"Low-level" authorizations for accessing BW reports - add users to role
Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.
Hi!
i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
with regards
ashwin
<i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN. you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i>
Similar Messages
-
"Low-level" authorizations for accessing BW reports
May I please have your attention for the following:
Each employee is represented by a costcenter in our R/3, and thus, BW-system.
Plan is as follows: by filling in the costcenter on the selection-screen of a BW-webreport on can see his/her own financial data for a certain (posting)period.
Is there a way to restrict access without creating separate users/roles/profiles for each costcenter??(we have a lot of potential users who only need to see the report but do not need access to BW itself (RSA1 etc)).
I'm thinking about some sort of mapping:
e.g. user SANTA logs on -> ABAP-program/function maps it to correct costcenter e.g. 1234 -> user is only authorized for this costcenter...
But is this possible and where to implement it??
Thanx a lot in advance for your hints!!!
Best regards,
MarcoThanks al lot for your replies.
Corwin, I tried your solution and I've almost got it working....
1. made a table in DDIC to link username to costcenter
2. set up a reporting auth. via RSSM
3. created a variable (ZCOSTC) type 'Authorization' in the query designer
4. wrote some code in the user-exit (via SMOD) to fill this variable (translate username to costcenter via mentioned table)
5. created a role incl. authorization with reference to variable: value '$ZCOSTC'
This reference is not working unfortunately enough.
Everything works fine when I replace $ZCOSTC by an existing costcenter.
Am I forgetting something??
Thanx again!
Best regards,
Marco -
Do not have authorization for access with activity 03 on the InfoProvider
Hi,
I have developed new cube & ODS and created new Web Templates based on queries on these Infoproviders.
I have created new role and adde these templates to menu of this Role.
In Authorization profile i have used following Authorization objects.
S_RS_BTMP
S_RS_COMP
S_RS_COMP1
S_RS_ICUBE
S_RS_ODSO
In all these objects i hace selected activity 3.
Infoarea used for these new Cube & ODS is also added and for cube & ODS selection ihave used * (full authorization)
But when user is opening the web template it is showing error messahe
"You do not have authorization for access with activity 03 on the InfoProvider ZICXEROX."
Is there is any authorization object missing in the profile?
Regards
SSSDear SSS,
Have the same problem ' You do not have sufficent authorization for the infoprovider'. so could you please send the document from my mail id
[email protected].......
plaase very very urgent
Regards
Ahmed. -
Where can I get the low level VIs for ELVIS functionalities not currently exposed in LabView eg for Bode Analyzer, Arbitrary WaveForm Generator
Hi Adnaan,
The lower level VI's are just as you list: DMM, FGEN, etc. I'm sorry the Bode Analyzer low level's are not available.
It looks like all of the controls for the BodeAnalyzer can be accessed from the block diagram, is this not the level of programatic control that you need?
The Express VI link was included in case you we're interested in how to create these.
Have a great weekend!
Best regards,
MatthewW
Applications Engineer
National Instruments
Message Edited by Matthew W on 09-28-2007 06:36 PM
Attachments:
bode_elvis.JPG 11 KB -
EDMS: 'Missing authorization for this functionality' when searching user
Hi,
I've activated ALC authorization for DMS. In EDMS, when trying to add an user to a DIR with search function an error occurres as below.
'Missing authorization for this functionality'
BTW, the user has contains SAP_ALL profile. It can't be any authorization reasons.
Regards,
YemiHi,
authorization checks will not happen if the search help from sap-gui.I
think the problem is releted to missing implementation of "check
function module" from your side. If the search help is linked to a
"master data table" (type A) a check function must be implemented to
check the permission of the user.
This function module is read from table BAPIF4T. Please
check the following link: http://help.sa
p.com/saphelp_nw04/helpdata/en/a5/3eca044ac011d189
4e0000e829fbbd/content.htm
http://wiki.sdn.sap.com/wiki/display/PLM/Object+Link+search+in+EasyDMS
Regards,
Hari -
Authorization for gl account to specific user
Dear SAP Experts,
Cash GL Account-accounting to be authorized to specific User ID.
In breaf:
while post the document in cash gl account, they need to give authorization cash gl account wise per each user ID.
pls advice me...
Thanks in advance
venkat reddymy client want give the authorization for gl account to specific user ids..
ex: let say chash gl account 410000.. we want to give the authorization to post in 410000 to user id 254109 only not fot all..
please give the solution..
regards
venkat reddy -
AppServer: problems trying to add users to roles in security dialog
I'm trying to learn J2EE using AppServer. My current example has a client accessing
an entity bean. I want two classes of user - Reader, and Updater. Most methods
of Home and Remote are accessible to both classes, a few are restricted to users
in Updater role. I'm currently having problems adding users to roles in deploytool.
I have defined users using the Admin client.
I have implemented and test run client and entity bean without security restrictions, it works.
I have defined roles associated with the application.
I have allocated roles to every method in Home and Remote interface of bean.
I have extracted the generated XML file and checked the <assembly-descriptor> section and
it appears that all roles and role descriptions are defined as required.
deploytool lets me use the "Security Role Mapping" dialog, I can select either of my roles and
try "Add user to role" - subsequent dialog shows my users and allows me to "Map user to role" -
but selected user does NOT appear in the user names panel.
What am I doing wrong or what am I omitting? Hints please!Thanks for suggestions. (I'm using Windows so file-protections pretty
non-existent).
I looked in the Sun file you mentioned and found the users were defined.
When I restarted AppServer and deploytool, the users were shown in the appropriate
panel.
There is probably some minor bug in deploytool that causes the User Panel not
to be updated as it should be after a user has been added to a role. -
How to disable Wifi and Network access in low level setting for security ?
Hi
New to here
One of our final customer bought imac last months. OS 10.9, SN is c02*******J4i
Since they are security printing, all the necessary ports accessing to outisdes need to be disabled in low level setting(not the ons just like turn on and off ).
The ports including USB storage, Network and WIFI.
I googled and found the following
Open the /System/Library/Extensions folder.
To remove support for USB mass storage devices, drag the following file to the Trash: IOUSBMassStorageClass.kext
Open Terminal and enter the following command: $ sudo touch /System/Library/Extensions The touch command changes the modified date of the /System/Library/Extensions folder. When the folder has a new modified date, the Extension cache files (located in /System/Library/) are deleted and rebuilt by Mac OS X.
Choose Finder > Secure Empty Trash to delete the file.
Restart the system.
I want to confirm this before sending to final user. Since I didn't have mac on hand, just wonder whether there are similar kext files for network and wifi to remove.
Just like step 2 described.
I would like customer to backup these files before permanently removed.
Many thanks
Kevin
<Edited By Host>chiqui wrote:
Is it possible to disable Internet access point and WAP as when I use WiFi some connections to WAP server of my provider are still made and I get charged. I am looking for the option not to delete it entirely from the access point list, but rather disable it as I might need connection when WiFi is not available and I want to be able to enable it as once I delete the server name and setting I won't know it.
Is it possible to do it and how?
You could delete WAP accesspoint. Not all providers (carriers) allow this.
‡Thank you for hitting the Blue/Green Star button‡
N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009 -
Object level authorizations for reports
HI
I have 20 charactesr in cube , around 15 have navigational attributes.
i need to give authorizations for 5 objects only .( navigational attributes).
i have 10 reports, i need 2 reports only authorizations relavant.
if i restrict 5 objects authorizations , its effect all queris? in this scenerio i need to create 2 cubes?
ple let me knowhi suneel,
As you said you require authorization for 2 reports, you can restrict those Infoobjects with the authorization variables and in the other 3reports use that object but do not restrict to the authorization variables..
So, the user will be able to see whole data for 3 reports where authorization is not used.
Hope it is clear.
Thanks
Lavanya -
We need to give field-level authorization for some fields
The schenario is as follows :
1. There are various storage locations within a plant.
2. There is one or more people incharge of creating PO and receiving
stocks for every storage location.
3. We dont want to authorise the person incharge of one storage
location to receive stock in another storage location or even view the
other storage locations at the time of creating the PO or any other
transaction. The user incharge of one storage location should not be
able to view any other storage location in any storage location field's
drop down.
regards
Manish
+91 9811647727Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah -
Field level Authorization for IT0002
Hi All,
We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
We want to disable the access of this field to every one, even the HR administartor.
Kindly suggest if this is possible using authorizations.
I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
Regards,
Umesh Chaudhari.Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah -
Need help in copying Invoice date to lower level item in Sales order report
Hello Experts,
I am debugging into one Sales order report.I need little bit help.The report is displaying Invoice Date for
Sales order Billing documents for Higher item in Bill of Material Structures.But as per user requirement,
I am supposed to show the Invoice date for lower level items also.The field for Higher level item is 'UEPOS'.
I want to copy the Invoice date for Higher level item to lower level item. Can you please guide me in the logic?
Thanking you in anticipation.
Best Regards,
HarishHi BreakPoint,
Thanks for the information.
I have applied the same way but it is showing only lower line items now.
Invoice dates for Higher level items are not there.
I am pasting the code here which I have applied.
Then you can give me more guidence.
This is to be done only for 'ZREP' sales orders.
if w_vbak-auart EQ 'ZREP' and w_vbak-uepos is not INITIAL.
read table t_final into w_final_ZREP with key vbeln = w_vbak-vbeln
posnr = w_vbak-uepos.
w_final-erdat_i = w_final_ZREP-erdat_i.
else.
if w_vbak-auart EQ 'ZREP' and w_vbak-uepos is INITIAL.
w_final-erdat_i = w_invdate.
endif.
endif.
Can you please sugest me changes here?
Best Regards,
Harish
Edited by: joshihaa on Jul 13, 2010 6:22 PM -
Object level authorization for SLT Configuration schema in HANA DB
Hi All,
We have connected SLT with HANA DB (& ECC as source system).
Now for certain users we wanted to restrict the access for certain tables ( tables owned by SLT Schema, i.e schema created in HANA DB with the configuration name provided in the SLT configuration).
With the SYSTEM user object level authorization's of another schema is not possible hence , an error is thrown when we are trying to provide/control the access of single table for a user.
Is it ok that we generate a password for SLT schema and try login with schema owner. Is it the best practice or Is there any other way around.
Regards,
KumarHi Santosh,
You can find more info about SLT Roles and Authorization from below security guide.
http://help.sap.com/hana/SAP_HANA_Security_Guide_Trigger_Based_Replication_SLT_en.pdf
Regards,
V Srinivasan -
BI7 InfoObject Value Level Authorization for Queries
Hi Guys/Gals,
this is my requirement.....
we have a HR ODS which has personal information of employees from 72 Companies.
we have a query based on this ODS ....
My requirement is when User A runs the query only data from Company A must be displayed...
and when User B runs the same query only data from Company B must be displayed....
no pop-ups for the company code .....
i posted this question yesterday & got a few replies....i tried them out... but there is this issue...
i used the RSECADMIN & created the AO which includes the 0COMP_CODE....
then i added it to the role using PFCG....
when i add the AO i created in the " BI Analysis Authorizations: Na " section...
the query gives a "no authorization" error.....
then one of u guy asked me to add it in to the
"SAP Business Information Warehouse - Reporting" section,,,, so i did that....
but unless i also add " BI Analysis Authorizations: Na " with * the query doesn't work....
and when i add " BI Analysis Authorizations: Na " with * &
"SAP Business Information Warehouse - Reporting" with the AO i created...
the filter doesn't work... it displays all the data
please help me.....Hello Christopher,
your thread is a little bit confusing and unclear. I just had a look at the other two threads you posted and here are my comments:
Prerequisite for the use of BI 7.0 analysis authorizations:
- each user needs authorizations for the three special dimensions (0TCAACTVT, 0TCAIPROV and 0TCAVALID) otherwise queries won't run!
As a consequence you will have to create analysis authorizations like this:
<b>ZCOMP_1000</b>
0COMP_CODE<i> I EQ</i> 1000
0TCAACTVT <i>I EQ</i> 03
0TCAIPROV <i>I EQ</i> your HR DSO
0TCAVALID <i>I EQ</i> *
<b>ZCOMP_2000</b>
0COMP_CODE<i> I EQ</i> 2000
0TCAACTVT <i>I EQ</i> 03
0TCAIPROV <i>I EQ</i> your HR DSO
0TCAVALID <i>I EQ</i> *
You can then assign these authorizations directly to your specific users using RSU01 or you will create a role and add the authorization object S_RS_AUTH with value ZCOMP_1000 and another one that contains S_RS_AUTH with value ZCOMP_2000.
Of course your users will need authorizations for standard reporting such as S_RFC, S_RS_COMP, S_RS_COMP1.
S_RS_ICUBE, S_RS_ODSO, S_RS_MPRO, S_RS_ISET are not necessary any more for reporting because they were replaced by 0TCAIPROV in the analysis authorization.
Finally the query selection must be COMPLETELY be a part of the user's authorizations. This is best done by an query variable that is filled from the user's authorizations at runtime.
Good luck,
Petra -
Object level authorizations for deffirent user restrictions
Hi
i have 1 object, this object have only 3 values?
i need authorizations for this object at report level?
rsa1- i keep authorization relevant?
rsecadmin i can include this object , here i need give from value and to value? i have 3 values only? suppose user 1 want only 1 value? user 2 need 2 and 3 value? how can i restrict like this ? ple let em knowHi Suneel,
Go to RSECADMIN.
Here, in maintain authorizations, create authorization for your characteristics along with the special characteristics.
i.e. in your case, create authorization(assume 0plant is marked as authorization relevant)
0PLANT
0TCAACTVT
0TCAIPROV
0TCAVALID
Double click on each characteristic to assign them the authorized value set.
Thus, you will create two authorizations
Z_PLANT_1
0PLANT...................I..EQ..............1
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Z_PLANT_2&3
0PLANT...................I..EQ..............2
..............................I..EQ..............3
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Go to RSECADMIN again in user tab in assignment, assign these authorizations created to the respective users.
Like assign User1 -
>Z_PLANT_1
................User2 -
>Z_PLANT_2&3
Refer the link below for more information
[Analysis Authorization|http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm]
Hope this helps,
Best regards,
Sunmit.
Maybe you are looking for
-
Help in Setting Password Protection to a Page in DW MX2004
I need to add password protection to a page. How do I do this in DW MX2004? Any help would be appreciated. Dreawmweaver newbie.
-
QT in Momentics IDE for MS Windows
Hello , The steps given only for simulator in the link http://bgmotey.blogspot.in/2012/03/qthelloworld-in-momentics-ide-for-ms.html , I required Qt to be integrate with QNX IDE for playbook.
-
Wireless Keyboard fails to control iTunes
All of the special feature keys along the Function row work except for "Previous track, Pause and Next track" The "Start/Pause" key will only start or stop the highlighted song in iTunes. How can I fix this or is this a result of an "upgrade"?
-
Tool for sap script form designing
Friends, Is there any any tool or transaction available through which we can design the sap script form. Apart from menu painter in se71. Thanks, Albert.
-
My emails sent in english are turning up in spanish to the recipient???
I am sending emails in english (always) and recently have had recipients tell me they cannot read my emails as they are in spanish. What is causing this translation? it is happening to some of my sent emails and recently. Is my computer being hacked?