Creating Authorization on queries, infocubes

Similar Messages

• How to create authorization role for just displaying query prefix Q and X.

  Hi Expert,
  I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
  Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
  where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
  -->Manually Business Information Warehouse
      --> Manually Business Explorer - Components
  Activity : Display, Execute, Enter, Include, Assign
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : *
  Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
      --> Manually Business Explorer - Components
  Activity : Display, Execute
  InfoArea : *
  InfoCube : *
  Name(ID) of a reporting component : Q* , X*
  Type of a reporting component : Query
  But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
  Please assist. Very much appreciate your help. Thanks.
  Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

  Question close. This issue has been resolved.

• Copy/Create local copy queries in Production

  We´ve closed our Production environment for changes.
  The problem is that some users must have access to copy queries/workbooks (that were transported from DEV) to a local copy ($TMP), in order to make changes to the structure of these copied queries. It seems that when we click on "Save query as", BW tries to save it into a Request, but it should save it as Local.....
  How could it be achieved?
  Thank you in advance,
  Cris

  Use Tcode SU53 & then try creating/changing a query...The Authorization Object required for creating/changing a query is captured in SU53 screen.
  Authorizations are based on the values set for an Authorization Object.
  For Eg : If a value '01' is set against an Authorization Object it means that a Create Authorization is available.Like value '02' for change etc..,
  Get this authorization object with the necessary authorizations assigned to a role & have it assigned to the Users.

• How to Create authorization WAD template for BW3.5?

  Hi All
  How To create Authorization for a Web template in Bw 3.5 ?
  I have a requirement to restrict a particular Web templated in bw 3.5 So that all the end users should not be able to access that template only a particular user should be allowed to view the template?
  I cant find any authorization object for the WAD template in bw 3.5 ?
  Can anyone tell me the procedure to include the WAD template authorization?
  Should i include the authorization template in the Menu - in pfcg??? . i have added the template in the Menu in the PFCG but still it didnt work.
  Thanks

  As you said, the authorizations for the WAD templates should be given in PFCG roles.
  But you have to include the access/authorization details in the authorization objects. WAD templates have been created with including info/multiprovider, info cubes right.. first you have to include these objects inside the Role in PFCG.
  S_RS_COMP,S_RS_COMP1,S_RS_MPRO,S_RS_ICUBE.
  just assigning WAD template in the menu of the roles is to display when you login with the userid.
  Please request your BASIS folks to do the same.
  Hope this would help you.

• How to restrict Create Authorization in Appraisals to Users?

  Dear HCM Experts:
  We are using BSP application hap_document for Business Event Appraisals.
  I have used documents_todo.htm for recording the Appraiser/ Particapant ratings.
  That is when user click on create button, system should not allow the user to create a new appraisal document.
  My Issue is:
  I donot want to give create Appraisal Authorization to User. I tried using Auth Objects: PLOG and P_HAP_DOC but nothings seems to be working.
  My requirement is to give only display and change authorization to Users in Appraisals.
  Please suggest if any wayout.
  regards,
  Srikanth Reddy

  Hi Lincoln:
  Yes, in the AUTH OBJ even if i give change activity, user is defaulted with create authorization as well.
  Possible option that triggered in my mind also is to modify the BSP Application. But i wanted to have the solution in the standard itself.
  Thats why i have raised OSS to SAP for solution, lets see.
  Thank you,
  Srikanth Reddy

• When i am trying to create BI Universe on InfoCube I am getting this Error

  Hi All,
  I am using BOE 3.1
  When i am trying to create BI Universe on InfoCube I am getting this Error
  DBD: A runtime exception has Occured. (Error Getting list of Cubes of catalog $INFOCUBE: Unknown error)
  Same  when i am connecting to BexQuery Im not getting any error i am able to create the OLAPUniverse on BI Query.
  My question is why i am getting this error when i click on the Infocube in the Designer. Did i am missing any thing in the Universe designer.
  Regards,
  Ravi

  HI,
  Please go through by below link.
  DBD: A runtime exception in Universe Designer
  Thanks,
  Amit

• How to create authorization in BI 7.0 objects

  Dear Friends,
  how to create authorization in BI 7.0 objects. Pls any body help. tghjis is morevhelpful for me
  Regards
  Ramana

  give the user name to whom you have to give the authorizations.
  maintain user then you can see the roles tab where you can assign the roles for the user.
  for these roles you can assign the authorization objects. when you double click on the roles you can get the maintenance of the role where you can edit or give the authorization objects for that role.
  some example for the authorization objects are:
  S_RS_ADMWB (Datawarehouse workbench-objects), S_RS_IOBJ(Datawarehouse workbench-Infoobject), S_RS_DS(Datawarehouse workbench-Datasoure for release greater than 3.X), S_RS_DTP(Datawarehouse workbench-DTP's) etc
  You can edit these authorization objects like providing them display or create or modifying authorizations
  Go through the below link:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/659fa0a2-0a01-0010-b39c-8f92b19fbfea

• Create authorization for storage Loction for tcode ME21N

  Hi All,
       My requirement is to create authorization for storage Loction for tcode ME21N and ME51N.
       There are standard authorizations for Plant, Document type Group and Org for ME21N
       M_BANF_WRK, BSA,EKG, and EKO which i checked in TCODE SU24.
      But there is no std authorization check for storage location.
      If this is possible then please help me with the procedure and steps.
      Please guide me with all the steps that i need to take care abt..
     Thanks in Advance.
  Regards
  Sujeer

  Hi
  This is the authorization objects for PO and PR
  For PO : M_BEST_LGO  for palnt/Storage location
  For PR : M_BANF_LGO for palnt/Storage location

• Creating Authorization groups for material types

  Hi All,
  I have a requirement to create Authorization groups for different material types we have in our company. Basically these are intended to restric the users from accessing the material master. Different material types needs to be assigned to differnt group of users.
  So if we can create couple of Authorization groups, then I am thinking of assigning the material types to these groups.
  I went to SPRO---Logistics general ---Material master -
  Tools --- Maintain authorization and authorization profiles.                 TCODE : PFCG
  Is this the right path?
  Please advise
  Shane

  Hi All,
  I don't think SPRO---Logistics general -Material master- Tools --- Maintain authorization and authorization profiles is the right path to create new authorization groups.
  Can anyone explain how to create new authorization groups for different material types. The purpose is to create a role and assign this auth. group to this role and provide that security role to specific users.
  Regards
  Shane

• Need FM which create authorization for a Role

  Hi,
  i neeed to create authorization for the roles. can anybody tell me , is there any FM to create authorization for a Role.
  it is done through PFCG transaction.
  i need a FM which creates authorization for a Role.
  Thanks in advance

  Hi Sami
  Try this link.
  Re: Programatically create Security Profiles via BAPI/FM in R/3?
  Regards
  Neha

• Create Authorization Scheme for LDAP Groups

  I have installed APEX 4.0 in my staging environment and got the LDAPS to finally work. I can now login to the application with my LAN user name and password. The only problem is so can everyone else on the LAN. So I wanted to create an authorization scheme that would only allow a certain group or groups of LDAP users into the application rather than everyone.
  I am at the Create Authorization Scheme page and am kind of stuck. Has anyone done this before and can share some SQL or knowledge?

  hi larosejh
  If you want to do that you must write your own procedures using the dbms_ldap package. I found some code a while back that searches the LDAP. Maybe you can use this to create a function for your authentication.
  DECLARE
  retval PLS_INTEGER;
  my_session DBMS_LDAP.session;
  my_attrs DBMS_LDAP.string_collection;
  my_message DBMS_LDAP.message;
  my_entry DBMS_LDAP.message;
  entry_index PLS_INTEGER;
  my_dn VARCHAR2(256);
  my_attr_name VARCHAR2(256);
  my_ber_elmt DBMS_LDAP.ber_element;
  attr_index PLS_INTEGER;
  i PLS_INTEGER;
  my_vals      DBMS_LDAP.STRING_COLLECTION ;
  ldap_host VARCHAR2(256);
  ldap_port VARCHAR2(256);
  ldap_user VARCHAR2(256);
  ldap_passwd VARCHAR2(256);
  ldap_base VARCHAR2(256);
  BEGIN
  retval := -1;
  -- Please customize the following variables as needed
  ldap_host := 'host';
  ldap_port := '389';
  -- In case of update/insert/delete need change ldap_user to other.
       -- ldap_user := 'cn=orcladmin';
       -- ldap_passwd:= 'welcome';
  -- set User and password to NULL for anonymous user.
  ldap_user := 'user';
  ldap_passwd:= 'password';
  ldap_base := 'CN=Users,DC=ee,DC=intern';
  -- end of customizable settings
  -- Start output Header--
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  DBMS_OUTPUT.PUT('> DBMS_LDAP Search Example ');
  DBMS_OUTPUT.PUT_LINE('');
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Host ',25,' ') || ': ' || ldap_host);
  DBMS_OUTPUT.PUT_LINE(RPAD('> LDAP Port ',25,' ') || ': ' || ldap_port);
  -- Choosing exceptions to be raised by DBMS_LDAP library.
  DBMS_LDAP.USE_EXCEPTION := TRUE;
  my_session := DBMS_LDAP.init(ldap_host,ldap_port);
  DBMS_OUTPUT.PUT_LINE (RPAD('> Ldap session ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_session,1,8)) ||
  '(returned from init)');
  -- bind to the directory
  retval := DBMS_LDAP.simple_bind_s(my_session,
  ldap_user, ldap_passwd);
  DBMS_OUTPUT.PUT_LINE(RPAD('> simple_bind_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  -- issue the search
  my_attrs(1) := 'dn'; -- retrieve all attributes
  retval := DBMS_LDAP.search_s(my_session, ldap_base,
  DBMS_LDAP.SCOPE_SUBTREE,
  'objectclass=*',
  my_attrs,
  0,
  my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> search_s Returns ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE (RPAD('> LDAP message ',25,' ') || ': ' ||
  RAWTOHEX(SUBSTR(my_message,1,8)) ||
  '(returned from search_s)');
  -- count the number of entries returned
  retval := DBMS_LDAP.count_entries(my_session, my_message);
  DBMS_OUTPUT.PUT_LINE(RPAD('> Number of Entries ',25,' ') || ': '
  || TO_CHAR(retval));
  DBMS_OUTPUT.PUT_LINE('+++++++++++++++++++++++++++++++++++++++++++++++++++');
  -- End output Heading --
  -- get the first entry
  my_entry := DBMS_LDAP.first_entry(my_session, my_message);
  entry_index := 1;
  -- Loop through each of the entries one by one
  while my_entry IS NOT NULL loop
  -- print the current entry
  my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
  -- DBMS_OUTPUT.PUT_LINE (' entry #' || TO_CHAR(entry_index) ||
  -- ' entry ptr: ' || RAWTOHEX(SUBSTR(my_entry,1,8)));
  DBMS_OUTPUT.PUT_LINE (' dn: ' || my_dn);
  my_attr_name := DBMS_LDAP.first_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := 1;
  while my_attr_name IS NOT NULL loop
  my_vals := DBMS_LDAP.get_values (my_session, my_entry,
  my_attr_name);
  if my_vals.COUNT > 0 then
  FOR i in my_vals.FIRST..my_vals.LAST loop
  DBMS_OUTPUT.PUT_LINE(' ' || my_attr_name || ' : ' ||
  SUBSTR(my_vals(i),1,200));
  end loop;
  end if;
  my_attr_name := DBMS_LDAP.next_attribute(my_session,my_entry,
  my_ber_elmt);
  attr_index := attr_index+1;
  end loop;
  my_entry := DBMS_LDAP.next_entry(my_session, my_entry);
  DBMS_OUTPUT.PUT_LINE(' --------------------------------------------------- ');
  entry_index := entry_index+1;
  end loop;
  -- unbind from the directory
  retval := DBMS_LDAP.unbind_s(my_session);
  DBMS_OUTPUT.PUT_LINE(RPAD('unbind_res Returns ',25,' ') || ': ' ||
  TO_CHAR(retval));
  -- Start Output Footer --
  DBMS_OUTPUT.PUT_LINE('Directory operation Successful .. exiting');
  -- Start Output Footer --
  -- Handle Exceptions
  EXCEPTION
  WHEN OTHERS THEN
  DBMS_OUTPUT.PUT_LINE(' Error code : ' || TO_CHAR(SQLCODE));
  DBMS_OUTPUT.PUT_LINE(' Error Message : ' || SQLERRM);
  DBMS_OUTPUT.PUT_LINE(' Exception encountered .. exiting');
  END;
  /

• Creating Authorization for multiple plants

  Hi,
  I have one requirement that, Creating Authorization for multiple plants
  SELECT-OPTIONS:    s_werks FOR mseg-werks.
      AUTHORITY-CHECK OBJECT 'M_MSEG_WMB' 
             ID 'ACTVT' FIELD '03'
             ID 'WERKS' FIELD s_werks.
  1. If have no of plants in s_werks then how to authorize the plants?
  2.if i dont enter any plant in my selection screen how to authorize that?
  3. if i have 5 plant only then how i can authorize those perticular plants only?
  Thanks in advance,
  Thanks,
  DP.

  S_WERKS is not a field; it's a set of fields.  Use simple ABAP to select your plants and loop at the selection(s) to check...

• Create Authorization Profile Manually

  Dear Experts,
  I want to know the Tcode through which I can create Authorization Profile.
  I know that through PFCG we can create a Role and from there we can generate a Profile, But how can i create a profile without creating a Role.
  I think this is possible because the Profile : SAP_ALL does not have a role.
  Regards

  >
  Mishra.Manas wrote:
  >
  Tcode through which I can create Authorization Profile
  >
  > It's actually the task of a SOX or Security Consultant. If you have rights to acess SU02 you can do it.
  > Go to Profiles------>Create.
  > Here you can create a profile without a role being generated.
  It is nothing to do with a SOX consultant unless that person is also a security administrator.

• PFCG manually created Authorizations synchronized to Menu

  Hello Colleagues,
  one question please regarding role creations under PFCG.
  The normal way is first under "Menu Tab" to create the user menu.
  The authorization objects related to your design at Menu Tab will automatic create under Authorization Tab.
  But what about if create first your manually authorizations (objects) under Authorizations Tab and afterwards you will have your manually created authorizations und Menu Tap?
  Is there a synchronizing passable
  After I finalize my manually authorization design at Authorization Tab and I create afterward some objects under Menu Tab this will update (destroy) my manually design under Authorization Tab.
  What is the best practice way here please?
  Maybe sufficient documentation are available for this point?
  Many thanks in advance!
  Regards,
  Jochen

  Hi,
  I would suggest to ask this question on security forum. You'll get much better feedback there. The best practice is to not use manually created objects. You should always associate them to transaction or something else. It won't update your manually inserted objects because PFCG does not know their relation to transaction.
  Cheers

• How to create authorization base on comp. code in BW

  Now I want to create one authorization for people who can only see the comp. code under ' 9000' . Pls info how to create it in BW side. Could we upload authorization profile for that person from ERP side?

  Hi Awa,
  In BI or BW go to the object Company Code n change more under Business explorer mark Check the authorization relevant field.
  Now go to basis guy or if u have the authorization in BI for RSECADMIN(T-CODE)
  Under which Authorization n maintenance Tab.
  Create Authorization Relevant Object. Like ZN_CCODE n in which select 0COMP_CODE. After selecting the Company code double click on that n under which u can give restriction for the particular company code.
  It will surely help you.
  Assign Points if it helps.
  Regards,
  sandeep