Hierarchy authorization default pick

Similar Messages

• Hierarchy authorization based on 0CCA_O01

  Hello experts,
  I have loaded single values & intervals for costcenters authorizations into 0CCA_O01. I have no heirarchy authorizations available.
  Now user still wants to select costcenters in query by hierarchy nodes, but he should only see nodes and leaves determined by single authorizations.
  Anybody have an idea how could this be done?
  Any help will be appreciated.
  BR
  Ondrej

  Hi,
  I am not sure if we can do a load via flat file into 0CCA_O01. If yes, please create a flat file containing hierarchy authorization details and load it to 0CCA_O01.
  If not, we can create another DSO for hierarchy authorization.
  I hope it should solve your problem.
  Regards,
  Gaurav

• Authorization default values of transaction /MRSS/PLBOMGR for object /MRSS/

  Hello,
    When I add the tcode "/MRSS/PLBOORGM " throuh the menu tab and when I go the authrization tab and click  on either
      Change Authorization Data or    Expert Mode for Profile Generation the is an error message stating the following :
  ======================================================================================
  Authorization default values of transaction /MRSS/PLBOORGM for object /MRSS/PB1 inconsistent
  Message no. 5@015
  Diagnosis
  The authorization fields contained in the authorization defaults are incomplete or incorrect.
  System Response
  The process had to be terminated to avoid generating inconsistent authorization data.
  Procedure
  Use transaction SU24 to adjust the authorization defaults to the object definitions in transaction SU21 and then repeat the process.
  ============================================================================================
  SU24, the custom values maintained are same as SAP Default . Any suggestion?
  Thanks
  Osama Khalifa

  This indicates one of two things resulting from changes to the authorization object AFTER SU22 had been maintained for it:
  1) One or more of the fields were converted to org. levels using the "old" technique of maintaining the table instead of running the report for this.
  2) One of more of the fields were changed in SU20 or SU21 but the original data in SU22 was not corrected.
  Solution in both cases is to correct the proposals in SU24 (customer data) and report it to SAP to correct in SU22 (original SAP data).
  Cheers,
  Julius

• Restriciting BI query for Hierarchy authorization for a defined group

  Hi Friends
  We are trying to restrict the Display with respect to the company codes group.
  We have defined the authoirzation for BI w.r.t to the company code and groups ( collection of co.codes ) ..We have defined the authoirzation object under Rsecadmin and restricted the display for only group eg: GH3 . However when we ran the query we can see all the companies / groups. Also tried with putting the GHR group under Hierarchy authorization but still have the same result.
  Can you please let me know what is going wrong
  thank for all your help..

  We have defined the authoirzation for BI w.r.t to the company code and groups ( collection of co.codes ) ..We have defined the authoirzation object under Rsecadmin and restricted the display for only group eg: GH3 .
  Did you check if the infoprovider(s) which your query is hitting upon has company code and company groups checked as authorization relevant in RSA1?
  Thanks
  Sandipan

• Authorization default values of transaction F-53 for object F_FAGL_LDR

  All,
  I am getting this error when I go to adjust an existing role
  "Authorization default values of transaction F-53 for object F_FAGL_LDR inconsistant"
  Can any one help me resolve this issue?  I tried to set the check indicator to "NO" but it is still giving me the error at the bottom.
  Please assist.

  > ... they had me add Profit center to F_FAGL_LDR through SU21 and then I ran into the inconsistant issue.
  This part was missing before hand... I can understand that SAP said this is not support, because you have modified as standard object by adding a field to it... that makes it yours now.
  Whoever "they" is, they gave you bad advice.
  To repair the authorization object preferably do so by transporting it from a system on the same release which still has the standard fields.
  Cheers,
  Julius
  Edited by: Julius Bussche on Aug 15, 2009 3:30 PM

• Possible to combine Value and Hierarchy Authorizations?

  Hello Experts!
  Could anyone please tell me something about the interaction between value and hierarchy authorizations for the same info object?
  I created an authorization for an info object which makes use of both in some queries. But if you activate a hierarchy in query designer, the value authorizations seem not to work anymore. Instead the hierarchy authorizations restrict the analysis result. I get datasets in the result without having the corresponding value authorizations.
  Is there a way to ONLY use value authorizations which also work if you activate a hierarchy on an info object???
  Thanks in advance.....
  Bye,
  Joerg

  No you can't. GRE is only designed to carry routing protocols and multicast traffic over VPNs.
  It is also bad design practise to design a network that carry's L2 vlan's over a WAN or internet link.
  You have to ask yourself why you would want to carry VLANs over VPNs?
  Hope this helps.

• How to default picked quantity in Outbound Delvery Creation?

  Dear experts,
  Is there way to automatically default picked quantity to quantity actually delivered during outbound delivery creation (VL01N)?
  Thanks,
  Richard

  Hi,
  There were some similar functionality as you need be using the standard picking list (message type V4, condition type EK00).
  This condition type EK00 has assigned the program /SMB40/RVADEK01 (in my 4.7 system). This standard program is calling after issuing the picking list (if everything is OK and you are not in preview mode) a form which is updating the picking quantities to be the same as the delivery quantities.
  So, one ideea is to implement this message EK00 to be issued automatically for your delivery on save (time 4) and setting for example to issue the message in the spool and not printing it or something like that.
  Also, if you want a nicer solution you should create a new message and copy the functionality from EK00 and not issue any form but just update the quantity.
  If you need some additional help please tell me (settings for EK00 are some how hidden in the SPRO )
  BR,
  Valentin

• Profit Center Hierarchy: Authorization Error

  Hello,
  Right we are generating hierarchies for users on the object Profit center.  We want to have a separate data role that gives access to the authorization object ZPROFITCTR.  What should the values be for PROFIT_CTR and TCTAUTHH if we want to check what authorizations have already been generated for the user?  I am thinking there must be a way to do this rather than create a different data role for each user.
  I have done a lot of reading and have found if you specify the value ' ' for OTCTAUTHH as a value if only hierarchy authorizations are to be in effect.  I thought this would mean generated heirarchies would be checked and would give a user access to 0PROFITCTR, but that was not the case.
  Thanks,
  Brian

  try to re-transport PCA
  IMG; CO--> PCA --> tools --> transaport customizing set. -->
  but i believe if you transport only the "master data" Q will function fine. ( try OKEQ first)

• Hierarchy Authorization in free characteristics not working

  Hi,
  we found aproblem while running a query with authorization objects for a hierarchy node (0SALES_OFF).
  - Z_HPRODPIS (Hierarchy for sales offices) with fields:
  - 0SALES_OFF Sales Office
  - 0TCTAUTHH Authorization for hierarchy
    We create hierarchy authorization for nodes:
     - Type of authorization           2
     - Hierarchy level                    3
  We would like to have characteristic 0SALES_OFF in the free characteristics section when running the query.
  In this case we get an error "No authorizations", but after drill down in rows, hierarchy node members for 0SALES_OFF are displayed.
  Is this an usual behavior?
  We would not like to create several queries, if we could cover user requirements with one query with several characteristics as free characteristics (also 0SALES_OFF).
  Thanks, Tomaz

  Hi !
  have you tried restricting it with a variable?
  with regards
  ashwin

• Hierarchy authorization

  Hi All,
  We have upgraded our BI system to the new security approach 7. We created the corresponding roles/objects thru the RSECADMIN t-code for 0COUNTRY and some other infoObjects where the 0COUNTRY is navegational attribute, for example the 0COMP_CODE__0COUNTRY, and everything is workink fine.
  The 0COUNTRY and (i.e.) the 0COMP_CODE__0COUNTRY are checked as Authorization Relevant.
  Now, we want to create a hierarchy for the 0COUNTRY infoObject, and I would like to know if the security done at the value level is enought to restrict the data or we need to create some new roles/objects thru the RSECADMIN in order to do the same restriction done to the flat values now at the hierarchy.
  We dont mind the intermediate nodes (regions), just the country values for the hierarchy.
  For example, we need the following hierarchy:
  World
  |_ Europe
       |_ Germany
       |_ Italy
       |_ Spain
  |_ Asia
       |_ China
       |_ Japan
  With variable authorization we need:
  If user has just Spain, show Spain.
  World
  |_ Europe
       |_ Spain
  If user has Germany, Italy, Spain.
  World
  |_ Europe
       |_ Germany
       |_ Italy
       |_ Spain
  If user has *.
  World
  |_ Europe
       |_ Germany
       |_ Italy
       |_ Spain
  |_ Asia
       |_ China
       |_ Japan
  Right now, without using hierarchy, the data is showing ok depending on the authorization that user has (allways using authorization variables in the query).
  Regards, Federico

  Hi Federico,
  Yes, your approach is right. You can restrict the InfoObject 0COUNTRY and then maintain the country values in the Analysis Authorizations (its no more a hierarchy authorization).
  The EQ can be used to maintain a single country (you need to add multiple EQs if you wish to add morethan 1 country in the same analysis authorization)
  The CP can be used to maintain with a pattern such as A* countries etc
  The BT can be used to give a range.
  However, ensure that the user has authorization to all the Infoareas (bottom - up) and queries so that his/her authorization can be restricted.
  Regards,
  Raghu

• Hierarchy authorization with variables of type exit

  Hi all,
  I am trying to implement hierarchy based authorizations with variables. After collecting information from the SAP documentation and this forum, I think I know more or less how to do it, but it's not working and it has me very confused.
  These are the steps I have followed:
  - From RSSM, I have created a hierarchy authorization object including my characteristic and 0TCTAUTHH
  - From RSSM again, I have created a hierarchy authorization pointing to the node $ZG_V_008
  - From the Query designer, I have created a hierarchy node variable of processing type customer exit ZG_V_008 (are any special settings needed here?)
  - From the Query designer, I have created <b>another</b> hierarchy node variable of processing type authorization, and I have used this variable to restrict the hierarchy for my characteristic
  - I have edited the EXIT_SAPLRRS0_001 to watch for I_STEP = 0 and give values to ZG_V_008 (we'll get to my code later in case we solve this issue first
  It is my understanding that with this setup, the user exit will be called to process the value of ZG_V_008 in I_STEP = 0, however, when debugging, I don't see any calls for the function with I_STEP = 0.
  What have I done wrong?
  Thanks a lot in advance.
  Guillermo

  Thanks, Jimmy, but that does not help much: my problem is that my user exit is not evaluated with I_STEP=0, but there are no error messages or anything like that.
  I have created a test user <b>without</b> a developer role to see if that could have any impact, but it's still not working.
  Any ideas?

• Hierarchy Authorization Problem

  Hi experts!
  I am implementing Analysis Authorization Using Variable and one of the object is Org unit hierarchy authorization. The idea is to populate the personnel's authorized value of org unit into the hierarchy authorization and it is then allowed to see its node and anything below its node.
  Say for example I am Authorized to Orgunit A0 and I should see A1 and A2 as well which are the children of A0 and when I ran the query I am only able to see A0 only thou there are records of A1 and A2
  What should I toggle to be able to see A0 together with its children (A1 and A2)?
  The settings in for hierarchy authorization is TYPE 1( Subtrees below the node ) and Validity Range 2 (Name Identical)
  Points will be awarded !
  Edited by: Chee Jason on Aug 20, 2008 9:08 AM

  Just an update on the problem here
  I suspect it is the problem with my customer exit because when I maintain the value directly it, appears correctly.
  I wonder if I do it correctly. Here is a snippet of the code... Please advise me. Thanks!
  DATA: L_S_RANGE  TYPE RSR_S_RANGESID
  L_S_RANGE-LOW = 'A0'.
  L_S_RANGE-SIGN = 'I'.
  L_S_RANGE-OPT = 'EQ'.
  Append L_S_RANGE TO E_T_RANGE
  Edited by: Chee Jason on Aug 20, 2008 11:40 AM

• Hierarchy Authorization using Variable via Customer Exit

  Hi experts,
  I am wondering if I can do Hierarchy Authorization using Variable via Customer Exit? I know it can be done on normal value authorization by putting $+(the variable name). So can we do the same for Hierarchy authorization?
  For my case I have a 0ORGUNIT and I would allow the role to access anything below its node. So do I put $VARORGUNIT in Technical Node Name and Hierarchy name as ORGEH, Type of authorization = 1 and Area of Validity = 3.
  Points will be given!
  Thanx!

  Hello Chee Jason,
  Are you working with version 3.5 or 7.0
  How do you specify Hierarchy variable?
  Any advise you can share is very much appreciated.
  Thanks,
  Patrick

• Bw time dependent hierarchy authorization in Hr - Key date problem - 0orgunit

  Hello Gurus,
  I'm facing a problem with the 0Orgunit hierarchy authorization.
  In the Rsecadmin screen we set the hierarchy authorization for 0orgunit characteristic, before selecting the hierarchy node, we enter the key date.
  I tried many cases, but neither of the key dates gives the correct results in the report. (Todays date, 01.01.1900, 31.12.9999 etc..)
  In the report the key date variable is generated by RSTHJTMAINT transaction. I guess, this is creating a problem with the authorization key date.
  A similar problem is told in the following link as well:
  http://scn.sap.com/thread/1437951
  I spend some hours, and tried many possibilities (validity period etc.), but I could'nt get it worked.
  I'm not sure if I had this error before 7.31 update.
  With this opportunity, I want to thank you every one in the Sdn community. It helps a lot for resolving our issues and sharing the knowledge.
  Thanks a lot.
  Regards.

  Hi Norbert,
  Can you check that the SAP note 1301644 has been applied in your system.
  Best Regards,
  Des Gallagher

• TFS subscribed Reports is by default picking Users Email Alias in TO Field

  Hello All,
  We have a TFS and SQL SSRS, users recently subscribed for TFS reports.
  In TO filed it's by default picking up Users Email Alias and it's completely Grayed out, they cannot change it.
  We Admins have an option to change it to what ever and it's not grayed out.
  Also in RSReportServer.config
  we have the <sendEmailToUserAlias>True</sendEmailToUserAlias>
  Just want to check
  Is there a way to have SSRS not pull the alias email but use the full email address from AD?
  MCTS-Microsoft Exchange Adminstrator,2010

  Hi Lync Geek,
  Per my understanding that you want to change the default email address in the TO field, right?
  Generally, When SendEmailToUserAlias is set to True, users who define individual subscriptions are automatically specified as recipients of the report. The To field is hidden. If this value is False, the To field is visible. Set this value to True if you
  want maximum control over report distribution. Valid values include the following:
  True =The e-mail address of the user creating the subscription is used. This is the default value.
  False =Any e-mail address can be specified.
  If you want to change the default value in the To field you can add some code at last in the SubscriptionProperties.aspx file which path like "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportManager\Pages"
  Code:
  <script runat="server">  
   protected void Page_Load(object sender, EventArgs e)
       Page.ClientScript.RegisterStartupScript(typeof(Page),"MyScript", "var To = document.getElementById('ToEmailAddressesID');To.value =
  '[email protected]';",true);}
   </script>
  Once you have done the modifycation, everytime you creata an new subscription the specified email address in To field will load automatically.
  More Details information, please reference to this FAQ:
  [Forum FAQ] How do I change default values shown in Report
  Delivery Options?
  If you still have any problem, please feel free to ask.
  Regards,
  Vicky Liu
  Vicky Liu
  TechNet Community Support