Hierarchy Authorization Node F4 help
Hi Gurus,
I have created an fixed hierarchy + variable hierarchy node combination and set the authorization for 0profitcenter. But the problem is when run the query in the RSECADMIN analysis, and click on F4, it just shows me the allocated nodes alone,which is perfect. But when i run the same query in portal,,,the F4 functionality shows the entire hierarchy ,but then the screen variable is defaulted with the hierarchy node value ( which is fine).But am confused as to why the F4 shows the entire hierarchy,,, because this would enable other the user to see other profit centers as well is not good.
Can someone help me out on this,,,,its on BW 7,,,
thanks in advance,,
List of vendors can be restricted through user exits,
For plant authorization object for purchase order is M_BEST_WRK &
For purchase organization object is M_BEST_EKO,
You can also personalize header & item level settings in purchase order,So that option for searching in
F4 Selection can be avoided.
Best is to create transaction variant for ME21N using SHD0 for respctive fields.
Edited by: Jeyakanthan A on Apr 9, 2010 10:09 AM
Similar Messages
-
Hierarchy authorization based on 0CCA_O01
Hello experts,
I have loaded single values & intervals for costcenters authorizations into 0CCA_O01. I have no heirarchy authorizations available.
Now user still wants to select costcenters in query by hierarchy nodes, but he should only see nodes and leaves determined by single authorizations.
Anybody have an idea how could this be done?
Any help will be appreciated.
BR
OndrejHi,
I am not sure if we can do a load via flat file into 0CCA_O01. If yes, please create a flat file containing hierarchy authorization details and load it to 0CCA_O01.
If not, we can create another DSO for hierarchy authorization.
I hope it should solve your problem.
Regards,
Gaurav -
Hierarchy authorization with variables of type exit
Hi all,
I am trying to implement hierarchy based authorizations with variables. After collecting information from the SAP documentation and this forum, I think I know more or less how to do it, but it's not working and it has me very confused.
These are the steps I have followed:
- From RSSM, I have created a hierarchy authorization object including my characteristic and 0TCTAUTHH
- From RSSM again, I have created a hierarchy authorization pointing to the node $ZG_V_008
- From the Query designer, I have created a hierarchy node variable of processing type customer exit ZG_V_008 (are any special settings needed here?)
- From the Query designer, I have created <b>another</b> hierarchy node variable of processing type authorization, and I have used this variable to restrict the hierarchy for my characteristic
- I have edited the EXIT_SAPLRRS0_001 to watch for I_STEP = 0 and give values to ZG_V_008 (we'll get to my code later in case we solve this issue first
It is my understanding that with this setup, the user exit will be called to process the value of ZG_V_008 in I_STEP = 0, however, when debugging, I don't see any calls for the function with I_STEP = 0.
What have I done wrong?
Thanks a lot in advance.
GuillermoThanks, Jimmy, but that does not help much: my problem is that my user exit is not evaluated with I_STEP=0, but there are no error messages or anything like that.
I have created a test user <b>without</b> a developer role to see if that could have any impact, but it's still not working.
Any ideas? -
Bw time dependent hierarchy authorization in Hr - Key date problem - 0orgunit
Hello Gurus,
I'm facing a problem with the 0Orgunit hierarchy authorization.
In the Rsecadmin screen we set the hierarchy authorization for 0orgunit characteristic, before selecting the hierarchy node, we enter the key date.
I tried many cases, but neither of the key dates gives the correct results in the report. (Todays date, 01.01.1900, 31.12.9999 etc..)
In the report the key date variable is generated by RSTHJTMAINT transaction. I guess, this is creating a problem with the authorization key date.
A similar problem is told in the following link as well:
http://scn.sap.com/thread/1437951
I spend some hours, and tried many possibilities (validity period etc.), but I could'nt get it worked.
I'm not sure if I had this error before 7.31 update.
With this opportunity, I want to thank you every one in the Sdn community. It helps a lot for resolving our issues and sharing the knowledge.
Thanks a lot.
Regards.Hi Norbert,
Can you check that the SAP note 1301644 has been applied in your system.
Best Regards,
Des Gallagher -
How to import hierarchy text node from BW infoobject
I tried to import hierarchy from BW InfoObject through process chain /CPMB/IMPORT_IOBJ_HIER.
But BPC complains the hierarchy text node haven't been dimension member.
As result, I have to export the hierarchy text node to a flat file and import again which is not convenient.
Does anyone have some best practice for this?
Thank you.Hi,
You can follow the steps mentioned in the below How-to-Guide of sdn. This explains the steps to be implemeted to inport hierarchies.
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c02d0b47-3e54-2d10-0eb7-d722b633b72e
Hope this helps.
Rgds,
Poonam -
Build Hierarchy with nodes with ABAP for custom Infoobject
Hi,
Need to build hierarchy with nodes with abap for custom infoobject.
ThanksHi,
Using information from:
http://help.sap.com/saphelp_nw04/helpdata/en/fa/e92637c2cbf357e10000009b38f936/content.htm
you can bulid flat file with hierarchy data and then load in into BW...
Krzys -
Hierarchy authorization default pick
Hi ,
I have got a profit center hierarchy which is used in the reporting in the selection screen in BW7.0 . I had created authorisations and its working fine through RSECADMIN. but i have got a question, if i leave the selection screen variable profit center empty and execute the report, it says you are not authorized,but then it works fine if i mention a hierarchy node in there. I had mentioned the values in the authorisation, as 2*,,but it doesn' tpick up any..any clues plz..
thanks in advance.Hi,
I am working with the SAP security team to get custom authorization on the Profit Center Hierarchy in place. We need to restrict access to the hierarchy nodes (only certain users need access to certain nodes in the hierarchy).
1) We got into RSECADMIN --> Maintenance --> Created a new authorization object --> added profit center --> in the hierarchy authorization tab, added the hierarchy node and selected the Type of Authorization and Validity range as required and saved the auth object.
2) We created a role in PFCG and added the authorization object to the role(no other authorization objects)
3) Assigned the role to a user and tried testing the reports.
The user could see all the nodes in the hierarchy and also data on the nodes restricted to him/her. Is there any step I am missing? Does the auth object need to be generated in RSECADMIN?
Please advice.
Thanks,
Vivek -
Restriciting BI query for Hierarchy authorization for a defined group
Hi Friends
We are trying to restrict the Display with respect to the company codes group.
We have defined the authoirzation for BI w.r.t to the company code and groups ( collection of co.codes ) ..We have defined the authoirzation object under Rsecadmin and restricted the display for only group eg: GH3 . However when we ran the query we can see all the companies / groups. Also tried with putting the GHR group under Hierarchy authorization but still have the same result.
Can you please let me know what is going wrong
thank for all your help..We have defined the authoirzation for BI w.r.t to the company code and groups ( collection of co.codes ) ..We have defined the authoirzation object under Rsecadmin and restricted the display for only group eg: GH3 .
Did you check if the infoprovider(s) which your query is hitting upon has company code and company groups checked as authorization relevant in RSA1?
Thanks
Sandipan -
Possible to combine Value and Hierarchy Authorizations?
Hello Experts!
Could anyone please tell me something about the interaction between value and hierarchy authorizations for the same info object?
I created an authorization for an info object which makes use of both in some queries. But if you activate a hierarchy in query designer, the value authorizations seem not to work anymore. Instead the hierarchy authorizations restrict the analysis result. I get datasets in the result without having the corresponding value authorizations.
Is there a way to ONLY use value authorizations which also work if you activate a hierarchy on an info object???
Thanks in advance.....
Bye,
JoergNo you can't. GRE is only designed to carry routing protocols and multicast traffic over VPNs.
It is also bad design practise to design a network that carry's L2 vlan's over a WAN or internet link.
You have to ask yourself why you would want to carry VLANs over VPNs?
Hope this helps. -
Hierarchy Authorization in free characteristics not working
Hi,
we found aproblem while running a query with authorization objects for a hierarchy node (0SALES_OFF).
- Z_HPRODPIS (Hierarchy for sales offices) with fields:
- 0SALES_OFF Sales Office
- 0TCTAUTHH Authorization for hierarchy
We create hierarchy authorization for nodes:
- Type of authorization 2
- Hierarchy level 3
We would like to have characteristic 0SALES_OFF in the free characteristics section when running the query.
In this case we get an error "No authorizations", but after drill down in rows, hierarchy node members for 0SALES_OFF are displayed.
Is this an usual behavior?
We would not like to create several queries, if we could cover user requirements with one query with several characteristics as free characteristics (also 0SALES_OFF).
Thanks, TomazHi !
have you tried restricting it with a variable?
with regards
ashwin -
Hi All,
We have upgraded our BI system to the new security approach 7. We created the corresponding roles/objects thru the RSECADMIN t-code for 0COUNTRY and some other infoObjects where the 0COUNTRY is navegational attribute, for example the 0COMP_CODE__0COUNTRY, and everything is workink fine.
The 0COUNTRY and (i.e.) the 0COMP_CODE__0COUNTRY are checked as Authorization Relevant.
Now, we want to create a hierarchy for the 0COUNTRY infoObject, and I would like to know if the security done at the value level is enought to restrict the data or we need to create some new roles/objects thru the RSECADMIN in order to do the same restriction done to the flat values now at the hierarchy.
We dont mind the intermediate nodes (regions), just the country values for the hierarchy.
For example, we need the following hierarchy:
World
|_ Europe
|_ Germany
|_ Italy
|_ Spain
|_ Asia
|_ China
|_ Japan
With variable authorization we need:
If user has just Spain, show Spain.
World
|_ Europe
|_ Spain
If user has Germany, Italy, Spain.
World
|_ Europe
|_ Germany
|_ Italy
|_ Spain
If user has *.
World
|_ Europe
|_ Germany
|_ Italy
|_ Spain
|_ Asia
|_ China
|_ Japan
Right now, without using hierarchy, the data is showing ok depending on the authorization that user has (allways using authorization variables in the query).
Regards, FedericoHi Federico,
Yes, your approach is right. You can restrict the InfoObject 0COUNTRY and then maintain the country values in the Analysis Authorizations (its no more a hierarchy authorization).
The EQ can be used to maintain a single country (you need to add multiple EQs if you wish to add morethan 1 country in the same analysis authorization)
The CP can be used to maintain with a pattern such as A* countries etc
The BT can be used to give a range.
However, ensure that the user has authorization to all the Infoareas (bottom - up) and queries so that his/her authorization can be restricted.
Regards,
Raghu -
Hierarchy Authorization Problem
Hi experts!
I am implementing Analysis Authorization Using Variable and one of the object is Org unit hierarchy authorization. The idea is to populate the personnel's authorized value of org unit into the hierarchy authorization and it is then allowed to see its node and anything below its node.
Say for example I am Authorized to Orgunit A0 and I should see A1 and A2 as well which are the children of A0 and when I ran the query I am only able to see A0 only thou there are records of A1 and A2
What should I toggle to be able to see A0 together with its children (A1 and A2)?
The settings in for hierarchy authorization is TYPE 1( Subtrees below the node ) and Validity Range 2 (Name Identical)
Points will be awarded !
Edited by: Chee Jason on Aug 20, 2008 9:08 AMJust an update on the problem here
I suspect it is the problem with my customer exit because when I maintain the value directly it, appears correctly.
I wonder if I do it correctly. Here is a snippet of the code... Please advise me. Thanks!
DATA: L_S_RANGE TYPE RSR_S_RANGESID
L_S_RANGE-LOW = 'A0'.
L_S_RANGE-SIGN = 'I'.
L_S_RANGE-OPT = 'EQ'.
Append L_S_RANGE TO E_T_RANGE
Edited by: Chee Jason on Aug 20, 2008 11:40 AM -
Hierarchy Authorization using Variable via Customer Exit
Hi experts,
I am wondering if I can do Hierarchy Authorization using Variable via Customer Exit? I know it can be done on normal value authorization by putting $+(the variable name). So can we do the same for Hierarchy authorization?
For my case I have a 0ORGUNIT and I would allow the role to access anything below its node. So do I put $VARORGUNIT in Technical Node Name and Hierarchy name as ORGEH, Type of authorization = 1 and Area of Validity = 3.
Points will be given!
Thanx!Hello Chee Jason,
Are you working with version 3.5 or 7.0
How do you specify Hierarchy variable?
Any advise you can share is very much appreciated.
Thanks,
Patrick -
Just got a new mac mini and I can't figure out how to authorize it. Help!
Just got a new mac mini and cannot figure out how to authorize it. Help!
mLink your phone number and Apple ID for use with FaceTime and iMessage
-
Account dimension hierarchy text nodes ACCTYPE property
Hello,
We have master data being populated into BPC from BW. So for the Account dimension in BPC, we use the 0GL_ACCOUNT infoobject in BW. This infoobject also has all the Financial statement version hierarchies which are being loaded to BPC. The question that I have is, how should the hierarchy text node values for ACCTYPE property be populated if I have to automate this load on a daily basis.
For the actual GL accounts, we have the account number ranges defined. Like 1* series accounts are Assets etc..So we can easily define a rule for populating the ACCTYPE property values. But not sure if there is any easy logic for populating the hierarchy text nodes as we dont have any pattern in them. Would we need to maintain it manually always?
Thanks
GauravHello Richard,
If there is really no logic behind them there is off course no way of automating this. Then I guess you will have to maintain each node separately.
Some customers are also willing to change their text node structure. For example I had one when where the rules for the 0HIER_NODE records were as follows:
* EXP -> Starts with 32*, 311*, 312*, 321*, 3111*, 3112*,
* 3142*, 31111*, 31112*, 311111*
* INC -> Starts with TOT, 3000000000, 3100000000, 313*,
* 322*, 3113*, 3141*, 31113*, 311112*
* AST -> Starts with 1*
* LEQ -> Starts with 2*
Kind regards,
Christophe
Maybe you are looking for
-
After installing Yosemite many of the videos I had in iPhoto won't play at all. All the videos (including missing ones) now have dashes around a thumbnail shape instead of the thumbnails that were there. When I click on the thumbnail shape of any of
-
Loading File name and file contents into two separate tables using Sqlloadr
Hi All, I have situtation like to load File contents into One table and File name into one table . File comes with .txt extension Example : File name : product_09_abc.txt File contents : Productcode ABC CDE EFT Can you please help me out this how can
-
Recommandations for upgrading from 46C to ECC 6.0
Hello Our SAP system landscape is actually in 46c and is only composed of 3 servers with almost 40 users declared (25 actives) on production system. Modules FI/CO HR MM are actually implemented. We plan to upgrade the system to ECC 6.0 between March
-
Intergration OBIEE with Hyperion WORKSPACE and Shared Services
Hi experts, When I try integrate BI Punisher to Hyperion workspace and Shared Services, But When i come to Admin-> BI Punisher -> Integration. I don't see Hyperion Workspace and Shared Services. How can i do? Please help me. Thanks
-
Transaction Code to see all automatic account determination GL
Hi All Please let me know the Transaction Code to see all automatic account determination GL like FI -GL integration with other modules/ submodules like AA,MM,SD, FM,CM etc. I tried with FBKP, but it is not giving all. Regards Sekhar