Issue on Authorizations
Hi all
I have some reports to be given authorizations, these are BPS reports .For that i have created a role and published the required reports from query desiner to the newly crated role.For these reports I have to give access to write data as these are BPS reports.
After publishing these reports in the user, in the u201Cauthorisationu201D option in PFCG many authorization objects are collected, so I am not able to find the option where to give the u201Cactivityu201D numbers.
Please suggest me on this.
Regards
Prasad
Hi,
If you open the role and click on the 'activity' button, you'll get a list of the numbers and descriptions that you can select from.
Cheers,
Kedar
Similar Messages
-
Issue with authorizations for BPS
Hi Experts,
There was an issue with authorizations for BPS. We have a large number of agents that need to enter plan data via a layout. In order to control the necessary authorizations, we would like to filter via something similar to a user exit using a function module in order to avoid having to define authorization objects for each of the agents who have access to the systems. Right now, we are not sure if there is user exit concept available as it is for BW variables. Any body experienced similar issue may share their experience.
Regards,
AnkitHi,
In BPS, you can use user specific variables or you can set up a Variable of type exit. You can also have a variable of type authorization which uses the security / authorization of the BW system.
Hope it helps...
Cheers,
Tanish -
Authorization issue "No authorization"
Dears gurus,
I created an analysis authorization using tx. RSECADMIN, this contains the IO 0COSTCENTER restricted with some value, and also contains the IO: 0TCAACTVT, 0TCAIPROV, 0TCAVALID. When I assigned it to a role using tx. PFCG. But when the query is executed it appears the following message: "No authorization". Using a trace tool, it appears to requiere the analysis authorization 0BI_ALL, but if I give this authorization, it doesn't restrict the IO 0COSTCENTER as wanted.
Please let me know what is missing.
Best regards,
Pilar Infantas.Remove 0BI_ALL object fro users profile and try executing as below it should give you the authorization objects values missing ..
goto RSECADMIN >Analysis>Execution as User -->enter the user name you are executing the query
Check box -->with Log option
select RSRT option
hit start transaction button ,it should show you the authoriztion errors with authorization objects missed.
if not
again RSECADMIN>Analysis>Error Logs-->check with the latest time stamp for that particular user and analyse the authorization issues
Hope it Helps
Chetan
@CP -
SAP CRM 7.0.2 issue regarding authorizations
Hello,
I have noticed that the role change is not reflecting immediately for the user in CRM 7.0.2 Web UI. Is anyone facing the same issue like this? If so, any solution to this for immediate effect?
Thanks in Advance.Hi Luis,
You need to create a authorization object with 'sales rep' ou 'sales office' key.
Your commercials are linked with these objects in master data? If no, create the link.
After, in PFCG, create the key, as I said above, and done.
Rgs,
Fábio -
Issue with Authorization sync job in GRC 10.1
Hi,
I am facing below issue while running the authorization sync job in 10.1 after importing the configuration data as part of migration from 5.3 to 10.1.
we have GRC server and plugin system on the same SP level 04.
Error:
Error in GRCAC101EC; Reason Error in RFC; 'Function module "/GRCPI/GRIA_AUTH_G
PFCG authorization sync failed with errors
Thr RFC connection is working fine and the connector settings are done in GRC. Also the RFC user has SAP_ALL.
Regards,
Giridharthe sp seems a little low
have a look at Error in RFC; 'Function module "/GRCPI/GRIA_PROF_GET_RANGES" not' -
Issue with authorization objects
Hi,
We are running on ECC 6 . There is an issue while adding t-codes to a role.
When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.
Cheers!!> The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.
They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.
That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.
It shounds like SU24 is not as "fine" as you have stated before hand.
Cheers,
Julius -
Dear All,
I am in BI 7 environment.
I am giving an authorization to the user based on Sales Grp. Now the report is getting filtered based on Sales Grp but the key figures values are all zero.
As an administrator i can see all the values clearly but the Restricted user i not being able to see the key figures values.
Any inputs please.Ok,
If it doesn't show any authorization error/warning is because the issue probably is not in authorization.
Off course you can run the report with the test user restricted to that sales group and your user also restricting the same sales group in BEx to see if you have the same values.
Also trigger st01 with your user while you're executing and with the test user also and compare the st01 log between your execution and the test user execution.
Diogo. -
Issue: "No Authorization to send Idocs with message type Orders" - IDX5
Hi All,
I am working on a File to IDoc(Orders.Orders05) scenario. The sender is PI Server and the receiver is the SAP ISR system. A technical system has been created in PI SLD for the ISR system and a Business system is added to that. The logical system created in ISR system using Tcode BD54 is added to the business system in PI. A new RFC destination is created in PI system to connect to the ISR system.
On the ISR system Partner profile is created using TCode we20 with the same logical system name already created using Tcode BD54.
When sxi_monitor is executed on the PI system, It shows checked flag on the Inbound side and Red flag on the Outbound side. And when idx5 is executed, it shows the new Idoc number and when it is double clicked, it shows the Status Text as
"No Authorization to send IDocs with message type Orders".
All authorizations have been provided on the Sender side.
Please let me know if any authorization need to be provided on the ISR system or Is this an error on any settings.
Thanks in Advance.
Stalin S.Hi,
Check this Thread which deals with the Authorization Issue
RFC Adapter
And also check this how to check whether u have sufficient authorization to send the Idocs or not
To test the Authorization check
Double click the RFC Destination that u have created in XI towards R/3 in SM59
Select UtilitiesTestAuthorization test
By this you can come to know whether your user is having the propper authorization or not
REgards
Seshagiri -
HCP course - issues with authorization panel in cockpit
I am unable to assign the required authorizations for the feedback service. In fact my authorizations screen in the HCP cockpit looks very different from what Rui see's on his screen. I do not have a column called Account. I only see columns for Application and Role.
When I try to assign a new role I have no option to specify the account!
Is this yet again another issue where those of use with original HCP trial account user-id's are missing new functionality? My account is p1081110.
3 weeks into the course an I'm still unable to complete the practical exercises from Week 1. Both this accounts issue and also the outstanding issue about not being able to activate the paldemo folder!
Regards.Marking as answered as per http://scn.sap.com/community/developer-center/cloud-platform/blog/2014/06/12/opensap-hanacloud2-guide-week-1#comment-503428
-
AAA issue ( command authorization failed)
I am getting the issue, and following is the script , cannot find and locate the cause of error !
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname hexxor
boot-start-marker
boot-end-marker
enable secret 5 $1$Y.Nt$aZ9/2rl2DMbEnSGJVqmln1
enable password 7 0525112F05411F075231123E
username hexxor password 7 024D2A103F26243363593D1C2B5C
aaa new-model
aaa authentication login T-AUTH group tacacs+ local
aaa authorization console
aaa authorization config-commands
aaa authorization exec T-AUTHOR group tacacs+ if-authenticated
aaa authorization commands 15 T-AUTHOR group tacacs+ if-authenticated
aaa accounting exec T-ACC start-stop group tacacs+
aaa accounting commands 15 T-ACC start-stop group tacacs+
interface Vlan1
no ip address
interface Vlan50
ip address 128.1.50.54 255.255.255.0
no ip route-cache
ip default-gateway 128.1.50.254
no ip http server
ip http secure-server
ip sla enable reaction-alerts
logging trap debugging
logging 10.241.40.20
logging 128.1.50.245
access-list 1 permit 128.1.50.245
snmp-server host 10.241.40.27 Armageddon
snmp-server host 128.1.50.245 Armageddon
tacacs-server host 10.241.40.22
tacacs-server host 10.241.40.23
tacacs-server directed-request
tacacs-server key 7 020813480E052F2E4D
line con 0
exec-timeout 5 0
password 7 1142374E2332201E2B3D1F210678
authorization commands 15 T-AUTHOR
authorization exec T-AUTHOR
accounting commands 15 T-ACC
accounting exec T-ACC
login authentication T-AUTH
transport preferred none
line vty 0 4
exec-timeout 5 0
password 7 06281801684358174E231727
authorization commands 15 T-AUTHOR
authorization exec T-AUTHOR
accounting commands 15 T-ACC
accounting exec T-ACC
login authentication T-AUTH
transport input telnet
transport output telnet
line vty 5 15
password 7 0228137B2F0B5E2F077A0C35
endBased on what I think I understand in this reply it appears that the problem is caused in the named authorization method of T-AUTHOR. This named method sends an authorization request to the TACACS server. So it appears that the TACACS server is not authorizing the commands that you enter.
I would suggest this as a first test:
- login to the device.
- go into enabl mode.
- attempt the show run command. (I assume that it will fail)
- check on the TACACS server. look in the logs for indications of how it processed the request and why it did not authorize it.
If you want to do a second test to verify the cause of the problem then I would suggest this:
- remove from the config these lines
aaa authorization exec T-AUTHOR group tacacs+ if-authenticated
aaa authorization commands 15 T-AUTHOR group tacacs+ if-authenticated
then login to the device, go into enable mode, attempt the show run command
Try one or both of these tests and post back to tell us of the results.
HTH
Rick -
hi all,
in me52n transaction, in account assignment tab there is field called costcenter. its field name is kostl and strucutre is cobl. now i have requirement to create an authorization object on this costcenter. that is for example , if i try to make any changes in the cost center field it should allow me to do it. but if some others are using it should not allow them to make any changes. plz let me know the solution how to do step by step. points will be awarded . this is urgent requirement. plz reply fast.
thanking u in advance,
a.srinivasHi deniz,
Use this to set up the autherisation object
AUTHORITY-CHECK OBJECT '<objectname>'
ID 'ID FIELD SY-UNAME.
IF SY-SUBRC NE 0.
MESSAGE S999 WITH 'You are not Authorised to change entries'.
EXIT.
ENDIF.
Inform the Basis team to assign the role only to ur id...so that no other person wil u autherized
Award points if useful
Regards
Gowri -
Report Authorization issues after Authorization Migration in BI 7.0
Hi SAPians,
we are facing report access for the customers after migration of authorizations (3.x to 7.0). All these are Customer reports and need to restrict their customer codes only. In two ways, i have tried to resolved this.
1. Roles - Maintained Customer Number in the authorized object CUSTOMER - Not working.
2. Created new authorization object through RSECADMIN and maintained the Customer Number with proper activity, validity etc.. - Not Working
(For Ex. Customer Number is "11500" and length of Char is 10)
While executing the report, i am getting below error:
Value "0000011500" for variable "Customer Authorization(Multiple Optional)" is invalid
Message no. BRAIN643
Diagnosis
Characteristic value "0000011500" is not valid for variable Customer Authorization(Multiple Optional).
Thanks and Regards,
VenkatHi,
It depends of the way your authorizations has been setup. If you did it role based or profiles direct to the customer. You should also look into the fact that the migration tool can create direct a profile (not a role with a profile). My way of working in a role based application was that I looked for the roles with objects s_rs_mpro, s_rs_icub, s_rs_odso, s_rs_iset(these are the objects that needs to be replaced with RSECADMIN) and the own build objects with rssm. I added the authorization object s_rs_auth to the role and the new objects made with RSECADMIN. If you transport then the roles and objects made in RSECADMIN it works good. Bottom line beaware of profiles that are not created by the profile generator.
Have fun
Jan van Roest -
Issue regarding authorization CRM 5.0
Hi Guys,
Currently we are working in CRM 5.0. the issue we have defined a new Zrole and we assigned IS01(Problem and Solutions) this transaction should not allow the user to create or change always it should be in display mode.kindly suggest me what objects i need to include for the above transaction(IS01).
Pls give your valuable inputs regarding this at the earliest possible. the solution provided for this will be rewarded with full points.
Thanks in advance
Prakash KHi Mario,
The XCM configurations will be required to access that URL. You need to set up JCO connection and many more things. You can refer the SAP Best Practices for this.
Check this URL and download the configuration guide.
[http://help.sap.com/bp_crmv250/CRM_DE/BBLibrary/html/C14_EN_DE.htm]
Regards,
Shalini Chauhan -
Authorization Issue while running a report
Hi Experts,
We are facing strange issue in authorizations while runnung a report. When we givel '*' company code access to the users they are able to run the report. When we give one single company code specific access to the users they get error message : No Authorization or everything filtered Out".
Please let me know how can i debug the same.
Company code specific access along with sales grp, profit ctr, sales employee are maintained in a ODS in BW.
Thanks
GauravHi,
When you use authorization relevant char in your report, you should create a variable of type authorization.
The variable input may be mandatory or optional.
By doing this, the default values will pop-up in the variable input screen when the user tries to execute the report.. It is also relevant to mention that the user cannot enter any blank values for the authorization variables unless he/she got * access for that particular character.
Also do not hardcode any values for authorization relevant char inthe report.
It will throw error No Authorization.
Guru. -
Regarding BI Authorization Issue
Dear Friends,
can anyone help me to solve this issue..
I have a Authorization Issue, u201CNO Authorization u201C
Error : EYE 007 ( Insufficient Authorizations )
I have follow this stepsu2026
Steps 1 :-
Define Authorization-Relevant Characteristics ( ZCUSTOMER )
Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
Eg: 0TCAACTVT
0TCAIPROV
0TCAVALID
0TCAKYFNM
ZCUSTOMER
Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
For example : ZAUTH In That I have taken
ZCUSTOMERrestricted with value C100.
0TCAACTVT with 3 ( Display )
0TCAIPROV with * ( Astric )
0TCAVALID with *
0TCAKYFNM with *
Steps 4 :-
Assign Authorizations to Roles
Use authorization object S_RS_AUTH for the assignment of
authorizations to roles.
Maintain the authorizations as values for field BIAUTH
Ex: ZTESTA1
S_RS_AUTH
Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
S_RS_COMP
Activity Create or generate, Change, Display, Delete, Execute <...>
InfoArea : ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
S_RS_COMP
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
Name (ID) of a reporting compo :ZTEST_Q0001
Type of a reporting component :Query
S_RS_COMP1
Activity Display, Execute
Name (ID) of a reporting compo : ZTEST_Q0001
Type of a reporting component :All values
Owner (Person Responsible) for *
S_RS_COMP1
Activity Change, Display, Delete, Execute, Enter, Include, Assign
Name (ID) of a reporting compo ZTEST_Q0001
Type of a reporting component All values
Owner (Person Responsible) for :*
S_RS_ICUBE
Activity Create or generate
Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
InfoArea :ZDEMO_ MIHI
InfoCube : ZCUBET
S_RS_IOBC
Activity Create or generate
InfoArea :ZDEMO_ MIHI
Infoarea Catalog : zioc_test, Zkf_test
S_RS_IOBJ
Activity Create or generate
InfoArea :ZDEMO_ MIHI
InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
Steps 5 :-
AND Assign this Role to User.
Steps 6 :- ERROR
When I execute the Report it is showing u201CNO Authorization u201C
u201C Insufficient Authorization u201C
EYE 007.
Regards
SivaHi,
In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
Hope that helps.
Regards
Mr Kapadia
Maybe you are looking for
-
How to move the "back" button to the top ?
Hi there, I had some sub-menus and iDVD auto generate the "FORWARD" and "BACKWARD" buttons in the shape of a triangle. Problem is this buttons are alwayd at the bottom and I do not seem to be able to move the buttons around. Any tips on how to move t
-
This morning my phone wouldnt charge, I tried three different charging cables. They are lighting up to show they are working, but the phone does not charge or show a symbol or connect to the computer. So i cleaned out the lint from inside the chargin
-
It was working fine and then all of a sudden I started getting this error. I have already reinstalled the software, changed the permissions to all of the files and folders and am running the program as an administrator. Any ideas?
-
What is a typical disk footprint for OS X 10.5.8?
I have a MacBook running 10.5.8. It's a pretty bare-bones system, but I'm still running out of space. My Macbook has a 55.44 GB capacity drive of which only 1.96 GB is currently available. I'm trying to decide how much effort I should put into cleani
-
Adding custom tags and extend ParserDelegator and DTD support problem!!
Hi all, I searched all forums and google for information about this problem but I did not find any clear solution or example. The probem stared when HTMLEditorKit's insertHTML method did not worked for custom tags. I extended javax.swing.text.html.pa