siva, there is a way I heared that we can check the authorization in PAI event, but when I tried to do a small test, I could get the field symbol with the values, but I was not able to skip that record for disply.
    If anyone can send the sample or the way to skip the record based on the check.
    Also is there any other way to add the field level authorization to custom and standard tables...
    Thanks,
    Gagan Chodhry

  • Multiple Level authorization

    Hi I am using OBIEE 11.1.1.5.
    I want to set the row level security and also with multiple level. for example i have one sales dashboard, i have entered using sales person id then the dashboard shows for the particular salesman sales details and i have entered as zonal sales manager then the dashboard shows the details of sales men under my zonal or i have entered to dashboard using the regional sales id i can able to view the all the regional information. How can achieve this.
    For single level authorization i can used the row level security. but multiple level how is it possible?
    Regards
    Gauthaman

    You can set up a initialization block to set up values for three variables.
    1) GROUP
    2) LEVEL or COLUMN_NAME
    3) COLUMN_VALUE
    In your single level authorization you will intialize only 1 and 3 variables, here intialize second one also and use it in the filter clause.
    like COLUMN_NAME = COLUMN_VALUE

  • 0PLANT Level Authorizations

    Hi Guru's,
           I have a query regarding Object level Authorizations i.e i have created one query with variable Plant now i need to rollout to single query to all plants and respective person only can able to view their plant values....so i need to create 0plant as Auth relavent for that i use RSSM t.code but there i am not able to see the 0plant object .....please for Object level authorizations how can i proceed ...
    Regards
    Jagadeesh.M

    Hi Anil,
        I did following steps please go through it once and suggest me
    1. Change 0Plant to Auth Relavent in Object.
    2. RSSM tcode create a Z_plant and select 0plant and infocube and query objects and save it.
    3. then back to rssm and check the infoprovider
    4. create a Auth variable in bex
    5.assign that query to user role and in that role select the Auth object and mention the plant and cube and query name.
    6.generaet the roles.
    then execute using that user but it can executing for all plants but i need to restrict for single.
    Please treat it as urgent and give me if any missing steps...
    thanque anil...
    Reagrds
    Jagadeesh.m

  • Plant level authorization control for Internal Order

    Dear Sir,
    We create Internal Order using tcode KO01 and  being a multi plant scenario , we want to have an authorization control on Internal Order creation/change so that plant or profit-center level authorization rights can be given to the users .
    We request you to Kindly guide us about the steps to be followed for addressing such requirement .
    With thanks and Regards
    Sonia Agarwala

    Sonia-
    It can be done. You have two options.
    1. SAP security - when your security person can limit a user by plant, profit center etc using authorization objects.
    2. Validations - Here you can create a validation where you define you logic. In your logic you can restrict set of users who can access a set of fields (profit center, plant etc). If he deviates, the system can issue error messages which is maintained in validations. Use transaction GGB0 to create validations.
    Hope this helps.
    Shail

  • Discount level authorization in sales order

    Hi,
    I have one scenario where customer want to give discount level authorization for some customer, please find below example and suggest possible solution
    Ex. There would be like 3 level discount authorization in sales order like sale manager 2%, manager 3-4% n sales head 5%.
    If sales manager make the order n enter  3 %  and more discount then error show like " you are not authorized for this discount" and order can not be saved ,same will be applicable to manager and sales head.
    Note: There may not be different level user id used here means Sales manager and manager will be using same ID.
    Please suggest the configuration step by step
    Edited by: KHAPREVIPIN on Jan 4, 2012 7:51 AM

    Hello
    there is a process of Basis roles that can help u in doing this. Using these roles u can give permission the condition types
    u create 3 diffrent condition type ZCP1,ZCP2ZCP3 and give authorization only to the required level.
    Example : manger can only add ZCP1 not others.
    Through this no need to create any program... for each specifice condition type u can give authorizatoin this is standard in SAP.
    Mager      ZCP1 discount 30%
    user :      ZCP3 Dicount 5%
    If the system must determine automaically : make a requirement for each condition and check the role(USER ID) and pass the condition
    If it is the manual discount then the user can only add the discount they can not give others.

  • Second Level Authorization for ESS

    Hi,
    I have an issue regarding ESS . The requirement is to provide a second level authorization when anybody clicks on the content in ESS. i,e a logon screen. On successful authentification the user has to see the required info. We should also be able to provide a 5 min idle time out. Can anybody help me with this.
    Thanks,
    Abhishek

    Abhishek, Did you find any solution for second level authentication for ESS?

  • Field level Authorization configuration in SAP BO issue !!!

    Hi gurus,
    I want to create field level authorization at query level and use the same at BO web Intelligence. (Ex if i h ave company code as A,B,and C. and if i have created a rolehe users  where only A and C is assigned so when i crreate a webi where users should only able to select comapny code as A and C only.)
    Now i want to know the steps to configure the same in BO for roles import and SAP authentication setting.Please do tell the pre-requisites .I got lot of links but am still confused.
    So please provide exact steps and setting to configure the same.
    Thanks &Regards,
    Montz
    Edited by: montz2006 on Jun 27, 2011 9:05 PM

        AUTHORITY-CHECK OBJECT 'S_TABU_LIN'
          ID 'ORG_CRIT' FIELD 'MOLGA'
          ID 'ACTVT' FIELD '03'
          ID 'ORG_FIELD1' FIELD '10'
          ID 'ORG_FIELD2' FIELD '*'
          ID 'ORG_FIELD3' FIELD '*'
          ID 'ORG_FIELD4' FIELD '*'
          ID 'ORG_FIELD5' FIELD '*'
          ID 'ORG_FIELD6' FIELD '*'
          ID 'ORG_FIELD7' FIELD '*'
          ID 'ORG_FIELD8' FIELD '*'.
        IF sy-subrc NE 0 .
          MESSAGE e000 WITH 'No Authorization for area' v_text.
        ENDIF.
    Use S_TABU_LIN authority object for field level authorizations.

  • Styling of text on character level

    Hi,
    I am looking for a control to edit text. The text should be styled on character level. E. g. only character on index 2 has a red background but the whole text field has a blue background.
    Is there a control existing in javafx 2 to achieve this?
    Regards
    Oliver

    Is it possible to switch off the controls and use the edit area only?Yes, there are ways to customize it:
    https://gist.github.com/2514709 code sample
    Re: Customizing  HTMLEditor element "Thread: Customizing HTMLEditor element"
    http://stackoverflow.com/questions/10075841/how-to-hide-the-controls-of-htmleditor (last section has info on hiding the toolbar - is done by code, but you might be able to achieve the same by a css stylesheet - which would be a better implementation - dgrieve's comment was "You can extract html-editor.css from jfxrt.jar to see what styles it uses.").
    There is also a jira to provide an api to control HTMLEditor allow programmatic control of editing capability, but that hasn't been actioned yet.
    Additionally you can use a WebView with contenteditable="true" see:
    http://stackoverflow.com/questions/10685395/webview-with-contenteditable-cannot-be-focused-programmatically

Maybe you are looking for