Missing authorizations for authorization object UIU_COMP
I have generated the pfcg role for a business role using report CRMD_UI_ROLE_PREPARE and assigned the pfcg role to a user.
The user is apparently able to perform navigation as required. However, when a ST01 trace is run for the user, there are few missing authorizations for UIU_COMP. Could anyone please explain the reason for this? No changes have been made to object UIU_COMP i.e. only values generated by the report is present there. Should the missing authorizations be added manually to the role?
I would recomend that you define for component UIU_COMP in your pfcg role full access (all set to *), because this authorization object is used for access to web ui components. Even thou if you define this object to full access users will still see just components defined in business role.
Regards.
Similar Messages
-
Data Authorization for info-objects
Dear Experts,
We have designed a query in costing displaying the plan and actual costs by cost center. Our requirement is that that users shoul be able to see only those cost centers in the query which are relevant to them? How can I acheive this without creating multiple queries?. Is there any authorizatin abject that I can use for this purpose?
Regards
SuneethHi,
Pls check the below
Data Warehousing Workbench u2013 objects/S_RS_ADMWB
Authorizations for working with individual objects of the Data Warehousing Workbench. In detail, these are: source system, InfoObject, monitor, application component, InfoArea, Data Warehousing Workbench, settings, metadata, InfoPackage, InfoPackage group, Reporting Agent settings, Reporting Agent package, documents (for metadata, master data, hierarchies, transaction data), document store administration, (Customer) Content system administration, broadcast settings.
Data Warehousing Workbench u2013 InfoObject/S_RS_IOBJ
Authorizations for working with individual InfoObjects and their subobjects.
Until Release 3.0A, only general authorization protection was possible using authorization object S_RS_ADMWB. General authorization protection for InfoObjects still works as in the past. Special protection using S_RS_IOBJ is only used if there is no authorization for S_RS_ADMWB-IOBJ.
Regards,
Marasa. -
hi friends,
i have doubt in authorization. i created authorization object in rrsm, i created roles in pfcg and i need to enter my info object for this authorization, but i am unable to fing my info object in pfcg . how can i get this one. and when i want save my report in roles, can i create roles first and save that report in that role. ple give me clarification
Thanking u
suneel.so,
i went pfcg , i created some role, some name like zrole, but i didnt find that role name when i was saving my querry in rrmx screen.
in pfcg i need create just role name or can i do any other thing.
today i was trying to create authorization for my one info object, i am not getting my output.
su ppose i have on einfo object M1_ODS , how can i give authorizations.
first businees explorer give authorization relevent
next RRSM create object and can i select radio button for object or cube. and move ur info object
in PFCG create rols and go to authorizations and give manually ur authorization object in (chnage authorization data) and i need create user and assign this user to my role. when i have seen with new use i am getting all bw liek normal when i open bw screen, i didnt find my only object in the new user.
in PFCG menu tab is red that is no problem .
Thanking u
suneel. -
Authorization for local objects only
Hi,
Is it possible to use authorizations in BW so that a user has read access to objects in a package, but has create/change access to local objects (i.e. $TMP)?
The reason I ask is that we don't want trainee's to damage existing objects but still have the ability to learn by developing. We do not have a BI sandbox environment, nor the time or capital to implement one.
Ian.Thank-you for the response.
Do you mean something like flag all Z and SAP objects as not changeable for these users?
Development is still going on by different users and this should not be impeded. -
Authorization for generic object services - GOS - payroll data
Is there anyway to restrict what people see via GOS? I can't see any authorisations behind it except S_OC_ROLE. Seem users can view payroll details of a workflow agent in the workflow logs(view with technical details). Its a wild shot that an end user will find this information in the container tab but it look like a massive security flaw.
I will be interested to know if others have the same problem and how they resolved it.
ThanksThis issue relates to authorisations. Depending on infotypes available to the user, they will be able to view data relating to the info type.
I will now have to review all authorisations to ensure there is no unauthorised access. -
Object level authorizations for reports
HI
I have 20 charactesr in cube , around 15 have navigational attributes.
i need to give authorizations for 5 objects only .( navigational attributes).
i have 10 reports, i need 2 reports only authorizations relavant.
if i restrict 5 objects authorizations , its effect all queris? in this scenerio i need to create 2 cubes?
ple let me knowhi suneel,
As you said you require authorization for 2 reports, you can restrict those Infoobjects with the authorization variables and in the other 3reports use that object but do not restrict to the authorization variables..
So, the user will be able to see whole data for 3 reports where authorization is not used.
Hope it is clear.
Thanks
Lavanya -
Object level authorizations for deffirent user restrictions
Hi
i have 1 object, this object have only 3 values?
i need authorizations for this object at report level?
rsa1- i keep authorization relevant?
rsecadmin i can include this object , here i need give from value and to value? i have 3 values only? suppose user 1 want only 1 value? user 2 need 2 and 3 value? how can i restrict like this ? ple let em knowHi Suneel,
Go to RSECADMIN.
Here, in maintain authorizations, create authorization for your characteristics along with the special characteristics.
i.e. in your case, create authorization(assume 0plant is marked as authorization relevant)
0PLANT
0TCAACTVT
0TCAIPROV
0TCAVALID
Double click on each characteristic to assign them the authorized value set.
Thus, you will create two authorizations
Z_PLANT_1
0PLANT...................I..EQ..............1
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Z_PLANT_2&3
0PLANT...................I..EQ..............2
..............................I..EQ..............3
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Go to RSECADMIN again in user tab in assignment, assign these authorizations created to the respective users.
Like assign User1 -
>Z_PLANT_1
................User2 -
>Z_PLANT_2&3
Refer the link below for more information
[Analysis Authorization|http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm]
Hope this helps,
Best regards,
Sunmit. -
No authorization for backgroung user for log deletion
Hello,
I have included program SBAL_DELETE in a process chain in order to delete expired application logs periodically. But it doesn't work because I get always this message from backgroung monitor: "You do not have authorization to delete all these logs".
If I run program manually via SLG2 it works correctly.
The background user has profile S_BI-WHM_RFC.
Can anybody advice what am I missing?
Thank you.
BranislavHi Branislav
For the administration processes that are bundled in a process chain, you require authorization for authorization object S_RS_ADMWB.
To work with process chains, you require authorization for authorization object S_RS_PC
Check this link
http://help.sap.com/saphelp_nw04s/helpdata/en/e3/e60138fede083de10000009b38f8cf/frameset.htm
Regards,
Naveen -
User Authorization for a Query
Hi,
I have assigned a single role to a user, in which I have authorization for all the Infoproviders, including authorization for reporting. The user is able to access most of the queries, except one query. If there is a problem, he should not have accessed all the queries.
What problem could have prevented the user from accessing on particular query???
Any Ideas will be highly appreciated,
Thanks and Regards,
Ravi SankarSome possibilities:
The one query which the user is not able to run , who is the author of this query?
You need to give authirozation for the object S_RS_COMP1.
If the user has authorization for this object, then the next possibility is:
The query may have a filter or a characteristic value for which the value is not set for the user.
Ravi Thothadri -
No authorization for archiving device
hi
while archiving the document from coebr trasaction,
I am getting following error.
No authorization for archiving device
Message no. PT041
Diagnosis
In archive customizing, you can assign an archive device to an archive. Otherwise, the value from the profile parameter 'rspo/default_archiver' is used, or the default value 'ARCH'. However, the user does not haev authorization for this device.
Procedure
Assign the corresponding authorization to the user. The system checks against the authorization object 'S_SPO_DEV'.
I have given the authorisation the particular user, but still the error is coming.
regards,
nitinHi,
Object S_SPO_DEV
Authorizations can be assigned for printing on the specified printers via the object S_SPO_DEV. By generically assigning printer names.
Check the authorizations for the object S_SPO_DEV and their assignment.Please check if you have authorization for authorization object S_SPO_DEV and in that you have the value for local printer.
Only the printer which is assigned to the user in SU01 can be used by the user
Useful Tcodes : SU22 and su53
Use SAP Note 119147.
http://help.sap.com/saphelp_nw04/helpdata/en/c7/58c902e5bf11d18e2b0000e83dd9fc/frameset.htm
Regards,
R.Brahmankar
Edited by: R Brahmankar on Sep 18, 2008 2:33 PM -
No authorization for maintaining
hi
i am trying to enter the tcode VOFM system shows this massage
Authorization for displaying table TFRM only (authoriz. grp VS)
Message no. VP260
Diagnosis
You do not have the authorization for maintaining object S_TABU_DIS and the authorization group relevant for the table (maintained in table TDDAT).
System Response
No authorization for maintaining
Procedure
Enter the authorization for the object and the group in the user master record, if the user is to be authorized.
helpHi sdnguna ,
when the message was displaed, use
Menu system->ustilities->Display authorization Check.
Send this screenshot to responsible team.
Regards,
Clemens -
Authorizations for document management
Hi,
I'm trying to figure out what every authorization means and which effects it has...
I created a new user, gave him all the necessary authorizations to use certain transactions in Document management by making a new role/profile for him
After trying everything out, I still have a few questions:
- with Authorization for change object link (C_DRAD_OBJ)I have the following properties:
Activity: change, display
document type: DRM-DRM
linked SAP object: *
document status: *
I know how to display my object link, but how can I change it? <b>Do they mean with changing the object link, the creating of long text for the link or is there more to it?</b>
- with authorization for document access (C_DRAW_DOK), I can't figure out what the options "Display Application archive" and "Change application archive" mean. Which effect does it have when I choose them? Where do I consult the application archive? What is the application archive? => SOLVED
- Do I also have to give the authorization "Display" when I want to give the authorization to delete something? How can I delete a document info record without displaying it? =>SOLVED
- <b>With "Status dependent authorizations for documents" (C_DRAW_TCS) what do the following options do?</b>
*change application start (which difference with change?)=>SOLVED
display application start (which difference with display)=>SOLVED
*<b>request</b>
*display archive =>SOLVED
*change archive=>SOLVED
I know it are a lot of questions but I'm making documentation on the authorization profiles of document management and when I figured those few last things out, I can share my documentation with the rest of you...
Message was edited by: Vicky LiesensGood morning,
Havent been watching this thread for some time now, so please shout if you do have any questions.
Just a quick note on deleting documents:
Setting the deletion indicator will simply mark the DIR for deletion, but, it will still be on the dB.
After you have set the DIR for deletion, you need to run the program "MCDOKDEL", which has a test mode and a real mode.
This program will physically delete the documents that you have marked for deletion.
Regards,
Freddie Botha
www.documation.co.za
SAP DMS, CAD Integration, Data Archiving, Imaging and Scanning and Workflow
[email protected] -
No authorization for screen variant
Hi,
one of my user getting the error " No Authorizatin for screen variant" in KB11N.
sateeshDear Sateesh,
Have you checked the authorizations for the object K_PVARIANT? In order to access different screen variants, the user should have the appropriate values for this object.
Regards, -
Authorizations for Broadcasting
Hi,
When I click on the Send button in BI web, in Bex Broadcaster window, a message is displayed "You do not have authorization for Display" "No authorization for Query". The "Create New Setting" button is also disabled.
Please can anyone let me know what authorization is required to broadcast the reports.
Regards,
NishaHi Nisha,
You would need the authorization to the query or web template or any BEx object that you are trying to broadcast.
Check this by running that object. ie running the query in BEx analyzer (You should not get an authorization error here)
To create a broadcast setting you need authorization to object S_RS_BCS
Filed name - Activity - Full authorization ( Create or generate & Delete )
To schedule broadcast setting S_RS_BCS filed RS_EVTTYPE. Again give yourself full auuthorizaton.
Fianlly, you need the authorization for authorization object S_RS_ADMWB for field RSADMWBOB BR_SETTING and Activity - Full authorization.
Hope it helps,
Best regards,
Sunmit. -
Necessary Authorizations for BI Consultant
Dear All,
What are the necessary Authorizations for BI 7.0 Consultant to work on a BI development system ?
I have created source system (ECC Dev system), installed Bex analyser and I would like to verify if there are any standard tasks to be performed to make the system ready for BI consultant and required authorizations to perform all the activities.
Thanks,
Nick.Hi,
The basic authorizations you need are RSA1, then you need to have access to all the infoareas, objects. You need access to modify, create, activate objects. In addition you'll need access to maintain master data for master data objects, monitor job loads, process chain access, query creation and change access. Query execute access. Authorizations to replicate datasources, activate them and access for creation, change and activation of DTPs, Infopackages and Transformations is also needed.
These are some of the basic authorizations you need in the development system.
For all other systems, you only need display authorizations for all objects.For data viewing, it'll be based on what security you get. Based on the client strategy in some places, you might get authorization to create, change and activate infopackages and DTPs. But to maintain the integrity of the Process chains and the environments, the best practice would be create these objects in dev and then transport them.
Cheers,
Kedar
Maybe you are looking for
-
BT Make Final Adjustments for Faster FTTC Broadban...
BTOpenreach has advised ISPreview.co.uk that their first trial of VDSL Vectoring (ITU-T G.993.5) technology, which could make even faster speeds available to more people on BT’s superfast (‘up to’ 80Mbps) hybrid-fibre (FTTC) broadband network, has be
-
Hello, I'm trying to use the automatic configuration messages feature of Nokia website, configuring web/email/mms of a new phone. It seems that from Italy access to the service is not possible (since long ago, weeks). Why? Thanks!
-
Hey, I activated my Student and Teacher edition, so now i have a Serial Number. But I need the Download Link for Photoshop Lightroom where I can activate my Number. Or do I have to install the test Version?
-
Edit and Store a Script Object
Hi, All! I know there must be a way to do this: I want to be able to create a script based on user input and then store it for later use. Here's an example: display dialog "How many beeps?" default answer "1" set beepNum to text returned of result as
-
What are these guides and how can I hide them?
Thank-you in advance!