Necessary Authorizations for BI Consultant

Dear All,
    What are the necessary Authorizations for BI 7.0 Consultant to work on a BI development system ?
     I have created source system (ECC Dev system), installed Bex analyser and I would like to verify if there are any standard tasks to be performed to make the system ready for BI consultant and required authorizations to perform all the activities.
Thanks,
Nick.

Hi,
The basic authorizations you need are RSA1, then you need to have access to all the infoareas, objects. You need access to modify, create, activate objects. In addition you'll need access to maintain master data for master data objects, monitor job loads, process chain access, query creation and change access. Query execute access. Authorizations to replicate datasources, activate them and access for creation, change and activation of DTPs, Infopackages and Transformations is also needed.
These are some of the basic authorizations you need in the development system.
For all other systems, you only need display authorizations for all objects.For data viewing, it'll be based on what security you get. Based on the client strategy in some places, you might get authorization to create, change and activate infopackages and DTPs. But to maintain the integrity of the Process chains and the environments, the best practice would be create these objects in dev and then transport them.
Cheers,
Kedar

Similar Messages

  • Authorization object for full authorization for PP consultant

    HI Experts
         Please suggest me a suitable authorization roles and objects which provides all the transaction codes relevant to PP. Thanks
    Kind regards
    Ayaz

    Ayaz,
    That is dependent upon which company you are working for, and in which type of client (dev, qual, prod, sandbox, etc.) you are expected to work in.
    I have seen everything from 'SAP_ALL' to 'no logon' set for every consultatnt for every client, in different companies. So,  speak to the company's authorization specialist.  For a basic listing of PP Roles, look at
    http://help.sap.com/saphelp_erp60_sp/helpdata/en/c6/239038570de04be10000009b38f8cf/frameset.htm
    The bottom line is you must have enough authority to perform the required work.  There is no 'standard' set of roles for consultants.
    Best Regards,
    DB49

  • Authorizations for document management

    Hi,
    I'm trying to figure out what every authorization means and which effects it has...
    I created a new user, gave him all the necessary authorizations to use certain transactions in Document management by making a new role/profile for him
    After trying everything out, I still have a few questions:
    - with Authorization for change object link (C_DRAD_OBJ)I have the following properties:
    Activity: change, display
    document type: DRM-DRM
    linked SAP object: *
    document status: *
    I know how to display my object link, but how can I change it? <b>Do they mean with changing the object link, the creating of long text for the link or is there more to it?</b>
    - with authorization for document access (C_DRAW_DOK), I can't figure out what the options "Display Application archive" and "Change application archive" mean.  Which effect does it have when I choose them? Where do I consult the application archive? What is the application archive? => SOLVED
    - Do I also have to give the authorization "Display" when I want to give the authorization to delete something?  How can I delete a document info record without displaying it? =>SOLVED
    - <b>With "Status dependent authorizations for documents" (C_DRAW_TCS) what do the following options do?</b>
            *change application start (which difference with change?)=>SOLVED
    display application start (which difference with display)=>SOLVED
            *<b>request</b>
            *display archive =>SOLVED
            *change archive=>SOLVED
    I know it are a lot of questions but I'm making documentation on the authorization profiles of document management and when I figured those few last things out, I can share my documentation with the rest of you...
    Message was edited by: Vicky Liesens

    Good morning,
    Havent been watching this thread for some time now, so please shout if you do have any questions.
    Just a quick note on deleting documents:
    Setting the deletion indicator will simply mark the DIR for deletion, but, it will still be on the dB.
    After you have set the DIR for deletion, you need to run the program "MCDOKDEL", which has a test mode and a real mode.
    This program will physically delete the documents that you have marked for deletion.
    Regards,
    Freddie Botha
    www.documation.co.za
    SAP DMS, CAD Integration, Data Archiving, Imaging and Scanning and Workflow
    [email protected]

  • Report S_ALR_87013105 : no authorization for the report/ table 7KU6_001

    Hi Gurus,
    While executing the program S_ALR_87013105 (Detailed Reports 
    For Sales Order : Plan/Actual Comparison ) system showing the selection log.
    "Have no authorization for the report/table  7KU6_001 and 7KU6_002".
    But for the user the authorization check through SU53 was successful.
    Pl can any one suggest on this issue.
    Thanks in advance,
    Vijay

    Hi,
    Contact your basis consultant to provide the missing authorisation. This is one of the authorisation object.
    Regards,
    Sankar

  • What's the best way to do authorization for my app?

    The authorization situation is somewhat complicated for my app.
    Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM.
    From what I've seen so far, there are two different options of setting the authorization for the component:
    1. Set its Condition
    2. Set its Security Authorization Scheme
    Here is my understanding for each (from my limited experience with APEX):
    1. Set its Condition
    + Can pass in parameters such as :APP_USER, page numebr, P0_ITEM. So I can just create one function that does all the authorization
    - Have to combine the SQL query with the component's non-authorization display conditions, if any.
    2. Set its Security Authorization Scheme
    + By name, it seems like it should be used for authorization
    - Cannot take in parameters relating to the page, such as the page number --> therefore I will need to create many different schemes, for all the different pages.
    #2 will end up with a long list of schemes (each with its own SQL queries) for different pages, which doesn't seem as efficient as #1 with far fewer SQL queries and just take in parameters.
    Which one should I pick?
    Thanks!

    953006 wrote:
    Thanks fac586 for the detailed response, and also everyone else who replied. You guys are very helpful and respond promptly. And we'd appreciate it if you changed "953006" into a real handle promptly.
    Andre mentioned using conditions:
    The way I work around this is to have two functions, one which is used at the page level as a normal authorization scheme and one which can be passed variables which is called as a Condition and the name of the item is one of the variables, in effect giving it "self awareness".But fac586 said:
    You can't pass "parameters" to authorization schemes. Use application items, APEX collections or application contexts to set current context before the authorization scheme is evaluated, and access these values in the functions.Does this mean, fac586, that we can avoid conditions altogether? No, it means that I prefer to use Authorization Schemes to control access to resources based on user privileges and security, and Conditions to control rendering and processing for functional reasons. Using the approach described above I have found it possible to maintain this separation.
    Say if a page has two buttons, Button_A and Button_B. Button_A has a set of requirements for displaying and Button_B has its own set of requirements (some of which are shared with Button_A). So far, the only way that I can see of using pure authorization is to write 2 different authorization schemes, and set the authorization schemes for the two buttons respectively.What's the problem with that? Consider a more concrete example using a standard APEX report/form pattern for customer maintenance. Page 6 contains the report, and page 7 is the maintenance form with P7_CREATE and P7_SAVE buttons. Only users entitled to create new customers should have access to P7_CREATE, and only users able to edit customers access to P7_SAVE. This would be controlled by the CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes respectively. Functionally, conditions are used to show P7_CREATE if the P7_CUSTOMER_ID is null, and P7_SAVE if it's not null. We don't mix non-functional security considerations with functional requirements.
    The CREATE_CUSTOMER and EDIT_CUSTOMER authorization schemes are of type PL/SQL Function Returning Boolean. These are implemented using package functions. Exactly how a user has create/edit customer privilege is determined in the package. Determinants that are shared by multiple schemes can be combined at this level. These implementations can be changed as necessary without requiring changes to the application.
    The authorization schemes are reusable across pages and components. On page 6, CREATE_CUSTOMER can be used on the "Create New Customer..." button; EDIT_CUSTOMER on the report column containing the "Edit" links.
    Each component of the app is authorized based on not only the user, but also the page number, the value of at least one P0_ITEM. So I guess this goes back to my original concern with Authorizations:
    [Using purely authorizations] will end up with a long list of schemes (each with its own SQL queries) for different pages [and page items] ....
    Re: VPD policies. Note that in the example above there's no need for the authorization schemes to "know" which pages/items are being evaluated. The P7_SAVE button and the page 6 link column are involved with the EDIT_CUSTOMER operation, so that authorization scheme is applied to them.

  • Issue with authorizations for BPS

    Hi Experts,
    There was an issue with authorizations for BPS. We have a large number of agents that need to enter plan data via a layout. In order to control the necessary authorizations, we would like to filter via something similar to a user exit using a function module in order to avoid having to define authorization objects for each of the agents who have access to the systems. Right now, we are not sure if there is user exit concept available as it is for BW variables. Any body experienced similar issue may share their experience.
    Regards,
    Ankit

    Hi,
    In BPS, you can use user specific variables or you can set up a Variable of type exit. You can also have a variable of type authorization which uses the security / authorization of the BW system.
    Hope it helps...
    Cheers,
    Tanish

  • How to restrict authorization for OBC4

    Dear all
    How to restrict authorization for obc4( field status) for user id wise
    Regards
    nasa

    Hi Nasa
    You try to use the S_TABU_LIN object. With this object you can control access to tables (called from maintenance views, SM30 etc) based on the database key for the table.
    And as far as I cant see, the OBC4 transaction is just a couple of maintenance views for V_T004V andf V_T004F.
    You can find a small how-to [here|http://www.mhn-consulting.com/s_tabu_lin.html]
    Regards
    Morten Nielsen

  • Missing authorization for the plant - Message no. ME303

    Missing authorization for the plant - Message no. ME303
    I am getting the above error while creating the PO.
    what is the cause of error?
    How do I rectify this?
    I have used the right data, till yday it was working fine. I doubt some config change has happened

    Hi,
    Check with your basis  consultant whether the authorization is change ?
    Regards,
    Chetan.

  • Section Wise Authorization for automatic payment (F110)

    Hi SAP Gurus,
    Our client wants Section Wise authorization on Automatic Payment (F110). That is User A is authorized to make payments for the vendors which have open line items which has section XX. While User B is authorized to make payments for that particular vendors which have open line items which has section YY.
    While execution F110 by User A, system will make payment for all those open items which has section XX. But, when User B is executing F110, system will make payment for all those open items which has section YY.
    Please guide, how to achieve the results.
    Points will be awarded
    Regards
    Rajesh Gupta

    While executing F110, you can choose BSEG-SECCO in 'Field Name' field in 'Free Selection' tab and enter particular values for this field in Values field, i.e. XX or YY.  That way, you can segregate payments.  As far as authorization issue goes, check with your security consultant if particular users can be given authorization for F110 transactions for particular values of BSEG-SECCO field; I am sure this can be done in user authorization profile by the Security Team.

  • Authorization for credit limit - risk categoryu200F

    Hi All,
    I would like to control field risk category by authorization.
    I have configure in Field Groups and assign it to user roles using object
    F_KNKA_AEN.
    and below for the authorization objects for credit management:
    1)V_VBUK_FRE
    2)V_KNKK_FRE
    3)F_KNKA_KKB
    4)F_KNKA_MAN
    5)F_KNKA_AEN
    But the fields are still not grey out.
    Is there any other configurations not completed?
    Is there any alternative methods?

    Hi,
    Take the help of basis consultant and give authorization for display onely then it will appear as gray
    Kapil

  • Active authorize for field in TCode MIGO

    Dear All
    In Display material Document (by MIGO), there are field GOITEM-DMBTR (Amt.in loc.cur.)
    How to active the authorize for this field
    For Example  User A can display this field and user B can't display
    Would you like help me please
    thanks
    imron

    hi...
    this can be done by basis consultant...
    if u r missing authorization then...run SU53..and note down the object which is giving the authorization issue..
    and then ask ur basis consultant that..assign that object to particular user role...
    Try this out..
    Thanks

  • No authorization for changing Customer Centrally- Idoc in Error Status 51

    Hi Experts,
    We are implementing MDM for one of the client.
    The client  runs a  modification scenario in MDM for Customer Master.
    He modifies a customer record in MDM and this record is transfered from MDM to ECC via PI through Idocs.
    We are using standard Idocs for Customer Master which is DEBMDM
    There are 2 Idoc's generated in ECC by PI from DEBMDM as DEBMAS and ADRMAS.
    ADRMAS Idoc is succesfull in ECC and the corresponding record is modified.
    Now the issue is that the corresponding DEBMAS Idoc goes into Error 51.
    The Error details is as below:
                                                                                    No authorization for changing vendor Centrally                                                                               
    Message no. F2326                                                                               
    System Response                                                                               
    You cannot access the requested data.                                                                               
    Procedure for System Administration                                                                               
    If necessary, include an entry in the user's authorization profile for  
        the authorization object and parameters specified below.                                                                               
    Authorization object:                                                                               
    o   F_KNA1_APP                                                                               
    Parameters:                                                                               
    o   Activity: 02
        o   Application authorization : *
    We gave the respective authorization object to the RFC User ID used in PI RFC created to connect to ECC.
    Also we have given the user id  Tcode authorization like XD01/02/03.
    But this error still persists.
    Request to throw some light on this.
    Cheers
    Dhwani

    Check these threads
    [Re: IDOC STATUS - 51 " IDOC HAS TEST STATUS|IDOC STATUS - 51 " IDOC HAS TEST STATUS";
    [Error Inbound IDoc - Status 51|Error Inbound IDoc - Status 51;
    thanks
    G. Lakshmipathi

  • You have no authorization for this transaction in plant: M7120

    Hi guys.
    I am getting the error message(M7120) "You have no authorization for this transaction in plant XXXX" when performing 101 movement for production order using MIGO.
    /nsu53 doesn't return any object. Why?

    Hello Arun,
    It is a standard message. SU53 should show the exact authorization object which has been blocked. Or you can also try to check this with T code ST01.
    Refer the below threads & seek help from your basis consultant to get this resolved.
    Authorisation missing
    authorization error in mbbs transaction | SCN
    Regards
    Mangesh S

  • *NO AUTHORIZATIONS FOR CREATING ACCOUNTS IN COMPANY CODE*

    HI
    NO AUTHORIZATIONS FOR CREATING ACCOUNTS IN COMPANY CODE
    SYSTEM MESSAGE:
    No authorization for creating accounts in company code 3333
    Message no. F2305
    System Response
    You cannot access the requested data.
    Procedure for System Administration
    If necessary, include an entry in the user's authorization profile for the authorization object and parameters specified below.
    Authorization object:
    F_KNA1_BUK
    Parameter:
    Company code: 3333
    Actions: 01
    KINDLY THROW UR IDEAS

    Hi,
    You have not been authorized for this transaction. Please speak with your BASIS guy he will give you the authorization.
    Regards,
    Abhee.

  • Need authorization for business document services attachment list with user status in ps claim for clm2 and clm3

    Dear Friends,
    client wants to restrict the attachment list changing, deletion after the user status sets to close in PS Claims for transaction clm2 and clm3.
    Currently any one can attach documents as GOS and delete even the claim is completed and status is closed.
    How can we restrict all users even who created the claim can not change create and delete attachment list documents once the claim is completed and approved and user status sets to closed.

    HI,
    what is the claim creation transaction in that 01 is for creation 02 is for edit and 03 for display so with the help of basis consultant you can assigned transaction in user's assigned role accordingly.
    But user who is authorize for create claim can not modified or edit once he save the job. this would be limitation.
    Regards,
    Sanjeev

Maybe you are looking for

  • Sharing from gallery not working.

    Earlier it was pissible to share directly froom gallery .. but now it shows feature not supported. Any idea how to solve it??? ajeeTsingh

  • FS-CD

    Hello Experts, Can someone throw light on the topic SAP FS-CD in IS-Insurance and explain the basics. Would appreciate if anyone can upload the documents related to FS-CD to Wiki section in this forum. Regards, Harish

  • [SOLVED] Apache Error code: ssl_error_rx_record_too_long

    Hello, I have been fighting with this error for the past week, with lots of googling, but no dice. I get the above error when trying to access a web page through apache using ssl. Any pointers? I am assuming this is a configuration problem... Thanks!

  • Sxmb_moni  ERROR MESSAGES

    How to e-mail the error messges from SXMB_MONI  that appear in R/3 to the users .

  • Converting QT to Tiffs - No Alphas?!?

    I'm converting QT's with embedded alphas (Millions+) into Tif image sequences and it works, but it fails to preserve the alpha channel. They are missing in the newly created tifs. I've searched the Image Sequence settings but don't see any alpha opti