Create authorization check for a report

Hi,
I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
Say the report name is ZHR_TIMEABC.
Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
Thanks in advance,
VG

Hi,
Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
Your inputs will be helpful to understand this concept.
Thanks,
VG

Similar Messages

  • Authorization checked for infoObjects even though not relevant to report

    Hello guys,
    I am facing a problem in BI 7.0 authorization checks.
    For a given report the BI team has placed a restriction in the query only for infoObject 0Comp_code (company code) and 0SOLD_TO (sold to party). Accordingly i have created authorization in RSECADMIN and assigned to role--> user.
    But when the user runs the report, he gets as authorization error and during analysis in RSECADMIN i see that "list of Authorization relevant charecteristics(infoObjects) for info provider xxxx" contain other infoObjects as well.
    Is it a case where infoObjects can be made authorization relevant for the whole  info provider eg-ZSD_M42" (where this is a multi provider)apart from being checked for specific reports eg- ZSD_M42_Q0001?
    How do i get around this problem?
    Regards,
    Prashant

    Hi Prashanth,
    What Zaheer said was exactly correct.Make sure all the Auth relevant Chaaracteristics of an Infoprovider  are properly authorized through your Analysis Authorization.Suppose if you don't need security on other Characteristics of an InfoProvider give * in your AA which will byepass check on that particular Auth relevant Characteristics..
    More over,See to that all the key figures are properly authorized as all the keyfigures are by default auth relevant in BI.
    Cheers,,
    Ramkumar C

  • How to turn off the authorization checks for a object in infoproviders?

    Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
    I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
    Thanks,
    Raj.

    Hi Raj,
    Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
    In BW3.5, use RSSM transaction to do thins.
    OR
    Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
    If you are using old authorization concept in 3.5 or in 7.0
    Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
    Hope this helps you,
    Best regards,
    Sunmit.

  • How can I remove this extra authorization check for dynamic parameters

    Hello expert,
           I created a new dynamic hirarchical parameters as " client-->policy" in crystal report.   these parameter value are coming from a physical table.  the other part of report extract data by a oracle procedure. when I ran this report in client, it is ok for everything. but when I schedule it or run it in infoview,  I need extra authorization for access these dynamic parameter, eventhough this is not for accessing other parameters.  How can I remove this extra authorization check for dynamic parameters?

    Hi
    Open the crystal designer  Edit the parameter In the prompt window at the existing option you can find the LOV name.
    Open the Business view manager and find that prompt name in u201CRepository Exploreru201D window and select that parameter  right click that parameter  Select edit rights  provide rights for your user name in that window.
    --Naga

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • Authorization Check for Special Stock Indicator in IE02

    Dear Gurus,
    Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
    For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
    Would appreciate your help.
    Thanks.

    Hi,
    This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
    Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
    Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode.

  • Authorization checks for bank account number in vendor master

    I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
    Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
    Thanks
    -Peru

    HI Peru,
    To supress a field in FK03 u will have to check
    Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
    in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
    But there bank account no is not there.
    Moreover there r no authorization objects for all the fields that u gave.
    So try creating screen variant/ transaction variant in SHD0.
    Regards,
    Kiran

  • How to create authorization role for just displaying query prefix Q and X.

    Hi Expert,
    I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
    Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
    where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
    -->Manually Business Information Warehouse
        --> Manually Business Explorer - Components
    Activity : Display, Execute, Enter, Include, Assign
    InfoArea : *
    InfoCube : *
    Name(ID) of a reporting component : *
    Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
        --> Manually Business Explorer - Components
    Activity : Display, Execute
    InfoArea : *
    InfoCube : *
    Name(ID) of a reporting component : Q* , X*
    Type of a reporting component : Query
    But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
    Please assist. Very much appreciate your help. Thanks.
    Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

    Question close. This issue has been resolved.

  • How add Authorization check for user with assigened role for t.code-MIR4

    Hi All,
    Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
    In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
    suggest me...
    Thanks,
    srii..

    Hi Sri ,
    first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
    make use of Tcode SUIM to find out all roles which are using this Object.
    or
    ask ur basis guy to remove authorizations to create/change....
    regards
    Prabhu

  • Set Up Authorization Check for G/L Accounts  into PO creation

    Dear friends !
    How could I activate check to the access to certain accounts into PO creation ?
    I know that is possible to activate this into Purchasing customizing under path
    SPRO > Materials management > Purchasing > Purchase order > Set Up Authorization Check for G/L Accounts
    But could I use it to give access only to certain GL Accounts by user ? Is this the purpose of this customizing ?
    If yes what´s the object should I use to link with user account !?
    best regards,
    Ale

    Hi ,
    After you setup the configuration in transaction OMRP, please setup up
    the authorisation group in the account code (FS02, the field is on the
    "Control", technical name is BEGRU).
    When a account assigned purchase order is created, the system checks for
    object F_BKPF_BES with values from the BEGRU and activity 01.

  • Authorization check for select-options field - Company code.

    Hi experts,
    i have company code field on the report selection screen and i have to validate the authorization check for BUKRS.
    How to do authorization check for a select-options field?
    Any function modules used to write the authorization check for a SELECT-OPTIONS FIELD?
    Thanks.

    >
    RNB wrote:
    > Any function modules used to write the authorization check for a SELECT-OPTIONS FIELD?
    Does it hurt to type a few lines of code? Why do you need an FM for this my friend?
    Anyways can you please tell which SAP application area (viz. FI, SD etc.) do you want to run the report?
    Suhas

  • Authorization Check for Storage Location

    Hi Experts,
    I have the following requirement :-
    I have Plant : P081 created under Company Code : P110.
    I have got various Storage Locations under this Plant for example
    KT01 - Main Stores
    KT24 - Remote Store.
    The KT24 store is basically a remote location store. I have activated the Authorization for the Storage Location KT24 in the SPRO Settings
    Material Management --> Inventory Management and Physical Inventory --> Authorization Management --> Authorization check for storage location.
    I have maintain the following authorizations for the Object M_MSEG_LGO as follows :-
    1. OBJECT : M_MSEG_LGO.
    >> 2. USER ID : 081Store
    >> 3. PLANT : P081
    >> 4. STORAGE LOCATION : Kt24
    >> 5. ACTIVITY : 01-03
    >> 6. MOVEMENT : 101, 102, 201, 221, 261
    and authorization for T_code MIGO_GR and MIGO_GI . I want to restrict the user for transaction only for this storage location but the system is allowing the user to post GR document for KT01 stores also.
    Can any one suggest a solution or settings that need to be done for the user to be restricted to prepared GR for Storage Location KT24 only.
    Thanks in advance.
    AJ

    Hi,
    You set the authorizations to users with tcode PFCG. To know the reason of deny some access run tcode SU53 after SAP denies the access to some documents / objects.
    Regards,
    Eduardo

  • Authorization check for CO88

    Dear all,
    I found  there is no authorization check for plant in CO88, this means if user do not enter the plant, then all the orders will be settled, would anyone tell me how to control this?
    thanks,
    Ben

    Ben,
    You can control this by creating seperate roles and giving plantwise authorization in these roles..  Please check Tcode PFCG for further details...
    Thanks

  • Authority Object? Authorization Check for Period

    We consolidated from R3 to SEM tax reporting. So we now are using a  different authority-check object. However, all of the parameters that were in the 'Authorization Check for Period' in R3 are not in SEM. Can you manually add parameters for to the authority-check. I am not even sure how to change or activate. Is this a Basis thing?
    To be honest I do not know what this object checks when processing. It cannot be debugged?
    I do not think my authorization level will be fully defined with the new object.
    Any suggestions?
              Thanks.
    *In old ERP we used*
    AUTHORITY-CHECK OBJECT 'E_CS_PERMO'
       ID 'PERMO' FIELD '1'   "Open period
       ID 'DIMEN' FIELD g_dimen
       ID 'RVERS' FIELD g_rvers
       ID 'BUNIT' DUMMY
       ID 'CONGR' FIELD g_congr.
    In new SEM system we now need to use:
    AUTHORITY-CHECK OBJECT 'R_UC_PERIO'
               ID 'ACTVT'     FIELD 'PA'          "open period
               ID 'CONS_AREA' FIELD g_congr.
              ID 'TASK_FLD1' FIELD '__________'
              ID 'TASK_FLD2' FIELD '__________'
              ID 'TASK_FLD3' FIELD '__________'
              ID 'TASK_FLD4' FIELD '__________'
              ID 'TASK_FLD5' FIELD '__________'
              ID 'TASK_FLD6' FIELD '__________'
              ID 'TASK_FLD7' FIELD '__________'
              ID 'TASK_FLD8' FIELD '__________'.

    Resolved issue.

  • Can v create graphical display for the report

    Hi to everyone
    my q is this can v create trend lines for a report ........
    if the ans is yes then pl mention the way of doing it .......

    when you run a bex report on the left top you have a button "graph". If you click this, you get a basic chart representing your output table. when you right-click on the chart you get the option menu as you get in xls, meaning you can change the type of chart (line, bar, pie,...) the series, the titles and so on (like regular xls)
    so the answer to your question is yes. If you want even more features you can use workbooks.
    M.

Maybe you are looking for

  • Acrobat 7.1 Professional sends no more emails

    Hi dear experts, i don´t know why, but my Acrobat Professional 7.1 refuses to send pdf-files with Thunderbird. It always worked, but now (new Thunderbird Version 2.0.0.22) Acrobat shows me the info window, that there occured an error. Even saved pdf-

  • When i click on the domain file in a folder, iweb 08 opens?

    I have iweb 08 installed in a separate folder . I have iweb 09 in the applications folder. When I open iweb 09 it is pulling my files from the domain. But when I go to that same location and double click on the domain file (i have 3 saved on the comp

  • 10.4.6 Font importing problem - .exe

    I have purchased a G5 and a Mac Mini, both running OS 10.4.6. I am trying to load fonts onto the machines but when I copy them to the users/shared folder they show up as Unix executable files. I use FontAgent Pro 3 and usually store fonts in users/sh

  • Gmail has no icons in boxes

    At about the same time as Firefox 9.0.1 was updated on my Dell Optiplex 960, three things happened: 1. Gmail icons went missing 2. Searched images in Firefox returned gray rectangles only 3. Google Analytics page is blank

  • Costs of components and activities not incorporated in costs of FG

    Dear experts, I am setting up discrete manufacturing in a warehouse with Handling units. The process I follow: 1. Crate handling unit with COWBPACK 2. Do goods receipt with COWBHUWE 3. Consume components with COWBHUWA When looking at the financial do