Making 0PROFIT_CTR Authorization Relevant (RSECADMIN)

Similar Messages

• 0PROFIT_CTR authorization issue in bw7.3

  Hello All,
  I am trying to work on Authorization for Profit center in BW 7.3
  Need Authorization at Node level for Profit Center hierarchy.
  I have created Auth relevant variable in Query designer.
  In RSECADMIN for the Auth object I checked all other fields with * (meaning all intervals allowed) and for profit Center field, maintained a Hierarchy value (under Node) and maintained a Node name when I click on that.
  Basis has maintained the relevant roles etc.
  All I am trying to expect is if a user is authorized for profit centers P100 AND P200. In the query while running the user never enters any value but in the out put, user should see only progit center values for which he is authorized.
  Please help.
  Many Thanks
  Krishna

  Hi Krishna,
  Make the Profit Center InfoObject into Authorization relevant in InfoObject maintenance 
      (Mark the TICK mark in “Authorization Relevant” in Business Explorer tab.
  2. Create the Authorization Object in RSECADMIN for respective Profit Centers (Assign the
      Profit center values Ex. P100 AND P200 in the).
  3. Create the role in PFCG and assign the authorization relevant object created in the       RSECADMIN to Object S_RS_AUTH than  assign this  role to  respective users.
  4. Create the variable using the process type “Authorization”. And details Make sure Untick   in “Variable is ready input” option. Assign this variable in profit center infoObject and in Your query.
  I hope this can be helpful to you.
  Thanks & Regards,
  krishna.

• SAP BI authorization relevant

  All,
  I tried to create a custom authorization object for an infoobject otcaactivity (just for eg) .Before that I used RSD1 to make that infobject authorizartion relevant.But after that I inserted the infobject which is made as auth.relevant to the custom object and tried to assign value for the intervals.I got an message as the characteristic value is not authorization relevant...why is that?I tried in sand box..is it any way related to info cube which is not yet created for the particular info object in the sand box thats the reason I get error message ?
  Whats the reason to secure characteristics and key figure values?

  Hey,
  Activating business content mean making authorization relevant?
  For BW3.5 there is no need of the mandatory info objects?(0TCAACTVT ,0TCAIPROV ,0TCAVALID ,0TCAKYFNM)
  Whats the difference between securing through reporting authorization object and securing through BI specific object??
  Thanks

• Authorization Relevant Info Objects

  Hi Experts,
    In my Business scenario,Profit center infoobject is
  authorization relevant for FI reports.In my FI reports,I have used profit center authorization variable.FI reports are working fine according to the authorizations.
  In sales Report,users should be able to see all profit
  centers(No Authorization needed for sales report)
  In my sales Report,I have used value based non authorization variable.When I run the sales report,I am getting authorization error
  How can I make profit center authorization relevant for only FI
  Info Area?
  Can Some one help me in solving this problem?
  Thank you in advance.
  Reward Points expected

  Hi Senoy,
  I suggest the following steps,
  1. You should list all of Sales Report, after that you need identify all of InfoProviders of this sales scenarios.
  2. In base of the InfoProviders sales scenarios, you need list all of InfoObejct authorization relevant of this scenario. In case of the "0PROFIT_CTR" is part of the InfoProvider sale scenarios, you need include in your authorization with the follow value "*" (total access) or ":" (acess agregation).
  3. For avoid future problem, the InfoProviders sales scenario have to be different of InfoProviders FI scenario. Otherwise, you will have the same condition in both scenario with the 0PROFIT_CTR.
  I hope help you,
  Luis

• Creation of Authorization is RSECADMIN

  Hi,
  I am trying to create authorization for Sales Group in RSECADMIN.
  Can anyone please help me in doing this?
  Thanks in advance,
  Regards,
  Manjari.

  Hi there,
  First check that in transaction RSD1 in the maintenance of the Infoobject 0SALES_GRP in the tab Business Explorer you have the AuthorizationRelevant marked, otherwise creating authorizations on sales group has no meaning at all.
  After that go to transaction RSECADMIN and under Authorizations click on Maintenance and give a name for your authorization you want to build, for example zsales_grp and click on create. Give a description and if you want to build sales group authorizations for a specific InfoProvider (where you've your query or queries built that the user will be checked for authorizations) click on the InfoCube Authorizations button and specify the InfoProvider name. The next list of objects are the objects marked as authorization relevant that exist in the InfoProvider (including the 0sales_grp object).
  Mark them all;
  For the object 0SALES_GRP double click on it and click on the Insert Row button and specify the range or single values for it, for example:
  I EQ GRP001
  I BT GRP003 GRP004
  go back and for the other objects select them all and click on the button Full Authorization (so that under the query those objects will not be checked, if you wish to be checked other than all authorizsation specify the values just like you did for 0SALES_GRP).
  Click on the button Insert Special Charct. and click on save.
  Go back to transaction RSECADMIN and under the tab User assign that object to the user you wish to have those authorizations (you could also build a role under transaction PFCG and with the authorization object S_RS_AUTH assign the value zsales_grp (the authorization you've just build) and assign that role to the users you want to grant authorizations for.
  Diogo.

• Authorization Relevant Object

  Hi experts,
  Please suggest how to make an info object as an authorization relevant object. Please guide step by step.
  Thanks in advance.
  AJAY

  hi ajay,
  for authrization relevant info objects just mark your infoobject as authorization relevant in tha Business Explorer Tab of ur infoobject.
  then if u have authrization go to t-code RSECADMIN.
  here, undet the authorization tab ,
  just create an Authorization Relevant object into which just
  select ur actual info object name for which u want authorization.
  after this just double click on ur info-object and enter your all restictions.
  save it then.
  hope this will help u
  thanks.

• Updating users profile when infoobject marked as authorization relevant

  Hi All,
  Consider a scenario where there are some projects in which perticuler infoobject is not authorization relevant but in some upcomming project the same infoobject needs to be authorization relevant.but when i marked this infoobject as authorization relevant then i need to manually insert this new authorization infoobject in each user profile. If there are more than 200 users available then it is not very good idea to include this infoobject in each profile manually. Is there any other way through which we can insert this infoobject in all user profile automatically.
  Regards,
  Deepak

  Hi again.
  Go to transaction se38 and create a program with the name ZCHANGE_APPEND_AUT.
  Insert the following code:
  REPORT  ZCHANGE_APPEND_AUT                             .
  TABLES RSECVAL.
  DATA: T_RSECVAL TYPE RSECVAL OCCURS 0 WITH HEADER LINE,
        T_RANGE TYPE RSEC_S_AUTH_VALUES_RANGE.
  SELECT-OPTIONS: ZAUT    FOR RSECVAL-TCTAUTH NO INTERVALS.
  PARAMETERS:     ZOBJN   LIKE RSECVAL-TCTIOBJNM DEFAULT '0TCAIPROV'.
  SELECT-OPTIONS: ZVALUES FOR RSECVAL-TCTLOW NO INTERVALS.
  LOOP AT ZAUT.
     LOOP AT ZVALUES.
        T_RANGE-IOBJNM = ZOBJN.
        T_RANGE-SIGN = 'I'.
        T_RANGE-OPT = 'EQ'.
        T_RANGE-LOW = ZVALUES-LOW.
        CALL FUNCTION 'RSEC_INSERT_FLAT_AUTH'
           EXPORTING
              I_AUTH = ZAUT-low
              I_RANGE = T_RANGE.
         CLEAR T_RANGE.
      ENDLOOP.
  ENDLOOP.
  Activate the program.
  Now when you run this program you'll be prompted for 3 parameters.
  The first is a list of Analysis Authorizations names that you wish to change.
  The second is the name of the InfoObject you want to insert to those authorizations, by default is 0TCAIPROV but you can change it to whatever you want
  The third is a list of values that will be inserted for those InfoObject.
  Therefore imagine that for authorization ZZZA, ZZZB and ZZZC you want to insert the object 0CUSTOMER with the values xpto, yyyy, and wwww.
  You would in this case run the program with the following parameters:
  AUT:
  ZZZA
  ZZZB
  ZZZC
  OBJN:
  0CUSTOMER
  VALUES:
  xpto
  yyyy
  wwww
  Please assign points,
  Diogo.

• InfoObject - Business Explorer Tab and field Authorization Relevant

  Is their a SAP utility / table / or transaction which can identify a field flagged on InfoObjects.
  I would like to determine all active InfoObjects which have the "authorization relevant" flagged on the
  InfoObject - Business Explorer tab.
  Version 7.0
  Thank you ...... dan

  Hi Dan,
  trIf you have used old analysis authorizations of BW3.5, in transaction RSSM if you click on Check authorization infoobjects for all infoproviders you should find a list of all authorization object which are in productive use.
  However, it does not give you the list of object which are marked as authorization relevant and have not been used in any productive cubes.
  Try table RSDCHA in se16. CHARNM - Put your char name and in OBJVERS put A. Authorization relevant flag would be 'X', if it is marked for authorization relevance.
  Hope it helps,
  Regards,
  Sunmit.

• Authorization Relevant Infoobject restriction for particular value

  Hi All,
  We have infoobject - 0COMPCODE which is authorization relevant. In query designer authorization variable - ZAUTH1 has been created.
  Now users want to restrict one particular Company Code (Ex- RU10) globally, so that none of the users will view this particular company code.
  We can't restrict this in query designer. Users can select among the company codes in the input selection of the report.
  Authorisations have been mantained in BW3.5 version
  Need help on this urgently.

  Hi Asish,
  Two ways.
  1. You can exclude the company code in the default values section, so that they would be able to view it in the list they see.
  2. You can exclude it in the authorizations assigned to the roles of the users. Give all the company code values in the authorization, except this company code, so that since the auth variable is createed in the query, you woulld view only the company codes that are authorized.
  Hope this helps.
  Regards
  Snehith.

• How can I activate 0CURRENCY  as Authorization Relevant?

  Hello gurus,
    I have many reports that use 0currency in the parameters in order to use a certain currency.  How ever we want to restrict the options using authorizations. 
  When I tried to mark 0currency as authorization relevant, i couldnt do it.  There is no tab of business explorer where I can mark it.
  ¿Does anybody knows how? or if it is not ossible, ¿how can i solve this problem?
  thank you!
  David Guerra

  Standard unitinfoobjects dont have Bex tab...if we use customized infoobjects we can

• Table name for authorization relevant InfoObjects

  Hi Gurus,
  In which table I could see all Authorization relevant InfoObjetcs ?
  Thanks
  Liza

  Hi,
  Table RSDCHA, field AUTHRELFL.
  or
  1. Go to RSSM t-code
  2.click the radio button Authorizations for several users there u have to enter ur login  Id name
  3.right hand side 1 spects symbol is there for disply-- click on it.
  It will show u all authorisation Infoobjects for u.
  Try this link. this might be helpful.
  Program to find the list of Authorization relevent info objects for given
  Regards,
  Haritha.
  Edited by: Haritha Molaka on Dec 7, 2009 5:47 AM

• Authorization Relevent Scenarios

  Hi All,
  I need a help of your suggestins to get a proper way to write my thesis over New Bi Authorization topic.
  I want to ask you what are the possible authorization scenarios you can think according to your experience.
  for example
  I have few of them
  1.Restriction to the one value of an InfoObjects.
  2.User has access to two projects in one project he has access to few material plant while in other project he has access to all material plant.
  3.You have for an InfoObject the checkbox authorization relevant has activated. What are the effects of this on other projects.
  4.How Authorization to the hierarchy nodes are defined.
  5.How combination of value authorization restriction and hierarchy authorization is working.
  can you think more of such scenarios.
  Please forward me as meny possible  authorization scenarios you can think.so that i can implement these scenarios as an prototype and it will be helpful to me to write my master thesis.
  Hope for the positive and quick answer from your side.
  With Best Regards And Thanks,
  Deepak

  Well,
  User has access to one key-figure for one project and all key-figures for another project;
  User has automatic filled authorization while executing a query;
  User has his/her authorization automatically filled in a user exit while executing any query;
  User has access to company code has a navigational attribute authorization with for example 0PLANT__0COMP_CODE instead of 0COMP_CODE and even for example 0PLANT is not marked as authorization relevant;
  User has access in one project to view the data (executing queries) and in another project he/her has access to plan the data (write data);
  Diogo.

• List Database Table – Infoprovider, InfoObject, Flag Authorization Relevant

  Dear Expert,
  I’m working with SAP BI 2004s user management & authorization. I have several objects that I’ll have check. I don’t like check one by one, I like to check for the SE16 transaction, for this reason, I need to know what is the database table have content Infoprovider by InfoObject (Characteristics) which each have the flag authorization relevant.
  Moreover, in the same idea, which database has content Queries by Infoprovider which authorization variable?
  Thank for all,
  Luis

  For your first question:
  In addition to be above mentioned table, RSDCUBEIOBJ will give the information about Infoprovider and all the Infoobjects within this infoprovider.
  1. Find all the authorization relevant Infoobjects from RSDCHA table and copy them.
  2. In the table RSDCUBEIOBJ, paste all the Infoobjects obtained from 1 in the field "Infoobject". The result will be list of Infocubes and their corresponding authorization relevant Infoobjects.

• Error when trying to make an infoobject "Authorization Relevant"

  We are getting the following message in German when we try to make an infoobject - 0PERS_AREA "Authorization Relevant" (using RSD1), Can anybody help us in translation of this nmessage and possile remedy. In fact, I tried other infoobjects as well lke 0ORGUNIT, 0EMPLOYEE, etc with the same message.
  "InfoObject 0PERS_AREA: Keine Berechtigung, um die
  Berechtigungsrelevanz zu ändern"
  Thanks
  Raj

  hi raj,
  You should do first this :
  1. Goto RSA1->Click on Infoobjects->Select ur Infoobject(0PERS_AREA )-> rightclick->select Change It will give Change Characteristic screen in this screen-> click on Business Explorer Tabstrip observe in general settings vey below ur having one <b>check box for  " AuthorizationRelavent"-> check that check box --->save +Activte.</b>
  next u have to follow these steps :
  1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
  EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
  first u ahve to decide which area & on which Infoobject.
  2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
  2.after that U Have to goto RSSM there u have to create authorization object
  Ex: Zxxx ( XXX is Infoobject Name ).
  3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
  4.next goto PFCG create role & save it
  5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
  6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
  7.click generate +enter
  8. goto user tab Enter userId+enter + click on usercomparision+ enter
  9.save the role.
  FOR HIRARCHIES:
  1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
  2. there u have to select Hierachy on which u have to apply authorization.
  Thanks,
  kiran

• Mark InfoObject authorization relevant

  Dear Community,
  we've activated "authorization relevance" in one of our frequently used InfoObject and added it to an authorization object.
  We've the situation that the field information of this InfoObject disappears in reports.
  (The authorization object is nowhere marked as relevant for a DataProvider)
  Am I right that this isn't an expected bw system behavior??!
  Thx for some tips or remarks in advance.
  br, michael

  Sounds very peculiar...
  Did you add the authorization object to any roles? Did you specify any restrictions on values?
  For an overview of how we chose to implement security, see the following thread:
  Re: Auth Relevancy Not Working
  Hope this helps...
  Bob