Missing Authorization in BI 7

Similar Messages

• Missing Authorizations Scenario (SU53) in GRC AC 10

  Hello Gurus,
  Good evening !!
  I was wondering how can GRC AC 10 system help when an end user has missing authorizations ??
  General scenario is if an end user hits a transaction and gets "Not Authorized" , he will send a SU53 screenshot and depending on that the Basis/Security person will assign a role or directly add a transaction to his "Base/Default" roles.
  I am unable to visualize , how can we handle this scenario of missing authorizations in CUP or BRM .
  Please provide me your inputs on the same.
  Thanks in advance.
  Regards,
  Victor

  Hi Victor.
  Am I correct in understanding that your concern is more about how the Security admin will determine which role/access to assign to the user given the SU53 report?
  Personally, I would still use a report like SUIM within the local system to determine the correct role to assign to the user (if they should have it in the first place). Obviously ensure that the required roles are imported into the GRC system.
  In summary, use your "As-is" process to identify what the authorization issue is, as well as the method for determining which role to provide to the user to resolve the issue, but the only thing that has changed is the "how to assign the access" i.e. you are not using SU01/PFCG as it would be hoped that you are using the GRC Access Request functinality to submit the role request/s.
  I hope that has cleared up the initial misunderstanding I had.

• 'Document store operation failed due to missing authorization'

  Hi all,
    I am getting the error message 'Document store operation failed due to missing authorization' when trying to save the workbook as the existing Workbook after changing the structure for it. We are using the Authorization Hierarchies.
  What is the problem and how can I fix it, PLEASE ???
  Thanks.
  Message was edited by: Venkat Kodi

  check out the related thread:
  What is this error

• Missing authorization for the plant - Message no. ME303

  Missing authorization for the plant - Message no. ME303
  I am getting the above error while creating the PO.
  what is the cause of error?
  How do I rectify this?
  I have used the right data, till yday it was working fine. I doubt some config change has happened

  Hi,
  Check with your basis  consultant whether the authorization is change ?
  Regards,
  Chetan.

• Missing authorization for plant ' '

  User is missing authorization for plant ' '
  User trace gives the following missing authorization
  Object:
  M_IS_WERKS RC=4 MCINF=S039;WERKS=' '
  Can anybody help me out to find the meaning of space( ' ' ) in plant or any field?
  thank you in advace

  *  Prüfung, ob Berechtigung für die Werke existiert
    SELECT * FROM T001W INTO TABLE AW_HLP_T001W
                        WHERE WERKS IN AW_WERKS.
    DESCRIBE TABLE AW_WERKS LINES SY-TFILL.
    IF SY-TFILL > 0.
      FLG_SELECT = 'X'.
    ENDIF.
  <b> clear aw_hlp_t001w-werks.                       " note 124769, ver.04
    collect aw_hlp_t001w.                           " note 124769, ver.04</b>
    LOOP AT AW_HLP_T001W.
      AUTHORITY-CHECK OBJECT 'M_IS_WERKS'
               ID 'MCINF' FIELD AW_MCINF
               ID 'WERKS' FIELD AW_HLP_T001W-WERKS.
  There must be a reason to add an empty line, which causes the silly authority check. As far as I understand Note 124769 you have got to add  plant ' '. See Note 408003: ."Create an authorization for the authorization object M_IS_WERKS which contains the value WERK =  . Refer to Note 124769."

• EDMS: 'Missing authorization for this functionality' when searching user

  Hi,
  I've activated ALC authorization for DMS. In EDMS, when trying to add an user to a DIR with search function an error occurres as below.
  'Missing authorization for this functionality'
  BTW, the user has contains SAP_ALL profile. It can't be any authorization reasons.
  Regards,
  Yemi

  Hi,
  authorization checks will not happen if the search help from sap-gui.I
  think the problem is releted to missing implementation of "check
  function module" from your side. If the search help is linked to a
  "master data table" (type A) a check function must be implemented to
  check the permission of the user.
  This function module is read from table BAPIF4T.                 Please
  check the following link:                                 http://help.sa
  p.com/saphelp_nw04/helpdata/en/a5/3eca044ac011d189
  4e0000e829fbbd/content.htm
  http://wiki.sdn.sap.com/wiki/display/PLM/Object+Link+search+in+EasyDMS
  Regards,
  Hari

• Troubleshooting missing Authorization.

  Dear All,
       One of the project member reported a problem that she could not upload a document to solution manager. I have verified su53 and it says that authorization check failed. Authorization object --> S_IWB (Knowledge warehouse)
    Object class BC_C Basis -Development environment.
    Can any body suggest how to start troubleshooting and adding missing authorization object please ?
  Many Thanks,
  Nick

  Hi Nick,
  Please go through the docs in help.sap.com.
  http://help.sap.com/saphelp_nw04/helpdata/en/02/4af54075198431e10000000a1550b0/frameset.htm
  Also what roles did you assign to the user. Please check if there are authorization objects related to uploading documents in Soultion Manager.
  Please reward some points.
  Regards,
  Kiran.

• Workbook: Document store operation failed due to missing authorization

  Hello authorizer gurus,
  I have got 3.5.
  I have transported.
  I try to open a workbook.
  I am getting a Error Message:
             Document store operation failed due to missing authorization
  Newly saved Queries as workbook can be openend.
  What's wrong ?
  Thank You
  Martin Sautter

  Martin,
  To get a detailed message about the error (including which authorization objects the user needs to have to be able to perform the action that caused the error) use ST22. It sounds like they are missing the Open authorization for workbooks.
  Cheers,
  Rusty

• Missing authorizations for authorization object UIU_COMP

  I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
  The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP  i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?

  I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
  Regards.

• Missing authorizations in QAS for each n every t code

  Hello All,
                 i have created one role in QAS adding tcodes to it when i tested it it is showing missing authorizations for every tcode when i see in su53 and i tried to assign manually in su24 also but it is saying no changes are permitted in this client so if create a new role in DEV and transport that role to QAS if so how can give me steps in detail as if iam new to security plz do help me.
  Regards
  upendar.D

  he means on pfcg when role is designed and when generating profile, for object you already know you can assign what you want then for field that you don't understand what it is for leave it blank first. assign the role to the user. login as the user then try the transaction if it failed on authorization check go to su53 directly by using /nsu53, check what object is being error and what value expected by the transaction. edit and regenerate profile for the role again. try transaction again. repeat until success.
  Christian Rose wrote:
  Hello,
  >
  > just adding transaction to a role is not enough, within the role you have to go to tab "Authorizations", goto "Maintain Authorization Data and Generate Profiles" in change mode and generate the profiles via the according button.
  >
  > regards
  >
  > Christian
  Edited by: Henry Hsu on Oct 13, 2011 12:12 PM

• Missing authorization already filled in

  Hi forum experts
  im having a problem with some authotizations on the CO class.
  despistes the values are filled in when we maintain in PFCG, when the user runs the tcode (KS13, KSBT), theres always the message "missing authorization". We run the SU53 the missing values are already filled in (Actvt, Kokrs, Kostl, Kstar).
  all of the cost centers are active, and even when the fields have *, the su53 returns missing auths.
  TY

  TY - You can check the buffer of a particular user via SU56. The missing Auth object that is displayed in SU53 can be checked for its values in this tcode. Press F5 is you would like to check other users buffer .. Perform a user comparision and such things should get resolved. Hope it helps.
  ~Sri

• Toubleshooting on missing authorization.

  Hi SAP all gurus,
  I have a problem regarding troubleshooting on missing authorization issues.
  I got a ticket to solve the missing authorization, i tried with SU53 to solve that. and I got 20 similar roles regarding the missing authorization when I check with SUIM. My question is which role I want to assign the end user from those 20 roles. FYI all 20 roles have that missing authorization identity.I'm confused which role is helpful for me. Please give me your valuble suggestions and its very helpful to me.
  Thanks in advance,
  Sridhar

  Hi Sridhar
  Running an SU53, finding an authorisation failure and then hunting for an additional role to assign isn't the answer really (well - there are no perfect answers - just different ways of doing things).
  Say the user is running ME22N everyday and, when trying to change one particular purchase order one day they get a 'you are not authorised' message. They complain bitterly to their work colleagues who say 'well  I can do it'. then to their manager who looks at the screen, tuts, and tells the user to fire off an email or log a call with the help desk right away as it's stopping them doing their job.
  That user may have been working perfectly well for many years, doing the same task until today, their colleagues (who can run the transaction) have joined recently, having moved positions in the business and can access the purchase order no problem.
  The thing is - should they really be able to change this one purchase order or not? They've managed fine, processing perfectly as expected with no complaints from any other person in the procurement chain.
  Having an authorisation failure and getting it fixed isn't always the thing to do, the user may actually have the correct access and all the other people may have too much access. In this example the user may have failed on doc type UB when all they should be accessing is doc type NB, the more recent joiners have access because of badly controlled access requests or legacy access..
  You need to use logic (and hopefully some competent role owners) to make sure you aren't assigning any old role just to clear a logged ticket.
  Hope this helps a little bit!
  Kind regards
  David

• Profit center and comapny code missing authorization problem.

  Could you help any body,i have some missing authorization problem with profit center and company code,
  How to search the roles  which having require profit and company code values.
  Is there any way to search.
  Please let us know very fast.
  Thanks in advance

  Another, and probably much easier way, is just to use Ctrl + Y... and use subsets of the selections in the SUIM reports.
  But I can well understand the temptation to use tables or at least double-check the SUIM output against them.
  The bugger with tables is that you can easy make the same mistakes or more than the SUIM reports do, or use old obsolete tables, or incorrect logic when interpreting single fields of the user tables.
  Personally,  I would normally check the exits first. Developers don't always raise self-explanatory messages...
  Cheers,
  Julius

• Missing authorization for processing condition

  Hi  All,
  We are having  a problem with our pricing procedure zxxx.
  we created a pricing procedure and connect it to a java formula.
  this formula return an error message :
  " Missing authorization for processing condition zxxx "
  in debug we see that this message come from the formula and not some kind of authorization check.
  ( even a user with "sap all"  get this message ).
  does any one know how to solve this?
  or:
  does any one know how to debug the java formula ?
  thanks,
  Lilach.

  Hi,
  Check with your basis  consultant whether the authorization is change ?
  Regards,
  Chetan.

• Missing authorization for transaction VC/2 (Sales summary)

  Hi Expert,
  I am running transaction VC/2, but I get the message VB500 "the list is incomplete due to missing authorizations".
  Via transaction SU53, I see that it is object M_INFO_MCB with auth. field MCINF which is missing.
  Do you know what this object field is about?
  Thank you.
  Kind regards,
  Linda

  Hi,
  First goto SUIM T.Code.
  click on "Authorisation Objects".
  Select "Authorization Objects by Complex Selection Criteria".
  Enter "M_INFO_MCB" as "Authorization object".
  Execute.
  It shows that this is related to "Evaluation: Evaluation Structure".
  The path is:
  SPRO>Logistics General>Logistics Information system(LIS)>Flexible Analyses>Select layout reports for evaluation structures.
  Maintain values here.
  Save.
  Regards,
  Krishna.

• Missing authorization check to display master data error..

  Hi,
  We are in SRM7.0.
  After adding content in my shopping cart, I am trying to change the Account Assignment in the Item Details from Network to Cost Center or GL Account.
  Under Item Overview, after changing the Account Assignment to Cost Center, I go to "Assign Number" to add a Cost center..On clicking the matchcode search box,  I get selection entries like Cost Center, Controlling area etc..If I click on the Search box without keying anything, I get a "Missing authorization check to display master data error".
  I get the same error, when I try to select Assets under Account Assignment area and use search under Assign number. I dont get any errors on searching networks.
  Am we missing any authorization check in the backend ?
  Regards,
  Rajan.K

  Hello Rajan,
  You could use transaction ST01 in SRM to perform some 'authorisation' trace.
  It might give you some pointers to the issue.
  Regards,
  Franz