Folder authorizations in PI 7.1 EHP1

Similar Messages

• Manage BOBJ folder authorization with Solution Manager

  Hi Expert,
  At first I'll speak about our landscape, it include SAP BW as DWH, BO 4.1 for WEBI reporting (it is a migration project, the universes are connected to the infocube BW) and solution manager as central system for the monitoring and authorization management.
  I'm new on BO, and I'm facing this question: is it possible with abap role Sol Man to manage the authorization for the folders on BOBJ launch pad?
  I'm thinking if it is possible to create an abap role with menu hierarchy, and to import this into BOBJ (like with enterprise portal) in order to post the webi report into a specific folder with it's own authorization roles.
  I know that it's possible to import abap role from BW to BO, so it should be possible also from sol man, but this concerns the 'data' authorization.
  has anyone faced this issue?
  Thank you in advance.
  Lucia

  Unfortunately, this is not possible and big limitation regarding the integration with BO and BW. You need to import the rolesand assign them to folders manually...
  You could automate it if you know SDK but you will have to evaluate if it's worth the effort

• Folder -authorization

  Dear all,
  My client want authorization of creation and deletion of folder for perticular user in easy DMS.
  How can I map  this in sap ?
  kindly give me detail
  Edited by: Harish Parab on Sep 1, 2009 8:08 AM

  Dear Prasad
  I have checked link. I have use object ACO_SUPER  in t-code PCFG.As per SAP said we can assign the following authorizations to users, user groups, and roles:
  ●      Administrator
  ●      Delete folder
  ●      Delete document
  ●      Change
  ●      Delete subfolder
  ●      Create document and subfolder
  ●      Read metadata
  ●      Read originals
  ●      No authorizations
  But in t-code PFCG I can see only three activity that is
  Administrator
  Read
  Write
  Why other activity is not showing against above object. How can I get it?
  Kindly help

• InfoView Folder Authorization

  Dear All,
  Im trying to set authorization to access shared folders in infoview, i have already grant access to content -> folder -> view object, but i still cant view the folder in infoview.
  Help needed.
  Thanks in Advance.

  Hi
  please make sure that you have also access to the parent folders up to the Top-Level layer (the so-called All folders level). Just go to the CMC and under Folders navigate to Manage->Top Level Security->All folders )
  Regards,
  Stratos

• Invalid payh to WORD templates folder

  Hi experts.
  after upgrade to release from 2005 to 2007 I have a problem with exporting to word.
  the error message is: invalid payh to WORD templates folder [message 20015-6].
  first the upgrade everything worked. I have sap and folder authorization.
  also the export to PDF by clicking the appropriate button does not work. I solved pdf export using file/export/layout to/pdf, but not for word doc.
  I have Sap Business One SP:01 PL:07
  can you help me?
  thanks

  Ciao Pasquale,
  for create a word doc or a pdf doc from a marketing document it is necessary only to click on related word icon or pdf icon; for sure you need to set the correct patch into General Setting tab Path, like " C:\Program Files\SAP\SAP Business One\WordDocs\Italy\ " for the word document and the same for excel files like "C:\Program Files\SAP\SAP Business One\ExclDocs\ ".
  Please verify if into the folder you have this file's:
  CustAccounts.doc
  Docmnhl1.doc
  mnhlDot1.dot
  ToDoLetters.doc
  I've tested into 2007 A SP01 PL08 and I'm not able to reproduce the issue, so I think there is something wrong into the client and I suggest to you to open a customer message to Global Support Center explain in detail what is happen with a little word document with each single step.
  Or you can try to upgrade to the last patch 08 and re-try if the issue is patch depending !
  Regards,
  Massimo Sala - LPE Italy

• Stms problem

  Dear experts:
  I was troubled in my transport system. Our ECC6.0 system run on AIX server, the transport system is very simple, there are only two systems in the landscape,filesystem /usr/sap/trans is export from development server and then mount on production server by NFS. However, as the user ID and group ID in DEV and PRD OS are different, so everytime a change request is released in DEV system, when I try to import it into PRD system, there is a popup with error infomation "Transport control program tp ended with error code 0212 Errors: could not access file as supposed (see dev_tp or". And this error is caused by OS authorization according to the log, the two transport file generated in DEV system couldn't be read by prdadm dur to the authorization limited. So how can I solve this problem?
  Thanks all very much!

  Thanks for your reply.
  Yes, there are only two systems in transport route, and DEV is the domain controller.
  I have checked in SAP system and the result is ok.
  To avoid authorization problem, I grant 777 to directory trans and then prdadm is able to cotrol files in this folder, but the problem is even the folder authorization is 777, after I release a new change request, the new files are generated with 664, usr and group is devadm:sapsys in DEV system, however, in PRD side, prdadm doesn't have authrization to control this file, as sapsys group ID isn't same in DEV and PRD system.
  So everytime I need to change anthorization for the two files manully before it can be imported.

• Implementation-1

  We are using SAP GUI 720 and Easy DMS 7.1.2.4:  (Unicode), storing the documents in Content server.
  Please help us to get the solution as ASAP.
  1. See the below case. How to handle this?
  u2022     Locate/Search the document in DMS folder with restricted access through ACL.
  Case: Folder- (No Access)
            Sub folder-     (No Access)
                      1     Document authorization (Access)
                      2     No access
  User want to see the folder strcuture to locate the individual document.
  2.How to deactivate or control the inherited folder authorization when and where it is needed?
  3. How to handle below requirement of Multiuser Checkout in shared mode and capturing changes, tracking versions?

  Hi Sandy,
  I'm sorry but I think that these general question on the implementation is maybe a bit to complex to handle it in this forum. From my point of view I would recommend you to get in contact with an experienced consulting organisation which will help you to setup your system according to your requirements.
  Best regards,
  Christoph

• Visibility and Authorisation of Cfolders

  Hi ,
  I am working on a SNC+C-Folders collab project for a major discrete manufacturing co. Am stuck at 2 places in cfolders and would seriously appreciate  some pointers to get me out of this ...
  1. Is there a way to control visibility of non-relevant folders in a public work area in a collaborative scenario. Meaning : If cfolders is accessible to say 3 suppliers : S1, S2 and S3. And I as an administrator from client's(customers) side want S1 to access folders where it uploads files ( or whatever docs) while at the same time not let him see folders accesible to  S2 and S3 ; how can it be configured?  
  2. When I go to the authorisation tab for a particular folder and check "None" for a particular user  ; I expected the folder go invisible  or at least non-accessible to that particular user. However this is not happening . In fact the user can read/write / delete and do all  things with that folder ! Could you please throw some light ...
  Thanks

  Hello
  Please check the below points mentioned below,
  1. As per your explanation, the public folder is been viewed by the client  and the three suppliers (correct me If I am wrong). Now you want that client uploads anything for particular supplier S1 must not be seen to other suppliers S2 and S3.
  You can go in each of the specific supplier(s1) folder authorization, and select write authorization to the specific supplier (s1) and select none authorization to other suppliers (S2 & S3). This will show that the (S2 and S3) can only be able to view the S1 folder/ or be able to view only his(supplier) folder .
  2. In second case, when you select none authorization for the user in particular folder, he will be able to see the folder but inside that folder he wont able to see any thing.
  If still you have any issues please reply.
  Regards,
  Abhishek
  Edited by: Abhishek Deshpande on Aug 1, 2011 2:15 PM

• Import SAP BW roles to SAP BO withour prefix

  Hello,
  we are re-using our SAP BW authorizations roles for folder authorizations in SAP BO.
  Therefore we import roles from SAP BW source system and add these roles to different BO-Groups. Folder authorizations are maintained for these BO Groups.
  Import of roles works - but all imported roles / Groups start with a prefix "<SYS-ID>~<CLNT>@"
  So if we promote groups/authorizations to qa and prod system we have to add BW roles in each system.
  E.g.
       DEV-System:
            DEV~001@BW_ROLE --> added to BO Group "BW"
       Promotion to QA-System:
            BO Group contains Role DEV~001@BW_ROLE and QA~002@BW_ROLE has to be added.
  How to avoid this?
  There is a similar issue with user which has been resolved by maintaing registry setting.
  HKLM\SOFTWARE\SAP BusinessObjects\Suite XI 4.0\Enterprise\Auth Plugins\secSAPR3\SimpleUsernameFormat
  Thanks and best regards,
  Christian
  P.S. we are using BI 4.1

  Hello Ingo,
  A small clarification w.r.to security maintenance in BO w.r.to SAP report execution...
  If I have roles created/maintained in SAP to restrict the access in terms of what data is available for an end user, and if these roles have been imported into BO and have been assigned to different groups as per the user grouping roles in SAP.
  And later, if additional access in terms of data has been assigned to the SAP role....does the group on BO has to be changed as the data access provided is only on SAP side.
  As my understanding is the groups on the BO side are only to dictate what level of access does the user have for BO tools in terms of changing/creating/deleting BO reports and not what kind of data is accessed in SAP.
  Can you please confirm the same.
  Thanks
  Dharma.

• IPod Touch with two computers/libraries/accounts?

  I just bought my wife an iPod Touch. Since I have a huge iTunes library, I was hoping there was a way she could plug her iPod into my MacBook and, using the "manage iPod music manually" function, drag and drop the music she wants from my library. However, she would still download apps, movies and TV shows and do whatever other synching and management is required from her own iBook using her own iTunes account.
  Does that make sense?
  There shouldn't be any digital rights issues because 99.9 percent of the music in my library was ripped from CD, but I seem to recall when I first got my iPod a few years ago that Apple did not allow users to copy music to an iPod from an iTunes library other than the iPod user's "home" library to prevent sharing of music. Does that restriction still exist? If so, does anyone have any suggestions on how to handle this situation?
  If worse comes to worse, she can always download the CDs she wants to her own iTunes library, but I was hoping we could avoid that laborious task.
  Thanks!

  That is possible, Nowadays when you set it to 'manually manage iPod' and you plug into second computer you click 'ignore' to something like 'do you want to format it to use with this computer', and it will allow you to add songs from a second computer, but wont let you touch them with the first computer.
  When i got a second computer i dumped the iTunes lib file and the music folder to the and place it should be, and i think my iPod thinks they are the same computer... you can dump the iTunes Lib file onto her computer (if you put it on a PC remember to add the file ext.) and move only the music/apps/ect she wants to her computer... and then open itunes and it will give you errors on the files you didn't move over and just delete them from her iTunes, and authorize a second computer to your iTunes account and DRM files will work.
  or you could just start her with fresh iTunes and dump the music files from your mac into her iTunes and they will copy to her computer (you must move apps manually, just place them in the same spot you found them in in your iTUnes folder), authorize her computer with your iTunes account and it will ask you to download your items you have bought from your iTunes account (or if you copied them from your computer and she doesn't want the others click 'no')

• Can we restrict help for some users

  Hello Experts,
  Can we restrict some users for Help.
  Help Required,
  Regards,

  I don't understand your motive to block the user browsing help.  However, it can be done through shared folder authorization to block those users.  You don't need any functions from B1.  Just need to set help files under shared folder.
  Thanks,
  Gordon

• Problem form client windows vista in filesharing OSX server 10.5.7

  I have a technical question
  I ve a zip file in OSX filesharing and fail to
  unzip from a windows vista pc in the same network folder
  authorizations are OK
  The unzip on my desktop, it is ok
  The problem there is only Windows Vista and Linux Ubuntu server 9.4
  With Xp System is OK
  The Autentication is with Active Directory
  I hope help Me
  Alex

  There may be many causes for unzip not working within the share.
  Very likely it is a question of permissions within the folder where you try to unzip your ZIP-file.
  Possibly you are not allowed to write. Or there may be ACLs active either on the entire share or the folder in question which may disable writing into directories (that is disabling creating files) or disable writing to files (that is saving files).
  Thus with the information given, you'll probably won't see a satisfying answer for your question here

• Problem with Authorization for Planning folder

  Hi an having a problem with providing authorization for a planning folder
  i am getting the following error when i test it with test user
  Error while calling up RFC
  Message no. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "You do not have authorization for InfoCube ZT_MR_T "
  Procedure
  Inform the system administrator.
  we are not pulling the data from any other server, all the data is on the sif any one has faced the same issue let me know.
  Regards,
  Abraham

  Calling Thru Trans code: BPS0 in ECC 6
  getting this error:
  Error while calling up RFC
  Message No. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "An error occurred during the receipt of a complex parameter."
  after i check in bw trans code:st22
  Following this error message:
  Category                   Internal Kernel Error
  Runtime Errors         PARAMETER_CONVERSION_ERROR
  Application Component  BC-MID-RFC
  Short text
      An error occurred during the receipt of a complex parameter.
  What happened?
      During a remote function call, an error occurred while converting
      a complex parameter.
  What can you do?
      Note which actions and input led to the error.
      For further help in handling the problem, contact your SAP administrator
      You can use the ABAP dump analysis transaction ST22 to view and manage
      termination messages, in particular for long term reference.
  Error analysis
      An error occurred during the conversion of a complex parameter.

• Problem with Authorization for BW BPS planning Folder

  Hi an having a problem with providing authorization for a planning folder
  i am getting the following error when i test it with test user
  Error while calling up RFC
  Message no. UPC202
  Diagnosis
  You have selected a function, to execute this the system must set up an RFC connection to another SAP System. However, setting up this connection was not successful. The following internal error message was generated:
  "You do not have authorization for InfoCube ZT_MR_T "
  Procedure
  Inform the system administrator.
  if any one has faced the same issue let me know.
  Regards,
  Abraham

  HI ,
  I Checked it out we dont have that cube in our system.
  Regards,
  Abraham

• Reporting authorization issue after BI 701 05 EHP1 upgrade

  Hello,
  We have recently upgraded our BI 7.0 to BI 701 EHP1 with 05 patch level. After this we had a problem with reporting authorizations for a report (query), which has created under Virtual Infoprovider.
  Earlier the report use to be execute perfectly with authorizations S_RS_ICUBE object with Act 03, Subobject DATA, but after upgrade to EHP1, while executing report its throwing a error pasted below.
  =============================================================================================
  "Diagnosis
  Errors occured while reading a VirtualProvider outside the BI system. Check whether the previous error messages contains any information about the possible cause of this error.
  It is possible that the error message can not be displayed because the error message class does not exist in the BI system. If this is the case, only the name of the error class and the message number are displayed. View the error class in the source system of the VirtualProvider.
  System Response
  Procedure
  Since the error is not necessarily in the BI system, there is no specific procedure for resolving it. With VirtualProviders, problems often occure with the connection to the system; these can lead to system termination. If the code for the VirtualProvider is not from the SAP, contact the relevant person to help resolve the issue.
  If an SQL error is listed in the previous message, see the procedure for SQL errors."
  ===============================================================================================
  After running st01 trace we identified the missing authorization is S_RS_ICUBE with Act 03, subobject DEFINATION.
  Here please tell why is the subobject check is performed to execute a report (query), as this is happening after EHP1 upgrade, so let me know if anyone had any clue on this ...
  Thanks

  Hi Martin,
  Thanks for reply.
  The assumption what you made are correct, but these are the possible reasons only. Is there any specific note or any info from sap that these changes came due to the new release change, so that i can tell my manager clearly.
  And I am not sure whether this is impacting the reports which using the VirtualProviders (Virtual CUBE) in place. If you could get bit more information that will be helpful...Thanks in advance.
  Sridhar