Favorities to Roles

Hi Friends,
I created the same Queries in Dev which exist in Prod.
After creating them in Dev, I saved them in Favorities with Tr.req. How can I assign them in role.
Could you please advice now.
Can I create all the queries the (same exist in Prod). and save them in Favorities and later on can I assign them in roles depends on to which roles the queries belongs to?
Please ... I am waiting for the responses.
Thanks,
RSB

Hi reddy,
u can refer these posts:
Attaching Workbooks to BW Roles
Roles n Queries
Re: Roles - for query components
hope this helps
regards

Similar Messages

Error - opening a web query from my favorite or roles

I am trying to open a query saved as web query from my favorite folder or user menu. I got error when processing the request. Below is the detailed error.
Error when processing your request
What has happened?
The URL http://p2pr3.ittind.com:8000/sap/bw/BEx was not called due to an error.
Note
The following error text was processed in the system DVR : You can only work in client 010
The error occurred on the application server P2PR3_DVR_00 and in the work process 0 .
The termination type was: ABORT_MESSAGE_STATE
The ABAP call stack was:
Function: RS_MANDT_CHECK of program SAPLRSMANDT
Form: CLIENT_CHECK of program SAPLRSDG_IOBJ_DB_READ
Function: RSD_IOBJ_GET_A_THEN_M of program SAPLRSDG_IOBJ_DB_READ
Function: RSZ_X_COMPONENT_EXIST of program SAPLRZX0
Form: GET_AUTHORIZATION of program CL_RSRD_UTILITIES_BW_OBJECTS==CP
Form: SET_ITEM of program CL_RSRD_WWW_ITEM_BROADCASTER==CP
Form: INIT of program CL_RSR_WWW_ITEM===============CP
Form: CREATE of program CL_RSR_WWW_ITEM===============CP
Form: SET_ITEM of program CL_RSR_WWW_PAGE===============CP
Form: SET_TEMPLATE_ITEMS of program CL_RSR_WWW_ITEM_TEMPLATE======CP
What can I do?
If the termination type was RABAX_STATE, then you can find more information on the cause of the termination in the system DVR in transaction ST22.
If the termination type was ABORT_MESSAGE_STATE, then you can find more information on the cause of the termination on the application server P2PR3_DVR_00 in transaction SM21.
If the termination type was ERROR_MESSAGE_STATE, then you can search for more information in the trace file for the work process 0 in transaction ST11 on the application server P2PR3_DVR_00 . In some situations, you may also need to analyze the trace files of other work processes.
If you do not yet have a user ID, contact your system administrator.
Error code: ICF-IE-http -c: 035 -u: NKRISHNA -l: E -s: DVR -i: P2PR3_DVR_00 -w: 0 -d: 20081022 -t: 120849 -v: ABORT_MESSAGE_STATE -e: You can only work in client 010
Any steps to solve this issue will be appreciated and awarded. Thanks

Hi Experts,
We are also having the same issue. We are in BI 7 SP 15.
Is there any way to find the relation between the Bookmark ID and Query name? The favorite link is not working and getting the above error message. We are also not able to identify the query related to this favorite / bookmark link. Is there any table to identify for query and Bookmark?
Can you experts advise urgently? Advance Thanks.
Linda.

How can i set a role that can't see the infoarea?

HI:
i want creat a role ,when use the role open the query , he can only see the report under the favorite and role,can't see the infoarea , how can setting the role's right?

Hi!
Perhaps you should try creating a user that carries exactly the same authorizations for your intended user/s. Once created, you can then see if the infoarea can then be visible still.
Regards,
P.

Query Save As Problem

i am in a situation, need your help....
When I try to save as an existing query, I see only only favorites and roles on save query as window. but i want to save in the same infoarea. the infoareas list is not displayed at all. is there a way i can get the infoareas icon on the left?
or is it an authorization issue?

Actually, if i try to go ahead as you said....a dialog box 'Create Object Directory Entry' is popping up. i think this is from transport mgmt. asking to enter package info.
this did not happen to me earlier.
to give some details: I chose favorites. do i have to choose roles instead? if yes, waht role to choose.

BW Reporting: Security Authorizations

I am looking to see if it is possible to create a role in BW that would allow the following:
-Execute all published queries
-Create new queries, but only save locally (or to favorites)but not publish globally
-Modify published queries, but save only locally (or to favorites)
The role would not have access to create and publish globally new queries or modify and save globally to any existing queries.

Hi Nathan,
Create a role using Transaction PFCG and create an Authorization Profile.
To Execute all published Queries
Add the Reporting Authorization Objects
S_RS_COMP: Infoarea, Infoprovider, Reporting Component.
If you want the user to execute all queries
Maintain this settings
Activity: 16 (Execute)
Infoarea: *
Infoprovider: *
Name of Reporting Component: *
Type of Reporting Component: REP(Query)
S_RS_COMP1: Reporting Component, Query Owner
Activity: 16 (Execute)
Name of Reporting Component: *
Type of Reporting Component: REP
Query Owner: * (If you want all users to execute the queries)
To Create and Change Queries, you've to also include those Activities in the Activity field for the Authorization objects. But I think that will affect globally.
S_RS_ICUBE or S_RS_ODSO
This Authorization object grants access to data held in the Infoprovider. For ODS you've to use S_RS_ODSO and for cube you've to use S_RS_ICUBE.
Maintain the settings.
For Reporting users, the activities 03(Display) and 16(Execute) are the minimum required.
Infocube Sub Object: DATA
Infoarea: *
Infoprovider: *
To Save Workbooks to Favourites
For this you've to include the Authorization Objects
S_GUI: Authorization for GUI Activities.
Activity: Import and Export(For saving and for opening)
S_BDS_DS: Authorizations for Document set.
Activity: 03 and 30.
Business Document Service: *
Class: OT
In addition to these, You've to include the authorization objects S_RFC and S_TCODE(Transaction: RRMX) and maintain the required settings.
Hope this helps.
Regards
Hari
Message was edited by: Hari Krishnan K

Creating Views in Web Application Designer

Is there a way in which we can create different navigational views for a query in Web Application Designer. Can anyone give me a step by step process for the same.
Thanks,
Neha.

Wond,
I have created a query in the Bex query designer and when i am trying to do a SAVE AS its only allowing me to save it in either favorites or roles. I want to save it as one view and build a few views with different key figures and have all the views in a drill down fashion so that when the end-users run the query, by running a specific view they will get all the relevant data. How can I achieve this is query designer. Could you explain elaborately.
Thanks Again,
Neha.

BX_FAVOS_ADD_URL usage

hi all,
Does any one have a sample usage of BX_FAVOS_ADD_URL function?
Thanks & Regards,
Kartheek

We use this FM for adding the bookmarked URL to the user favorites. SAP doesn't provide any standard functionality for adding the bookmarks to the use favorites or roles.
We created a BSP application for capturing the URL (bookmark URL) and the text (user entry text for bookmark) required and the BSP intern calls this FM for adding the URL to use favorites.
Thanks.

Authorization check by Cost centers

Hello all,
I developed a report in Report Painter and the requirement is that the users be able to run it only for their own CCtrs - challenge is that we are trying to not use variants, custom transactions and also modifying / checking authorization at at SU01 level.
Is there any other way to do this and if yes can you pls provide some details.
Thanks,
Richa

hi richa,
Authorizations with Variables
Definition
Instead of using a single value or interval, you can also use variables in authorizations. The Customer Exit is called up for these variables while the authorization check is running. The call is carried out with I_STEP = 0. The intervals of characteristic values or hierarchies for which the user is authorized can be returned here. By doing this, the maintenance load for authorizations and profiles can be reduced significantly.
Every cost center manager should only be allowed to evaluate data for his/her cost center. Within the SAP authorization standard, a role or a profile with the authorization for the InfoObject 0COSTCENTER equal to XXXX (XXXX stands for the particular cost center) would have to be made for every cost center manager X. This then has to be entered in the user master record for the cost center manager.
Using variables reduces the authorization maintenance workload with the InfoObject 0COSTCENTER equal to $VARCOST, as well as with the role or the profile, which is maintained for all cost center managers. The value of the variable VARCOST is then set for runtime during the authorization check by the CUSTOMER-EXIT RSR00001.
Maintaining the authorizations restricts the entries for the values to the length of the existing InfoObject. It is possible, however, to use both limits of the interval. In the example 0COSTCENTER with 4 spaces, the variable VARCOST is, therefore, entered as $VAR COST.
There is a buffer for these variables. If this buffer is switched on, the customer exit is only called up once for a variable with the authorization check. In doing so, you avoid calling up the customer exit for variables over and over, as well as decreasing performance. If you want to call up the customer exit each time, you have to deactivate this buffer in the Setting Up Reporting Authorizations. To do this, go to the main menu and choose Extras ® Compatibility ® Buffer for Variables (Customer-Exit) ® Deactivate..
You can also call up the customer exit for authorizations for hierarchies. There are two ways to do this:
       1.      Enter the variable in the authorization for characteristic 0TCTAUTHH. The customer exit is then called up while the authorization check is running. In the LOW fields of the return table E_T_RANGE, the system anticipates the technical name for the hierarchy authorization that you specified in the authorization maintenance (transaction RSSM).
As a result, all parameters are available for such an authorization. Nevertheless, you must also create a new definition for each node.
       2.      Where many authorizations differ from an authorization for a hierarchy only in respect to the nodes and not to the other authorizations, we suggest the following solution: Different users can be authorized for a specific hierarchy area (subtree). The highest node is different for each user.
Do this by creating an authorization for a hierarchy in the transaction RSSM and enter this in the authorization or role. Instead of specifying a particular node, you specify the variable in the authorization maintenance (transaction RSSM). The customer exit is then called up for the node while the authorization check is running. The return table E_T_RANGE must be filled according to the customer exit documentation (nodes in the LOW field, InfoObject of the node in the HIGH field
Setting Up Reporting Authorizations
Use
Before you are able to set up reporting authorizations, you have to create authorization objects.
As soon as an authorization object is saved, it can be checked when a query is run. The user may not have the appropriate authorizations if he or she has not yet been assigned this authorization object.
Only when the user has been assigned the appropriate authorizations can he/she define and execute a query or navigate in an existing query.
If in the query a characteristic value or a node is excluded, a complete authorization check * is required.
Procedure
Creating an authorization object
       1.      In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose the path SAP Menu ® Business Explorer ® Authorizations ® Reporting Authorization Objects.
       2.      Choose Authorization Object ® Create. Give the authorization object a technical name and a regular name. Save your entries.
       3.      On the right-hand side of the screen, an overview of all the InfoObjects that are authorization-relevant is displayed.
Only those characteristics that have been flagged as authorization-relevant previously in the InfoObject maintenance screen can be assigned as fields for an authorization object. See also: Creating InfoObjects: Characteristics
       4.      Assign the InfoObject fields to the authorization object:
¡        Select the characteristics for which you want an authorization check of the selection conditions to be carried out.
¡        Select the InfoObject key figure (1KYFNM) if you want to restrict the authorization to a single key figure.
¡        Select the InfoObject (0TCTAUTHH) if you want to check authorizations for a hierarchy.
¡        Include the authorization field activity (ACTVT) in the authorization object if you want to check authorizations for documents.
       5.      Save your entries.
       6.      Go back to the initial screen of the authorization maintenance.
       7.      Choose Check for InfoProviders ® Display to get a list of the InfoProviders that contain the InfoObjects that you selected and are therefore subject to an authorization check (where-used list). In the change mode you can exclude individual InfoProviders from the authorization check for this authorization object by removing the flag.
Authorization object:           S_RSRSAREA
Name:                   Sales area
Fields:                         DIVISION, CUSTGROUP, 1KYFNM
Creating authorizations
Authorizations are created and maintained in the role maintenance screens.
       1.      Choose Authorizations ® Roles ® Change.
       2.      Specify the roles that you want to change and choose Change. This takes you to the role maintenance screen.
       3.      On the Authorizations tabstrip, choose the Expert mode for generating profiles option.
       4.      Choose the Enter Authorization Objects Manually option, and specify the objects that you require. Choose Enter. The authorization object is added to the role.
       5.      Choose Generate.
For more information, see Changing and Assigning Roles.
Result
The user is now able to work with queries
Authorizations to Work with a Query
Use
Authorizations to work with a query are first checked in the dialog box to open a query.
Furthermore, when a query is opened, the authorizations for the individual objects are checked.
See also: Authorization Check When Executing a Query..
Structure
Check in the Open Dialog Box:
When you open a query, you will see four buttons in the dialog box. The History, Favorites and Roles buttons only display your own queries and those queries intended for you per role definition.
The InfoAreas button enables you to look at all queries for which the user has display authorization. If this display authorization is not restricted to queries, the user will see all available queries in the system here. It is possible to hide the InfoAreas button if you do not want the user to see all queries in the system. The authorization object S_RS_FOLD with the field SUP_FOLDER can be used here. In order to hide the InfoArea button, set this field to X when authorizing, otherwise leave the field blank or set it to * (asterisk all authorizations).. The button will be displayed if the authorization check fails.
Authorizations by User
It is also possible to make queries from particular users (= OWNER = query creator) available to other users (= USER) for display or processing. The authorization object S_RS_COMP1 with four fields (COMPID, COMPTYPE, OWNER, ACTVT) is used here.
You can grant this authorization to a particular team or use the variable $USER to give all users the authorization for queries that they created themselves. $USER is replaced by the corresponding user name during the authorization check.
See also the Example for Reporting Authorizations.
Authorizations for the BEx Broadcaster
Using the authorization object S_RS_BCS, you can determine which user is allowed to register broadcasting settings for execution and in which way.
Note:
·        The only authorization necessary for the online execution of broadcasting settings is the authorization for the execution of the underlying reporting objects (for example, the Web template).
·        Every user that has authorization to create background jobs also has authorization for direct scheduling in the background.
·        If you need to work under the name of another user to execute broadcast settings (for example with user-specific precalculations), the authorization object S_BTCH_NAM for background scheduling is also required for the other user. For more information, see Authorizations for Background Processing and Definition of Users for Background Processing
Authorizations for Selection Criteria
Definition
The selection criteria of a query determine which data can be displayed after you have entered it in a workbook.
An authorization check for certain InfoObjects only takes place if an authorization object with this InfoObject was already created in the authorization object class Business Information Warehouse.
As soon as an authorization object is created, only authorized users can select query data.
Use
To decide whether a user should be authorized to work with a query, you should check whether authorization has been given to him/her for all selection criteria.
Essential to the authorization of selection criteria is the authorization object S_RS_ICUBE.
Definitions of authorizations for working with certain InfoCubes must be transported separately.
See: Transporting Additional Information
In general, it is not sufficient to give authorizations for individual InfoObjects (characteristics and key figures), or to check them separately from one another. It more usual that specific authorizations should be given for combinations of characteristics and key figures.
It is therefore feasible that a "Sales Manager" is allowed to view the respective total sales figures for all sales areas, but is only authorized to break down "his/her" area (0001) according to the individual sales personnel. In this case, the following authorizations, which are grouped together, would be created and assigned.
Sales area = *
Sales personnel = :
Key figure = Sales figures
(: represents the authorization to view the values aggregated with the characteristic.
Sales area = 0001
Sales personnel = *
Key figure = Sales figures
The user frequently uses these "multidimensional" authorities in companies that are regional as well as product-oriented (matrix organization). In this way, you could arrange for the person responsible for the combination of a certain division and a certain sales area to have the exact authorization for the output of the relevant values, without him/her necessarily also having access to the data for the whole division or the whole sales area.
Authorizations for the Query Definition
Authorizations can be granted for the following objects for the query definition in the Business Explorer:
The entire query
Structures
Calculated key figures
Restricted key figures
Variables
The activities for the query definition are specified in the authorization object S_RS_COMP (Business Explorer - components). The authorization object has the following fields: InfoArea, InfoCube, component type, component name and activity.
The following values are possible for the component type:
REP: Entire query
STR: Structure
CKF: Calculated key figure
RKF: Restricted key figure
VAR: Variables
By specifying an InfoArea or an InfoCube, you can further restrict the component types. By specifying a component name, you can specify the authorization for individual components in more detail. Components that begin with 0 are delivered by SAP and cannot be changed. Components that are within the customer name range must begin with a letter of the alphabet.
Valid activities are:
01 (create)
02 (change)
03 (display)
06 (delete)
At the moment, activities 16 (Execute) and 22 (Save for Reuse) are not checked for the query definition.
User A is allowed to create, change or delete queries beginning with A1 and A6 within InfoArea 0001 in InfoCube 0002. In addition, the user is allowed to change the calculated key figures and structures (templates) already defined in this InfoProvider.
Related authorizations for user A:
InfoArea: 0001
InfoProvider: 0002
Component type: REP
Component Name: A1, A6
Activity: 01, 02, 06
InfoArea: *
InfoProvider: 0002*
Component type: STR, CKF
Component name: *
Activity: 02
Authorizations for Display Attributes
Definition
Authorization-relevant display attributes are hidden in the query if the user does not have sufficient authorization to view them.
Use
For characteristics:
The user needs to have complete authorization (*) to see the display attribute in the query.
For the characteristic 0EMPLOYEE, the 0EMPLSTATUS attribute is authorization-relevant. Only users with authorization "*" for 0EMPLSTATUS can display the attribute in the query.
For key figures:
Key figures cannot be marked as authorization-relevant. To use this function nonetheless for key figure attributes, the system checks against meta object 1KYFNM. For this, the user requires authorization for the field 1KYFNM in the authorization object.
The key figure attribute 0ANSALARY is contained in the 0EMPLOYEE characteristic.
If the user has the 1KYFNM field in his or her authorization object, and authorization "*", he or she can display all key figure attributes.
If the user has the 1KYFNM field in the authorization object and the 0ANSALARY key figure as a value of the authorization, he or she can only see this key figure attribute. If the user is not supposed to see this attribute, do not give the authorization "*" but only assign the key figures for authorization that are to be displayed.
Authorizations for Navigation Attributes
Use
During authorization checks for navigation attributes, it is always the characteristic that is being used as a navigation attribute that is checked.
Integration
If referencing characteristics are used as navigation attributes, authorization for the basic characteristic is checked. You should, however, change this logic so that the referencing characteristic is checked for instead. In the maintenance screen for reporting authorizations, choose the following path from the main menu Extras ® Compatibility ® Navigation Attributes ® Switch Off.
This function exists for reasons of compatibility. The authorization logic of referencing characteristics worked differently with the beginning of Release BW 2.0. From BW 2.0, Support Package 20 and in all of the releases that follow, for referencing characteristics as well, the authorization for exactly this characteristic (and not the basic characteristic, as was the case previously) is checked.
Example
In the query, you use characteristic A with the navigation attributes A__B and A__R. Characteristic R references characteristic B. For these navigation attributes, authorization for the basic characteristic B is checked. If you switch off the compatibility for navigation attributes option, B is checked for A__B, and R is check for A__R.
Maintaining Authorizations for Hierarchies
Use
Authorizations for hierarchies determine up to which subarea of a hierarchy a user may drilldown.
Prerequisites
Before you can set authorizations for hierarchies, you must first transfer and activate the InfoObject 0TCTAUTHH from the Business Content. Make sure that the indicator Relevant for Authorization is set. You must also create an authorization object for which you want to set the authorization.
Authorization for a hierarchy on the Profit Center characteristic (0PROFIT_CTR):
Define an authorization object with 0PROFIT_CTR and 0TCTAUTHH.
Example: You define a hierarchy for the basic characteristic B. For characteristic B there is a referencing characteristic R. If you use this hierarchy for characteristic R in the query, authorization for the basic characteristic B is checked. However, you can change this logic so that characteristic R is checked for instead. In the maintenance screen for reporting authorizations, choose the following path from the main menu Extras ® Compatibility ® Ref. Characteristics with Hierarchy ® Switch Off.
You need the characteristic 0TCTAUTHH to specify the hierarchy in the authorization. If you add this characteristic to an authorization object, you can specify authorizations for hierarchies for all InfoObjects in the authorization object.
Procedure
       1.      In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose SAP Menu ® Business Explorer ®Reporting Authorization Objects.
       2.      Choose Authorizations ® Authorization Definition for Hierarchies ® Change.
       3.      In the Definition, select the InfoObject, hierarchy and node.
If there are several users who are authorized to work with just one part of a hierarchy (subtree) but the top node is different for each, you have the option of specifying a variable instead of a node.
See also: Variable Types
Instead of selecting a node, you can also set the Top of hierarchy indicator. This enables you to ensure that a user is authorized to use a hierarchy from the top node down to a determined level.
You can select the top node here. However, if the hierarchy is being used in a query without a filter on this node, the user will not be able to execute the query.
This is because the top-most visible node does not represent the actual top of the hierarchy. As, for example, there are other Remaining Leaves, there should always be exactly one internal node at the top of the hierarchy. Therefore, there is one internal node above the top-most visible node. If the hierarchy is used in a query without the top-most node being determined, it is compared with this unseen, internal node. So that the user has the correct authorizations, select the internal top of the hierarchy for this option.
       4.      Select the authorization type:
¡        0 for the node
¡        1 for a subtree below the node
¡        2 for a subtree below the node up to and including a level (absolute)
You must define a level for this type. A typical example of an absolute level is data protection with regard to the degree of detail of the data (works council ruling: no reports at employee level only at more summarized levels).
¡        3 for the entire hierarchy
¡        4 for a subtree below the node up to and including a level (relative)
You must specify a level that is defined relative to the node for this type. It makes sense to specify a relative distance if an employee may only expand the hierarchy to a certain depth below his or her initial node, but this node moves to another level when the hierarchy is restructured.
       5.      For types 2 and 4 you can specify, in Hierarchy Level, the level to which the user can expand the hierarchy.
¡        With authorization type 2 (up to and including a level, absolute) the level refers to the absolute number of the level in the hierarchy where the top-most node of the hierarchy is level 1.
¡        With authorization type 4 (up to and including a level, relative) the level number refers to the number of levels starting from the selected node itself which is level 1.
       6.      In the Validity Area you specify in exactly which ways a hierarchy authorization has to match a selected display hierarchy for it to be included in the authorization check.
¡        Type 0 (very high) : The name, version and key date of the hierarchy on which the hierarchy authorization is based have to agree with the selected display hierarchy.
¡        Type 1: The name and version of the hierarchy on which the hierarchy authorization is based have to agree with the selected display hierarchy.
¡        Type 2: The name of the hierarchy on which the hierarchy authorization is based has to agree with the display hierarchy.
¡        Type 3 (lowest) : None of the characteristics have to match.
Note that in some circumstances, setting a check level that is too low may lead to more nodes being selected using hierarchy node variables that are filled from authorizations, than actually exist in the display hierarchy for the query. This can cause an error message.
As a general rule, select the highest possible level for the check.
       7.      If you set the Node variable default value indicator, this definition of an authorization for a hierarchy is used as the default value for node variables.
If more than several authorizations are assigned to a user for different subareas of the same hierarchy, one of these authorizations has to be defined as the default value. Only one node can be selected for a node variable on the variable screen of a query. So that this variable can be filled from the authorizations, the correct variable type has to be selected and an authorization has to be determined as the default value.
       8.      Specify a technical name for this definition. If you do not enter a value, a unique ID is set.
       9.      Now create an authorization for the new authorization object. To do this, enter the technical name of the definition as a characteristic value for the characteristic 0TCTAUTHH. Hierarchy authorizations and authorizations for characteristic values are added:
¡        Specify the value (a blank character) as a characteristic value if only hierarchy authorizations are to be in effect. If you specify more values these are authorized additionally.
¡        Specify the value : (a colon) when queries are also allowed without this characteristic.
The value ' (all characteristic values) is not supported for the characteristic 0TCTAUTHH. Nevertheless, if you specify the value a : is automatically generated instead because no other valid value is found.
If you would like the user to be able to see all values and hierarchies for a characteristic, use the value '*' for this characteristic.
If you use a drilldown hierarchy in the query, you restrict the highest node by a fixed node or a node variable.
Definitions of authorizations for hierarchies must be transported separately. See: Transporting Additional Information
Alternative Procedure:
Manually Maintaining Reporting Authorizations
Use
You usually maintain authorizations in the role maintenance. However, in exceptional cases it could be more practical to create authorizations manually. This is the case if you have to assign every user his/her own role.
Prerequisites
Reporting authorization objects have been created.
Procedure
Assign Authorization Objects
       1.      In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose SAP Menu ® Business Explorer ® Authorizations ® Reporting Authorization Objects.
       2.      Choose Authorizations ® Authorizations for Several Users. Enter an interval and choose Change.
       3.      Select a characteristic from the left side of the screen. You can then display master data as a list or as a hierarchy. The right side of the screen shows you a list of all the selected users with the authorization profiles and roles you assigned.
       4.      You can now use Drag&Drop to assign additional authorization objects to the user.
       5.      Choose Generate authorizations. The system creates the authorizations and assigns them to the users.
Assigning Authorizations for Hierarchies
You can also make authorizations for hierarchies in the same transaction.
       1.      Select a characteristic.
       2.      You can use the context menu on the authorization object to determine up to which hierarchy level the authorization should apply.
You can currently select exactly 1 level for each hierarchy and user.
       3.      Choose Generate authorizations. The system creates the authorizations and assigns them to the user.
Result
The system has created individual authorization profiles.
thanks
karthik
reward me ipoints if the above is usefull to you

Business Explorer Authorizations

Hi Gurus,
I have created a Rol that grant access only to reports belonging to an InfoArea.
I would like that every user belonging to this Rol, be able to edit/view only it's own created reports, and the reports published in Rol's folder.
Currently they can open every report created by anybody on this InfoArea.
How can I set up rol definition to achieve my goal ?
Points will be assigned.
Thank you.
Best Regards,

Hi,
When you open a query, you will see four buttons in the dialog box. The History, Favorites and Roles buttons only display your own queries and those queries intended for you per role definition.
The InfoAreas button enables you to look at all queries for which the user has display authorization. If this display authorization is not restricted to queries, the user will see all available queries in the system here. It is possible to hide the InfoAreas button if you do not want the user to see all queries in the system. The authorization object S_RS_FOLD with the field SUP_FOLDER can be used here. In order to hide the InfoArea button, set this field to X when authorizing, otherwise leave the field blank or set it to * asterisk all authorizations) The button will be displayed if the authorization check fails. Authorizations by User It is also possible to make queries from particular users (= OWNER = query creator) available to other users (= USER) for display or processing. The authorization object S_RS_COMP1 with four fields (COMPID, COMPTYPE, OWNER, ACTVT) is used here. You can grant this authorization to a particular team or use the variable $USER to give all users the authorization for queries that they created themselves. $USER is replaced by the corresponding user name during the authorization check.

How can we disable info area when we're opening query ??

Dear All,
It's regarding authorization in query designer.
I've already created roles .. So if user's opening the query, they can see their authorized query in roles group.
But ..
When they're opening the query, they also can search the query by info-area. When they search the query by info-area, they can see all query.
My question is:
1. How can we disable the feature to seek the report by info-area ??
2. Do you know what the authorization is for maintaining part ??
Regards,
Niel.

Hi Niel
You can try the S_RS_FOLD authorization object.
Definition
With this authorization object, you can deactivate the general view of the 'InfoArea' folder. Then only the favorites and roles appear in the BEx open dialog for queries. The view of the InfoAreas is hidden.
Defined fields
The object contains a field:
SUP_FOLDER: Hide the file view if the field is set to 'True' ('X'). If both 'True' and 'False' is selected ('All Values'), the value 'False' is valid, meaning that the 'InfoAreas' file is not hidden.
Hope this helps.
Regards
Gaurav
Edited by: Gaurav on Oct 13, 2008 6:01 AM

Need help with workbook

Hello friends,
we have presently 5 workbook in Prod box now 2 of them are not working fine so we want to give just three reports access to user and move remaining two workbooks to other folder.
Can you please suggest how we can do this
Please provide me steps for this, as I am not at all clear about this.
Full points will be assigned to correct and to the point replies.
Krish Kumar
[email protected]

HI,
If you want to save the workbook in a different folder, you have to do this :
1)Open the workbokk
2)Click in the save icon and select "save as new workbook"
3)In the left side of the screen, proabably you will have
2 buttons : Favorites and Role, you have to select "Role", and after that in the right side of the screen it shows up all the folders that you can save it.
Done !!!
After that, you will have to delete the workbook from the first folder in order to avoid duplicated workooks
Regards

Delete workbooks

Hi Gurus,
I want to erase 2 workbooks a query, but since BEX analyzer can not because I do not appear.
However, the repository of metadata one of these books work exists in active version and the other does not even exist ... and because I need to delete this retringidos creating ratios calculated and duplications within the query.
There is a transaction or table where you can see these workbooks and removal?
Greetings and thanks.

HI,
One way in the Bex Analyzer is to click the Open button and choose Workbooks...you can select and delete (delete button) from the Favorites or Roles folder views.
You will be able to delete the workbook if you have proper authorization.
You can do it in bex analyzer-open-workbooks and select the workbook and delete clicking on the delete icon.
Hope it helps..
Regards
Raj

Workbooks - Where-Used

Hi Guys,
I want to know if there is any way of finding all the work-books associated with a query. If i use the where-used list in the query designer, it gives the names of workbooks in our (developer's) favorites and roles. I would like to know the names of all the workbooks(associated with the query)which have been saved in user's favorites.
Regards

Hi Bhanu,
I am sorry for not being clear. I can see the technical names too in the Metadata repository. What i meant to say was, the workbook in the roles folder has a technical name of 'T1' which i can see in the metadata repos. When this workbook was saved by some user into his favorties, the technical name of that workbook will be 'T2', which cannot be seen in 'Metadata repository'.
I would like to know where will 'T2' information be stored?
Regards
Message was edited by: George Smith

Portal favorites doesn't work after role change

Dear all,
we encounter the following problem in our EP:
We have an WAD-Template stored in a folder. If a user is assigned to a specific portal role, he can see and execute the report. While executing he is allowed to store the report in his personal portal favorites.
Last week we joined three old portal roles (names: OLD_A, OLD_B and OLD_C) to a new one NEW_A containing all reports of OLD_A, OLD_B and OLD_C. After that we assigned the new role NEW_A to all users formerly assigned to at least one of OLD_A, OLD_B or OLD_C. In addition we unassigned the users from the old roles.
As a consequence the users now see all the reports of the old roles in their portal menu (as they are stored now in NEW_A) BUT the old favorites saved before the role change could not be opened anymore. The following error message appears:
"Page not found or not available"
We found out so far, that the favorite stores the combination of role and iview (in this case OLD_A and the iview-name). If the role changes the pcd-link is different.
Does anyone know this behaviour? How can we change the access pcd-link in the content management manually or by script/program?
Any help is appreciated.
Best regards,
Volker Schmitt

Yes I saw this thread too. However, I think viveknidhi solution is pointless for us since we can not perform this operation manualy for each favorite...
For the moment, based on what I red on forums and sap documentations, there is no workaround. Portal favorites are hardcoded pcd urls to the navigation node. If we modify our roles we will loose related favorites since the navigation node will change.
I hope you will find a solution to move forward.
Regards,
Alexis M.

How to add a role to the Portal Favorites

Hello gurus,
I have a role to add to the Portal Favorites to avoid drilling down to many levels, does anyone know how to add a role to the Portal Favorites?
Thanks in advance for your response.
Regards,
Niki Nguyen
Message was edited by:
 Niki Nguyen
Message was edited by:
 Niki Nguyen

Niki,
The documentation says that
The Portal Favorites iView contains a freely definable list of links for direct access to items that you use regularly. This can include the following:
● Portal pages and iViews that run as full-page applications
● Documents, folders, and other items in KM repositories
● External items, such as Internet pages
So we can't do it for Roles.
For detailed information see <a href="http://help.sap.com/saphelp_nw04/helpdata/en/3a/d609e5803111d5992f00508b6b8b11/frameset.htm">Portal Favorites</a>
Mr.Chowdary

Favorities to Roles

Similar Messages

Maybe you are looking for