HR - BI7 authorization error trace
Hi gurus,
I had a HR structural brought in to BI7 analysis authorization. I got a test user who has access to a particular node in the heirarchy. I run a query which has a customer exit and this what I got from the trace.
==========================
Characteristic
0ORGUNIT
0TCAACTVT
Partially or Fully Authorized (Intersection)
SQL Format:
ORGUNIT >= '00000001'
AND TCAACTVT = '03'
Result
Not Authorized
The ORGUNIT heirarchy doesn't have that value "00000001" in our heirarchy value always starts with the "5???????". I do not know where it is getting it from..
Can someone of you review and analyze my issue?
Hi Gaurav, First of all thanks for replying to me that quick.
This is what I have in my analysis auth:
Characteristics
0ORGUNIT
0TCAACTVT
0TCAIPROV
0TCAVALID
Value Auth
I EQ #
I EQ :
Hierarchy Auth
Hier Nm Tech Node Nm Typ Level AreaVal
ORGEH $0ORGUNIT 1 0 0
ORGEH REST_H 1 0 0
Similar Messages
-
Hi
Recently we had migrated to the new authorization concept in BI7 after that, when the business users open an query or workbook they get the selection screen and when they press F4 on company code info object (Authorization relevant object) to select values they get an message" you dont have sufficient authorization" and the out put does not get displayed. but as an BW developer i am able to open the same report without any error
I checked in for authorizations in Su01 and su53 every thing looks fine for the business user.
Note: This error occurs only to queries having infoobject company code
Can someone help me out in this issue?
Thanks a lot
SheetalHi sheetal,
I am facing the same problem what you have faced regarding authorization error in BI queries.
when users try to open the workbook, select their options in selection screen and run it, they get warning 'you do not have sufficient authorizations'. when i try to run the same, i am able to open it. this is happening in prod.
how are you able to solve this problem. -
No Authorization error in executing a planning sequence
Hi,
We are using BI 7.0 Integrated Planning.
We have implemented Mark Bernaud's file upload solution. We have used a planning sequence that uploads the file and stores it in a cube. Using it, we are able to upload files without any problem when executing with a SAP User Id which has all the authorizations (the user id has SAP_ALL specified in its list of profiles). Now, we have a requirement where we need to execute the file upload using a user id which has limited authorizations. When we are trying to execute the file upload with the userid that has limited authorizations, we are getting the following authorization error.
'You are not authorized to execute sequence PL_SEQ_FL_UPLOAD'
where PL_SEQ_FL_UPLOAD is the name of planning sequence we are using. We have also included the authorization variable in the filters being used as suggested in one of the blogs but this didn't help.
Could anyone please let us know the authorization objects to be added to the user id to enable access to this file upload.
Many Thanks,
Narendra.Thank you very much Diogo,
The objects you suggested were already there. We have successfully traced the error by switching on the trace using ST01. We found the reason for the error to be that display authorization is not provided for S_RS_PLSQ whereas execute authorization is already present for that.
Once again thanks Diogo.
Many Thanks,
Narendra -
No Authorization Error message while displaying plan data in the layout
I am trying to execute laypr01 layout in planning area 4EXP0001(Delivered Content). I am getting a NO AUTHORIZATION error message. When I went back to SU53 and I can see that all authorizations have been successful.
Can somebody please let me know if I am missing something?
Thanks for your help.
LathaHi Latha,
Run transaction RSSM, go to authorization check log, enter your user. Try execute the BPS layout again, and get the error message.
Then go back to RSSM, and display the Trace by clicking on Trace > Display, and it show you what the authorization problem is.
Hope this helps,
Frank -
NO Authorization error when accessing Functional module RH_CUT_OBJECT
Hi,
I am getting NO AUTHORIZATIOn error when I am executing SE37-->FUNCTIONAL OBJECT-RH_CUT_OBJECT.
I also checked SU53 screenshot which says AUTHORIZATION CHECK SUCCESSFUL and there are no errors or missing authorizations highlighted in SU53.
I switched on the TRACE-ST01 then also the error is not captured.
I would like to know WHY am I getting NO AUTHORIZATION error.
I am already having access to T-CODE SE37, SE11, SE80, SMARTFORMS and authorization object S_DEVELOP.
I need to know this ASAP on why I am getting NO AUTHORIZATION error when I am trying to access the FUNCTIONAL MODULE RH_CUT_OBJECT whereas I am having all the required authorization required for ABAP Developer including SE37.
Is it something I need change at ABAP code level.
Please advise ASAP.The reason is ..You do not have acess to see/acess the data this FM is trying to acess ...Debug the function module keep a breakpoint at The Raise statement see which authorization you do not have ....BTW this is my guess you are trying to demilit certain objects /infotypes using this FM and delimit basically makes that object non-usable in that system .So it is quite evident that every one will not have authorization for that .Please post in detail that what is it that you are trying to achieve using this function module .....
Also you can check with debugging which authority object is being checked before raising the message and can ask security team to get that added to your profile ....
Thanks,
Anjaneya -
Authorizations Error to Access ISR Notifications
Hi All,
Greetings !!!
We have created an application form in Abap Webdynpro using function module ZZHRIQ_SCEN_NOTIF_CREATE_RFC (Copied from HRIQ_SCM1_NOTIF_CREATE_RFC) to create ISR notifications.
This application is working fine when we have given all the roles to the user.
To restrict the authorizations we have removed SAP_ALL and given standard roles as mentioned below...
ZR_SLCM_CA_NO_NOTIF_GENERAL
ZR_SLCM_CA_NO_NOTIF_ISR
ZR_SLCM_CA_NO_NOTIFVIAWEB_EXT.
But we are not able to create notification with above three roles and is giving authorization error as below
The following error text was processed in the system AMD : No authorization for this action
The error occurred on the application server sthamdm8dv_AMD_00 and in the work process 0 .
The termination type was: ERROR_MESSAGE_STATE
The ABAP call stack was:
Method: SAVE of program SAPLQISR1
Form: SAVE_XML of program SAPLQISR1
Function: ISR_NOTIFICATION_CREATE of program SAPLQISR1
Function: ZZHRIQ_SCEN_NOTIF_CREATE_RFC of program SAPLZZHRIQ_IAP_ISR
Method: ONACTIONON_CREATE of program /1BCWDY/CZYEJG42Y595M73Z0SU8==CP
Method: IF_WDR_VIEW_DELEGATE~WD_INVOKE_EVENT_HANDLER of program /1BCWDY/CZYEJG42Y595M73Z0SU8==CP
Method: INVOKE_EVENTHANDLER of program CL_WDR_DELEGATING_VIEW========CP
Method: IF_WDR_ACTION~FIRE of program CL_WDR_ACTION=================CP
Method: DO_HANDLE_ACTION_EVENT of program CL_WDR_WINDOW_PHASE_MODEL=====CP
Method: PROCESS_REQUEST of program CL_WDR_WINDOW_PHASE_MODEL=====CP
Please suggest what additional roles I should assign to user to execute the application successfully.
Thanks in advance....Sudhir,
Please run a security authorization trace to see exactly what authorizations are missing from your user.
Michael -
Authorization error; unknown user name or incorrect password
Hi,
We are facing the issue logging into Integration Builder in PI system getting "Authorization error; unknown user name or incorrect password" for all the users.I able to login NWA in PI system.Please find the default trace details below.help us.
#1.#5611B888D81000840000018F0284005E0004B97914AC4703#1329829595847#com.sap.engine.services.security.authentication.logonapplication#sap.com/com.sap.security.
core.admin#com.sap.engine.services.security.authentication.logonapplication.doLogon#J2EE_GUEST#0##fxtcs.unix_FXT_336466250#Guest#e2057c775c8c11e1bb605611b888d
810#SAPEngine_Application_Thread[impl:3]_49##0#0#Error##Java###doLogon failed
[EXCEPTION]
#1#com.sap.security.core.logon.imp.UMELoginException: USER_AUTH_FAILED
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:946)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:208)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:914)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.uidPasswordLogon(SAPMLogonLogic.java:578)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:158)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regrads,
ManiHi,
Check this for the roles required for integration builder [http://help.sap.com/SAPHELP_NW04S/helpdata/en/c4/51104159ecef23e10000000a155106/content.htm]
Accordingly get the required role assigned to the user you are using there.
Unlock the user if it is locked
Reset the password and provide the new password in the login settings
Give a try again
Regards,
Venkata S Pagolu
Edited by: Venkata Pagolu on Feb 22, 2012 4:23 PM -
Custom Tcode Authorization Error
Dear Security Gurus,
We are getting an authorization while testing Custom Tcode. This tcode is used for Uploading data.
The authorization error shows missing Activity field value and a field called Operating Concern.
The SU53 and the Trace(ST01) show the same error even though the role that is assigned to the user has exactly the required values.
Also Authority Check in the Program of the tcode is maintained for only the Activity field and Operating Concern field.
Hence we are unable to figure out why the auth. issue occurs even though the role assigned to the user has the missing values
Please let me know how I can resolve this authorization issue.
Regards,
ArjunHi ,
Below is the Authority check section of the tcode :
START-OF-SELECTION
PERFORM F_AUTHORIZATION_CHECK
AUTHORITY-CHECK OBJECT 'YTIPRC01' ID 'CEERKRS' FIELD P_ERKRS ID 'ACTVT' FIELD '01'
PERFORM UPLOAD_DATA
CALL FUNCTION 'GUI_UPLOAD'
AUTHORITY-CHECK OBJECT 'S_GUI' ID 'ACTVT' FIELD '60'
Even though I have the ACTVT value 01 and the corresponding CEEKRS (Operating Cncern ) Value in the role I still get the error.
Thanks,
Arjun -
Authorization Error when running queries built on IP Aggregation Levels
Hi,
Did anyone encountered this kind of issue.
We are in NW04s SP 9.
When running a query built on Integrated Planning aggregation levels getting authorization error
" Do not have authorization Component !! ARMMGASL ". (ARMMGASL is the name of Multi Provider)
Queries built directly on Multi Provider "ARMMGASL" works fine.
Security trace doesn't show any failures
Any help or info on this highly appreciated.
Thanks,
Suresh YalavarthiHi Frank,
We have the same issue. What did you do to solve it?
The suggestions you received are already investigated/done, but don't provide a solution.
regards, André -
Authorization error while attaching document in ME22N
Hi,
Scenario 1: I attach a document in ME22N and then save it. Result: I get an authorization error.
Error is: "You have no authorization for extensions (activity03)"
Scenario 2: I just make a change (say in price) without attaching any document and then when i try to save it. Result: There is no authorization error.
Message (output) type in both the cases is EDI.
On further investigation, we found the authority-check abap statement which is responsible for throwing the error.
authority-check object authority_obj_edi_deftool
id 'EDI_TCD' field authority_tcode_edi_deftool
id 'ACTVT' field pi_activity
id 'EDI_DOC' DUMMY
id 'EDI_CIM' field pi_cimtyp.
This statement gets executed for both the scenarios and with the SAME variables but it throws error in case of scenario 1 only.
Following are the values of the variables in BOTH cases:
authority_obj_edi_deftool = S_IDOCEFT
authority_tcode_edi_deftool = WE30
pi_activity = 03
pi_cimtyp = Z2ORDERS02
Any help is appreciated.
Regards,
ChinmayDear,
Kindly contact your basis team. it will help you.
Please give him SU53 screen short for his reference.
Regards,
Sandip -
Authorization Error on Peoplesoft Login Page
Hi, this is related to the previous project we are still working on.
Invoking a Java Method from Peoplecode
While we have found that our approach have been successful in Dev and Test Environments, once we migrated the changes to Production, it seem to have stoppped working. Our client wants to test the link from Test Environment and would Single Sign On to the Production environment. But we are getting this eror, Authorization Error -- Contact your Security Administrator on the Peoplesoft login page when the link is clicked from the Third Party website.
The node setup for Dev, Test and Prod environments under Node Definitions are using PSFT_CR as the default local node and are all working when ping'ed. The defaut user that is used for allowing public access in the Web Profile are setup'ed just the same in all three environments, and application/web servers have been restarted as well.
One thing we noticed is that the url of the third party website is http and the url for the PS prod is https. Could this be the one causing the error, or have we missed something on the setup.
Again, we appreciate your insights regarding this.
Edited by: Jeremy Leung on Jul 9, 2012 11:50 PMHello,
Have you tried the steps suggested by
Imtiaz Hussain in the
previous thread you queried ?
Is the error the same that you were previously encountering ?
Regards,
Neelesh. -
Authorization error when exporting business system
Hi ,
I am on XI 7.0 spo9.I am trying to transport from dev to qa .
I am able to easily export (login using xisuper ) Technical system.
However while exporting Business system .when it gives me to download a file I get an authorization error .
Kindly helpHi,
Check XISUPER has the below roles in SU01.
SAP_BC_AI_LANDSCAPE_DB_RFC
SAP_SLD_ADMINISTRATOR
SAP_SLD_CONFIGURATOR
SAP_SLD_DEVELOPER
SAP_SLD_ORGANIZER
SAP_SLD_GUEST
add the above roles for XISUPER and get the green color those roles using Tcode : PFCG.
The above roles should be in green color.
Regards,
Venu. -
Log SSP and Authorization Errors
I asked for this on the feature request website
"It seems that apex does not log SSP errors or Authorization errors, or if it does, they are no available in an apex view. For example, if a user changes the page number in the url to a page he is not authorized to see, an error page is dispalyed, telling him that he cannot see this page. As far as I can tell, this error is not logged in the apex views. Same goes for, when a user tries to change an id in the url."
My item was closed with the comments
"The error messages are logged into the activity log if activity logging is enabled for your application. Have a look at the column ERROR_MESSAGE in the view APEX_WORKSPACE_ACTIVITY_LOG. "
Well I tested it again.
I went to a page and changed the item_id and I received the checksum violation message.
I then did a select * FROM APEX_WORKSPACE_ACTIVITY_LOG and looked for the error message.
There was no error message.
Can someone else try this
GusHi Gus,
I just have setup another test at apex.oracle.com
workspace: patricks_test
user: guest
pwd: 123456
1) Run application 24683 and login as guest/123456
2) If you click "Customers" you will get the authorization error
3) If you click "Products" and then pick a product to navigate to page 6 and afterwards modify the value of P6_PRODUCT_ID you will get the checksum error
4) In the Builder navigate to Administration -> Monitor Activity -> By Application -> 24683 and you will see the entries of APEX_WORKSPACE_ACTIVITY_LOG
When you did the query on APEX_WORKSPACE_ACTIVITY_LOG, did you verify that your app is writing activity logs at all? And second, have you connected with the parsing user of your application?
Regards
Patrick
Member of the APEX development team
My Blog: http://www.inside-oracle-apex.com
APEX Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf -
Authorization Error while executing Workbooks,
Dear ALL
We have authorization in place where users are restricted to execute Workbooks PLANT wise.
For this 0PLANT is kept authorization relevant.
0PLANT__0COMP_CODE is Navigational Attribute of 0PLANT also marked as authorization relevant.
Till now all user were assigned the Analysis authorization A_PLNT_XX as 0PLANT = XX
But suddenly now the users are getting authorization error of NOT BEING AUTHORIZED .,
The error log is as shown below.
Relevant Characteristics for Detailed Authorization Check
(Characteristics with Full Authorization Are Not Listed!)
List of Effective Authorization-Relevant Characteristics for InfoProvider ZMMIMMP05:
0PLANT
0PLANT__0COMP_CODE
0TCAACTVT
Subselection (Technical SUBNR) 1
Supplementation of Selection for Aggregated Characteristics
Check Added for Aggregation Authorization: 0PLANT__0COMP_CODE
Authorizations missing for aggregation (":")
Characteristic 1
0PLANT__0COMP_CODE Empty
Entries marked with red do not have aggregation authorization
You can find more information about this here 1140831
The authorization check stops here as this selection is no longer needed
Message EYE007: You do not have sufficient authorization
No Sufficient Authorization for This Subselection (SUBNR)
Following CHANMIDs Are Affected:
51 ( 0PLANT )
Authorization Check Complete
Please let me know the reason for the same.
Also How can i track these changes to avoid such errors
Regards,
AjitHi Ajit,
The authorization log has been improved constantly and try to make it easy to understand.
It says:
Authorizations missing for aggregation (":")
Characteristic 1
0PLANT__0COMP_CODE Empty
Entries marked with red do not have aggregation authorization
You can find more information about this here 1140831
So please click the "1140831" which is a hyperlink bringing you to OSS note 1140831.
The note says:
1140831 Colon authorization during query execution
Part 1: Description of the authorization check
You require aggregation authorization ("colon authorization") to view
the values of an authorization-relevant characteristic in aggregated
form. What does this mean exactly?
Example:
The calendar year (0CALYEAR) characteristic is authorization-relevant
and is contained in the InfoProvider that is in use. You defined a query
as follows:
1. 0CALYEAR is in the free characteristics (not in the drilldown)
without any selections
- or -
2. 0CALYEAR does not exist in the query at all.
In both cases, no 0CALYEAR values are displayed in the query. Also, the
query is not restricted to any 0CALYEAR values. A colon is required for
the authorization check in this situation.
The note contains some more detailed explanation. You could read through it to understand the concept.
Regards,
Patricia -
Authorization error while regestring developer in SSCRkeys
Hi All,
iam trying to register developer in SSCR keys to generate acess key .
iam getting authorization error
How to Register SSCR keys authorization.
pls help me out ....
solutons appreciated
JohnHi juan,
iam getting Authorization Error!
Currently you do not have authorization to use this function. To request the authorization, please contact one of the administrators at your company:
do i need to register for sscr authorization.
solution appreciated
Regards
John
Maybe you are looking for
-
Please help to get onhand stock report with last purchase and billed date warehouse and item wise
please help to get onhand stock report with last purchase and billed date warehouse and item wise
-
Why is playerglobal.swc not included in trunk build of Flex 4.5
Hi, i've downloaded the latest from the Flex SVN trunk, and built it with Ant in every way I can possibly think of (after running Ant -projecthelp). I have Flex 4.5 configured as my Flex SDK in Flex Builder 3, but since playerglobal.swc is not there
-
CDC for Oracle Continually goes to Aborted State - SQL Server 2012
I am setting up a test environment for CDC with an Oracle system. I have everything set up to the point where logs are being read and data appears to be getting added to the CDC tables in SQL Server. However, at different times during the day, the
-
Account Hierarchy : Function Module to get all the nodes of a hierarchy
Hi Experts, Is there a function module which will give as output all the Node GUIDs for a particular account hierarchy in SAP CRM,when the Node GUID of any single node in the same tree is given as input? Best Regards, Ashish Dhagat
-
Open Hub Destination to Informatica
HI All, I am having the following issue. We have created Open Hub Destination on InfoCube for Third Party (Informatica). But the target table is not visible in Informatica. They were able to view if created using InfoSpokes and able to extract using