P_ORGINCON Authorization Value of P

Similar Messages

• Authorization value as ":" in BI 7.0

  Hi All,
  We are facing some authorization issue for one of the query. Some users are not able to execute the query due to authorization error on company code. We have executed the query in RSRT through users id and logs shows company code values are populated as ":" for them. We have included authorization variable in the query and authorization values are already maintained properly.
  Please let us know when the authorization values populatd as ":" and how to resolve this issue.
  We are using BI 7.0 authorization.
  Any help on this is highly appreciable.
  Thanks,
  Meghana

  Hi,
  Along with remaining values in RSECADMIN assign" :" under sales org to resolve the issue.
  check the following link for more details.
  Re: Authorizations missing for aggregation (":")
  hope it works...
  regards,
  Raju

• Table that stores Analysis authorization values

  Hi all,
         We generated analysis authorizations for users on Profit centers. In RSECADMIN for each user we see an automatic authorization object being assigned with a name like RSR_000234  so on. We can see the values (profit centers) for this object when we double click on it. I would like to create a list of all users and the assigned profit centers. Can you please tell me if a table is available to get this list.
  Thanks,
  Ram.

  Chetan,
           We are loading authorizations values to 0PROFIT_CTR from ECC and flatfile into the Authorization DSO's and generating authorizations to assing the profit centers to users. I would like to see the profit centers assigned to a user. For example suppose if a user is assigned a particular region. I would like to see all the values of the profit centers assigned to the user from a table rather than going to the hierarchy and getting the list for each region.
          The tables that you specified give the userid and the technical name of the authorization(RSR_000234..) but I would like to see the actual values in the authorization.
        Hope I am clear. Thank you for your assistance.
  Ram.

• RSECADMIN - Authorization Value Entry with Leading zeros

  Hello All
  Issue: RSECADMIN does not allow to enter a authorization value with "leading spaces". This is an issue for us.
  I am using Analysis Authorizations in BI 70.
  We have one object say Product Line Char 5.
  We have 2 values
  '   01'  ==> SID 1
  '01   '  ==> SID 23
  Both have different SID
  In RSSM based security design, I was able to enter value '   01' and then authorization was processed and user was able to access the data '   01'. In RSECADMIN, system does not allow me to enter '   01'. It puts this as 01 all the time and then looks for SID 23.
  Anyone have any experience on this? I am looking for specific guidance if you have found any solution.
  Thanks
  Pankaj Gupta

  Hi Andreas
  It seems to me that after " ' " it considers the whole field as blank. Also field is 5 character long and with Open "  ' " and close " ' "I and 01 I can only have one space before 01. I wanted 3 space and then 01.
  I will test this and let you know.
  Following worked for us:
  1) Created a custom hierarchy that keeps '   01' on a node and then use that node to tell what value user is authorize.
  2) And it worked. It sounds crazy idea but I was running out of the tricks.
  3) It is simple RSECADMIN maintenance tcode bug. It trys to help in Data Entry by Left justing the value. That help was not needed and nessasary at all. Let user get Raw Data Entry screen. Anyway this is not End User Interface tool.
  Thanks a lot.
  Pankaj Gupta

• Special Authorization Values for characteristics

  I had a question about the authorization value '*' (asterisk)
  SAP defines how this can be used as follows:
  (asterisk)
  .. Denotes a set of arbitrary characters
  .. Used alone to grant access to all values
  .. Used at the end of a value to specify a simple pattern (example: SAP*)
  Here is my situation:
  InfoObject A: Values can be: A,B, C, A1, B1, C1, C2, A1G, B1D, C1A, C2A etc.
  If a user has authorization of C, it automatically means he is authorized to view values C1, C2, C1A and C2A. In this case can I assign values
  C, C and C** (I am doubtful abt using *(double asterisk))
  Please clarify.
  Thanks

  Asterisk denotes a set of arbitary characters
  Used alone to grant access to all values
  used at the end of a value to specify a simple pattern(example SAP *)
  +(Plus)
  Denotes exactly one character
  Used at the end of a value to specify a simple pattern (example - RED+)
  Used to specify date patterns(only for validity (OTCAVALID))
  Hope it Helps
  Chetan
  @CP..

• Authorization values to auth object

  Hi,
  Please let me know how to find the possible authorization values for an custom authorization object..
  thanks.

  Hi,
  the definition (and also display) of possible values for activity can be performed in SU21.Doubleclick on the object->there is then a button in the popup: 'Permitted activities'.
  Depending on the values checked in the coding (statement 'authority_check') you can also maintain suggestions in SU24 for the corresponding transaction. So if you do not know any values at all, an analyze of the coding will be necessary.
  b.rgds, Bernhard

• Extract authorization values

  Hi,
  Is there a way to extract specific authorization values for a particular user?
  In SUIM, using "Users by Complex Selection Criteria" will display all the authorization & values.  You then need to find that particular authorization, say "P_ORGIN" and go through each one of them to find the values assigned.  It is very tedious if the user have a lot of the "P_ORGIN" authorization assigned.
  I think in this case, SUIM is not the best way.
  Is there a way to quickly zoom into and look at all the values in just that particular authorization, in this case, "P_ORGIN"?
  Thanks

  If your focus is on HR authroizations one of the ways :
  SE16 - table name AGR_USERS
  The technical name will provide the assignment coming from organizational management.
  Take just those roles :
  use SE16 -  AGR_1251
  Which will give you an output export to excel filter on P_origin.
  If you are not using Organizational management:
  Then use SE16 - AGR_1251 find roles having P-origin
  get the role list and use AGR_USERS to find role to user relationship.

• Authorization values for 2 different queries

  Hi,
  I have an info object which is a authorisation relevent info object.
  I had used this info object in my 2 queries. Our requirement is when the user executes the query1, he should be able to see the data only for the authorized values which has been given in PFCG. But, when he executes the second query, there should be no check and query should display all the data irrespective of the values given in PFCG.
  Basically, Query1 should execute as per the PFCG values and the Query2 should execute bypassing the PFCG authorization values.
  Can anyone please help on this.
  Thanks
  Ramesh Ganji

  Hi,
  First create a role with the following authorizations (full)
  flight no - * (all accounts allowed)
  Define a query without any restrcitions/filter so that when the user 1 runs, he can find all the data from this query.
  Now define one more query wherein restrict flight no as 001
  Now when the user John runs this query, he can find only 001flight details
  In this way, just by defining only one role, you can achieve ur requirement by using restrictions at the report level.
  Regards
  Pavan Prakhya

• Authorization values by role table AGR_1251

  hi,
  I need to find the authorization field values for a user. I am proceeding as follows:
  Select values from table AGR_1251 but in the field values i.e. for BUKRS LOW and HIGH fields has values '$BUKRS'.
  Can you tell me that which table will have the actual values for BUKRS as assigned in PFCG (1000, 2000, 3000).
  Thanks,
  FS

  Hi,
  Try to fetch the details from table AGR_1252 .
  you will get the low and high values assigned to the organization level.

• P_ORGINCON authorization problem in PA20

  We are implementing context-sensitive roles using P_ORGINCON and are encountering a problem with PA20.  When a user is granted authorization to PA20 in a role, the system is correctly providing access to the infotypes specified in P_ORGINCON for the specified authorization profile.  However, if a user has additional infotype access given by P_ORGINCON in a separate role which does not include PA20, those additional infotypes are now available to the user in PA20.  For example, access to infotype 0008 is given in a reporting role so the EEO-4 report can be run.  The user can correctly run the EEO-4 report, but now can also see IT0008 in PA20 even though IT0008 was not specified in the security role for which PA20 is a listed tcode.  What is making PA20 provide 'cumulative' infotype access beyond what is specified in the PA20 role?

  Hi,
  Yes, your understanding is correct. SAP treats authorization by objects not by roles. For example, to check whether user has access to certain transaction it reads all objects S_TCODE (P_TCODE) and if it is there grants access, the next step read data - SAP reads all objects P_ORGINCON and if access rights are there grants access to the data. So it is cumulating access rights by authorization object.
  With P_ABAP the full access will only be given to report specified in the object, all other reports will follow standard authorization procedure.
  Cheers

• Authorization variable not filled with authorization values

  Hello All
  I post a similar message earlier this week, I thought that my issue was solved, but it was not.
  I've got a workbook with 4 differents queries.
  There as an authorizations variable in each query. This variable properties is as follows :
  **General tab**
  Type of variable : characteristic value
  Processing type : authorization
  Characteristic : company code
  **Details**
  Variable represents : selection options
  Variable is : optional
  Variable is ready for input : yes
  I've followed recommandations from OSS notes 976680
  My issue is : if I run each query individually, variable is filled with authorized values
  If I run the workbook, variable is not filled with authorized value, so when end user run the workbook, BW consider that end user wants to see all data and get "No authorization".
  I don't understand why variable within the workbook doesn't show the authorized values and why the queries do.
  Any suggestion about this issue ????
  Thanks
  Catherine

  Hi
  thanks for replying
  I ran the query with UserID from RSECADMIN and I could open the query. But if I want to select 0profit_ctr I get this error No authorization to characteristic values.
  I  checked the log and this is the message.
  Value Authorization
  InfoProvider FIGL_MP1
  Value Authorization for Characteristic 0PROFIT_CTR
  Building the Buffer...
  Building the Buffer...
  No Authorization for Values
  thanks

• Report users & authorization values in release strategy

  Hello,
  I want a report which displays the user names and their release codes from the authorizations which the users have.
  Is there any standard report?
  Thank you.

  Dear Landra,
  There is no standard report to get this data. But you can get this by combining the data of the 2 tables AGR_1251 & AGR_USERS.
  1. Goto SE16 --> table AGR_1251. Give Z* for Role, M_EINK_FRG for Object & FRGCO for Field Name and run it.
  2. Goto SE16 --> table AGR_USERS. Give Z* for Role and execute it.
  Vlookup both the reports in step 1 & 2 to get the list of users having access to a particular Release Code in the system.
  Regards,

• Populating Authorization value in Customer exit

  Dear Experts,
  I have two info objects Sales org and Plant and both are hierarchies.And both are having the same values
  ie Sales org A100 = Plant A100
  And Sales org hierarchy is like this:
  A100 ( Top Node)
  -A110 (Child of top node)
  --A111 (child of A110)
  -A120 (Child of top node)
  --A121  (child of A120)
  Sales org is authroziation object and plant is not.
  Users are provided authroziation based on Sales org , but our requirement is to popullate the same value to plant variable as well in the query.So in case if they want to drill down there wont be any problem.
  I have created a query with sales org as input varible and plant as customer exit variable.
  Suppose a user is authorized to top node ie A100 sales org and in the query if he inputs sales org as A111 which is a child node of A110
  then my plant vairable should  be populated with the top node which user is authroized to ie A100 iresepective of what ever he enters.
  If the user is authorized to A110 and if he enters A111 then my plant should be populated with A110.
  I am trying to get that info from tables UST12 etc but it would be great if someone throws some light on how to do this requirement.
  Thank you for the help.

  Please see my reply to your another thread.
  Please do not open the thread for same issue twice.
  Regards,
  Ganesh Bothe

• FM Delivering Authorization Values

  Hello All.
  I am working with SAP Netweaver 2004S.
  I need an ABAP function module which imports
  - a user name
  - a cube name
  - a name of an infoobject (included in the cube).
  The module then should deliver the list of this infoobject's values which the user is authorized for.
  Is there any SAP standard function module that meets my requirements?
  Regards. Peter.

  CALL FUNCTION 'F4IF_INT_TABLE_VALUE_REQUEST'
      EXPORTING
        RETFIELD               = 'KUNNR'
        DYNPPROG               = SY-REPID
        DYNPROFIELD            = 'P_OWNER'
  *    VALUE                  = ' '
        VALUE_ORG              = 'S'
  *    MULTIPLE_CHOICE        = ' '
  *    DISPLAY                = ' '
       CALLBACK_PROGRAM       = SY-REPID
  *    CALLBACK_FORM          = ' '
  *    MARK_TAB               =
  *  IMPORTING
  *    USER_RESET             =
      TABLES
        VALUE_TAB              = IT_KNA1[]
  *    FIELD_TAB              =
       RETURN_TAB             = IT_RETURN[]
  *    DYNPFLD_MAPPING        =
     EXCEPTIONS
       PARAMETER_ERROR        = 1
       NO_VALUES_FOUND        = 2
       OTHERS                 = 3
    IF SY-SUBRC   0.
  * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
  *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
    READ TABLE IT_RETURN INDEX 1.
    WRITE : IT_RETURN-FIELDVAL TO P_OWNER.
  Code Formatted by: Alvaro Tejada Galindo on Jan 7, 2009 12:26 PM

• Dynamic Authorization VDSK1 Values?

  Hello,
  I was wondering if there is a way i can get some of the authorization values (e.g. org unit in HR) dynamically without specifically giving these values in the authorization Object P_ORIGIN, vield VDSK1?
  there is a lot of users with different access depending on their org key, and it is not reasonable to create 30 or 50 roles just for them to be able to access system ?
  I hope there is a solution for this. thank you all in advance.
  regards,
  Mo A

  Thanks,
  but could you tell me how ? This is first time i read bout structural authorization and i read a document on how to use it but it seems there is something missing which is giving that "Failed HR Structure Authorization".
  what i did is as follows and if there is something missing or done wrong please comment on that:
  1. Maintain structural authorization profile in view T77PR
  2. Assign structure authorization profile to user in view T77UA.
  thats all i did ? is there more steps or configuration to be done beside the above 2 steps, please advise ?
  Regards,
  Mo A