Identifying hierarchy node in authorization log

Similar Messages

• Authorization log / Hierarchy node in SQL format

  Hi!
  I execute rsudo on a restricted user and the authorization log tells me that this fails because the user is not authorized for "Content(in SQL format): Node 5 8 0 31 E"
  Now how do I translate this sql format into something I can read? I've looked through the hierachy tables for the relevant characteristic but I can only identify 31 as the hierarchy sid and E as the version.

  Vice -
  We had to do basically the same thing for 0CRM_TR hierarchy, but our steps were a little different since we are on BI 7.0 - 2004S.
  We also had to limit the users visibility to data from certain nodes and below on the hierarchy. 
  1st, we made the 0CRM_TR object auth releveant. 
  2nd, we created an analysis authorization for the object via transaction code RSECADMIN.  In the transaction we had to specify the Hierarchy variable name that would be used in Queries.  We then selected the node (GUID) where we wanted the authorizaion to take place.  We set the Type Auth to 1(subtree and below) and Hierarchy Validity Area as 2(Name Identical).  We set it to 2 since the Hierarchy would always be loaded in the same name.

• Variable for hierarchy node using in authorization

  Hi all,
  I have the following problem:
  When I create a variable for a hierarchy node and I use it for the authorization, I have the possibility to say, that a user can see all elements under a node.
  But it should now be possible, that the user can also see the usage of this node bottom-up ( multi-level usage of this node ).
  Is there a possibilty ?
  Thanks
  Dieter

  Hi,
  I would suggest you provide more details than just "doesn't work". In addition keep in mind that this is a forum and not an official support channel. In case you need a faster response you should talk to the support team.
  Ingo

• Authorisation Error - Hierarchy Node

  Hi All,
  I have the following error when I try to run a report, there are madatory fields on the variable screen for Cost Centre Hierachy & Cost Element Hierarchy.  When using BEx Analyser I can enter passed this error message & the report will display results, however when I use the Portal, a different error message appears.
  I need this report to run successfully in the Portal, please can you help
  BEx ANALYSER ERROR MESSAGE
  Diagnosis
  The system has determined the authorized areas (nodes) for the characteristic and the hierarchy (,). It also determined that you do not have authorization for any of these areas.
  System Response
  If this situation was determined while a variable was being filled, the query cannot be executed or the hierarchy is not displayed.
  Procedure
  You have to have authorization for at least one node or leaf for the characteristic and the hierarchy (,) so that something can be displayed.
  If the selection only comprises end nodes ("leaves") and all of these leaves are covered by value authorizations, a query result is still displayed.
  Procedure for System Administration
  PORTAL ERROR MESSAGE
  WARNING EYE (019): No authority for the node from characteristic ASCH407D, hierarchy YIR BI-KPIGRP (00000000,)
    MSGV1: ASCH407D
    MSGV2: YIR BI-KPIGRP
    MSGV3: 00000000
  ABEND RSBOLAP (000): Program error in class SAPMSSY1 method : UNCAUGHT_EXCEPTION
    MSGV1: SAPMSSY1
    MSGV3: UNCAUGHT_EXCEPTION
  & it will not display results

  Hi,
  Using the T-code SU01 check what are the authorization do you have. Identify the authorization which is related to cost center/cost element. In the T-code PFCG check if that authorization includes that cost center/cost element hierarchy node or not?
  In order that query should run in Portal, relevant authorization must be transported to portal.
  Hope it helps.
  Regards,
  Prakash

• How to filter hierarchy node in BEX query designer

  Dear experts
  We are working on FI balance sheet with hierarchy infoobject 0GLACCEXT. Example of our balance sheet is as follow:
  Parent Node A = 20
       Sub-parent Node A1 = 10
           Leaf A11 = 5
               Leaf A12 = 5
  Parent Node B = 20
       Sub-parent Node B1 = 10
                 Leaf B11 = 5
                 Leaf B12 = 5
  We require only:
      Sub-parent Node A1 = 10
      Leaf B12 = 5
  So I filter those out in BEX restriction;  however, after we examine the report in tcode RSRT, "Sub-parent Node A1" is not shown in BEX Report, and the result is as follow：
  Parent Node B = 5
       Sub-parent Node B1 = 5
               Leaf B12 = 5
  Are there solutions for us to show merely A1 and B12 ?

  Hi Chu
  Try the following steps.
  Initial Output
  In this example I will restrict the query for only displaying Node 8603 and leaf 9000
  Proceed to restrict the Characteristic. Please be aware of the difference between hierarchy nodes and leaf characteristic values. Also set the Hierarchy display properties to expand up to level 1.
  Execute the query again:
  Please be aware that users will still be able to expand node 8603 and see the lower level nodes/leaf. In order to restrict users from doing this set up users authorizations.
  Regards,
  Carlos

• BW 3.5 works with multiple nodes for authorizations

  Hi,
  Does BW 3.5 allow to do authorizations on mutiple nodes? It seems that from the How to wotk with hierarchy authorizations paper, the variable can only allow filtering 1 node. for 2.0B. We have requirements to allow viweing multiple nodes in a hierarchy.
  Thanks
  Will

  Hi Will,
  creat a hierarchy-node variable fill by authorizations in the frontend. The type has to be multiple entries (not single value). In RSSM at the hierarchy authorization creation you have to use the F4 for selecting nodes. The F4 allows to drag more nodes into the right frame.
  Cheers
  Peter

• Search Help for Hierarchy Node in SAP BW 7.3

  Hi Experts,
  We were previously using SAP BW 7.1 system and we had a table which used to be maintained through SM30 which has a customed search help on one of the fields for a hierarchy object. And it was working perfectly.
  However, one of our systems have just been migrated into 7.3 version and the above functionality is no longer working.
  This is what is happening now:
  - User selects a hierarchy and after selection nothing is being displayed on field on the table.
  We have tried to debug this customed search help in both environments to distinguish what is wrong. We have noted that a standard function module (RRSV_IOBJ_VALUE_OUTPUT) is not behaving similarly. In 7.1 system, the C_T_DATA table is being filled whereby in the 7.3 system, it is empty.
  Do you think this is the issue?
  Please do advise and propose what can be done to make it work. Or any idea on how to create a new search help for a hierarchy node in 7.3?
  Thanks in advance.

  hi,
  one more thing i will like to add here is in BW 7.3 you get a new security admin feature that allows you to make mass changes to authorizations instead of one-by-one. This can be done by cut-and-paste in a worklist, hierarchy nodes, and you can also add users to multiple analysis authorizations.
  The u2018newu2019 authorizations has both the data value and hierarchy restrictions. You can still build using the u201CRSECADMINu201D transaction
  Also make sure that all objects are in the TLIBG library and they will be 'shielded' during the upgrade.
  regards
  laksh

• Restric to hierarchy nodes and characteristics at the same time

  Hi together,
  I've got a profit center hierarchy and an authorization object with those fields:
  0CO_AREA
  0PROFIT_CTR
  0TCTAUTHH
  The controling area is compounded to the profitcenter.
  Then I created an authorization definition for hierarchies where i added a node from my profit center hierarchy.
  But aditionaly I want to add a single Profit center, which is not below this node. but it does not work. I only get the profit centers below the node i maintained for the hierarchy authorization and not the single entry for the profit center
  How can I setup this situation where I need to maintain on the one side one or more nodes in a hierarchy and then a single profit center which might be under another hierarchy node although this node is not explicitly allowed?
  Kind regards
  Stefan

  Thanks for the reply.  This issue is becoming a major problem for lots of implementations.  I have sent out several forum and OSS on this but no solution.

• Hierarchy node variable in BPS planning level

  Hi gurus,
  I have a set of planning levels and packages that are meant for all users. The users currently are segregated by 0costcenter hierarchy nodes, i.e. groups of users are belonging to different nodes within the 0costcenter hierarchy. These group of users each have its respective authorisation profile assigned based on hierarchy node.
  The planning levels and packages are configured so that 0costcenter is one of the header characteristics in the layout.
  Is there a way for the characteristic 0costcenter in the planning level and packages to derive the cost centers from the authorisation profiles ?
  Advice appreciated.
  Thanks.

  You may consider any of the following:
  1. BPS variables with authorization replacement type.
  2. BPS variables with user defined values replacement type.
  Ravi Thothadri

• Dynamic columns in query depending on hierarchy nodes

  Hello all
  I want to design a query with dynamic number of columns depending on hierarchy node.
  A hierarchy node is selected while running the query and user has authorization to see all subsequent nodes below the selected node.
  e.g. consider grp hierarchy with units and sub-grps as nodes.
  level1 Grp1
  levele2 unit1     :       grp2               :      grp3
  level3              :      unit2   unit4      :    unit4 grp4
  Suppose user select node Grp1, then there should be 3 columns for unit1, grp2, grp3
  If user selects node grp2, then there should be 2 columns for unit2 and unit4
  Please help. Any suggestions highly are highly appreciated.
  Rgds
  Sanjyot

  Surekha,
  Try this.
  Place heirarchy/characteristic in columns, under this place required keyfigure.
  Restrict with variable.
  Srini

• Hierarchy node value in the report

  Hi all,
  I have a 0cost center for which master data hierarchy has been loaded.
  This 0costcenter has 4 hierarchy nodes and under each node there are few cost centers.
  Say these nodes are zones then under each zone there are few costcenters.
  Now my question is in the reporting I want to see the costcenters Zonal wise.
  Say if I want to see only the zone 1 and the rest three zones should not get visible or displayed  then how  could I do that?.
  How can I restrict the other User viewing my zone and the cost centers and their values?
  I want a report based on zones and that to with authorization?
  Thx

  Hi Simon,
  Yes as you said I create a hierarchy node variables for zone 1 ,zone2, zone3, and zone4 and as per the requirement I can call the variable to display the data zone wise.
  When it comes for Users then how could I restrict the variables according to the Users?
  As you said how to fill the node with authorization?
  How to use standard authorizations and where can I find them?
  And how can I fill them at run time?
  how to use personalisation to default in per user the value of the node and then not allow the variable to be user selected, how to do this ?
  plz explain
  Thx

• Authorisation in Hierarchy node variable type

  Hi,
  Is it possible to have a Hierrachy Node variable that is processed by Authorisations ?
  Regards,
  Saurabh Diwakar

  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI
  Create BEX variable for authorization 
  1. Right click on the IO -> choose 'Restrict'
  2. Choose 'Selection' = 'Single Value' and 'from Hierarchy' = 'flat list'
  If a hierarchy exists, select the hierarchy for the IO
  3. Go on the variables tab -> Right click -> 'New variable'
  4. For a restriction without hierarchy, the type of variable is 'Characteristic Value' and if you have choose a hierarchy, the type of variable is 'Hierarchy node'
  5. Select a variable name & a description
  6. Choose 'Processing by': = 'Authorization' then check the characteristic and click 'next'
  7. Choose the display area for the variable -> Variable represents: = 'Single Value' or 'Selection Option'
  8. Choose if the variable entry is Optional or mandatory,
  9. Don't select 'Ready for input' and 'Can be changed in query navigation
  10. Next to the end
  Hope this would help you ...

• Hierarchy Node Restriction

  Hello Gurus,
  I have a Cost Center Hierarchy upto level 4.
  In my Query I want to restrict the Hierarchy Node to Level 2. This shud be a kind of permanent setting. ie; User should not be able to drill down beyond Level 2.
  Is this possible.
  Full points to correct answers.
  Thanks in advance.

  Hey In BI 7.0 it has been made very simple...
  Path A:
  Go to
  1.Rsecadimin>authorization>maintenance
  2.Create and authorization object
  3.Insert the infoobject 0costcenter
  4.Select its row  click on details(lens icon)
  5.Now you will find two tabs one for  a.Value authorization  b.Hierarchy authorization
  6.Click hierarchy authorization and there you can put the name of hierarchy...and select the levels upto which you want to authorize the user...also many different combinations ..try it once and you will enjoy it.....
  Don't forget to use it in the report...using a hierarchy node variable having processing type as authorizations.
  Path B:
  Directly mention that on the Hierarchy tab in the properties window for that infoobject the display is allowed till what level..
  use which ever you prefer..
  Thanks==points
  Message was edited by:
          rocks

• Unable to see  hierarchy nodes for a hierarchy in Query designer

  For IO 0GL_ACCOUNT, we have many hierarchies defined.
  In the query designer when i am trying to restrict the 0GL_ACCOUNT with one of the hierarchy say Hier1 the corresponding hierarchy nodes should be displayed so that i can select any nodes of my choice and can restrict.
  Strangley instead of showing hierarchy nodes,it is showing" [ ]" with out any values.Checked in RSA1 ,the hierarchy with all nodes visible perfectly.No authorization settings created on any of these hierarchies.
  hierachy is in active state.
  Appreciate any suggestions on this.
  Regards,
  Swapna.G

  Before restricting you need to select hierarchy for the characterstic and tick the activate hierarchy display checkbox

• RSECADMIN: Hierarchy node checked can not be interpreted (trace)

  Hi there,
  Time for me to ask for your help.
  When using RSECADMIN for tracing Hierarchy Analysys Authorization I cannot interpreted the hierarchy node that is checked:
  - The authorizations found are displayed as a clickable text e.g.  Node 1  and the value can be found below the check
  - The hierarchy node checked however is displayed as e.g.  Node 4 1 0 7 1 and I can not translate this node to any existing node in my hierarchy.
  [See this picture |http://farm4.static.flickr.com/3172/2978379084_acdf6baba5_o.jpg]that shows an example.
  Could anybody help me to find out the checked authorization node?
  Thank you!
  Kind regards,
  Lodewijk

  Hi Steve,
  Thanks for your reaction, in this case the problem indeed might be something else instead of the ZKLANT node. I will have a look at it rightaway.
  Nevertheless I find it very discomforting that these strange node numbers seem to be of no use at all.
  Can anyone shine a light on this issue?
  Thanks,
  Lodewijk