Planning Stucture authorization issue in SCM
Hello Experts,
Need your help.
In our SCM7.0 system, we have implemented FM: /SAPAPO/MCP_PERMISSION_CHECK2 for authorization check to Planning Structure Infocube. That is working fine.
Now Users are facing authorization issue in Prodcution when they executed transaction /n/SAPAPO/SDP94 with below message.
Error message: You do not have authorization for all the characteristic values selected Message no. AUTHORITY041
Analysis authorization trace message: " Message EYE001: You do not have sufficient authorization for InfoProvider ZDM_PLN1 with activity 03.
We have assigned customized analysis authorization and that is maintained with InfoProvider "0TCAIPROV" as " * ".
Earlier this was working fine in production but now users are getting authorization issue. When we tested in other systems, it is working fine.
I appreciate your help in this issue.
Regards
Ravi
Edited by: Ravi K on Jul 5, 2011 6:04 PM
Ravi
Verify the selections in the Production system v/s the test system. Are they exactly the same ? I can think of two possibilities -
1. User is attempting to access a selection where he/ she does not have access to at least one of the CVC's filtered by the CVC.
2. The selection definition should (but does not in your case) contain the characteristic on which the authorization is setup.
Rishi Menon
Similar Messages
-
Authorization issue in WAD when executing planning function
Hi All,
I am facing the bellow authorization issue-
Termination message sent
WARNING BRAIN (800): You do not have the authorization for component !!AZF2PO_AGR
MSGV1: ZF2PO_AGR
MSGV2: REP
MSGV3: !!AZF2PO_AGR
MSGV4: 16
ABEND RSBOLAP (002): No Authorization
I am getting this issue When Calling Planning function from WAD application using button. This authorization fail is happening in portal when the Planning function is executed.
Error explains that there is no authorization for component u201C!!AZF2PO_AGRu201D.Where as in actual we donu2019t have any component as stated.
Instead we have an aggregation level with technical name ZF2PO_AGR.
We have already Assigned the below Planning objects-
S_RS_ALVL
S_RS_PLENQ
S_RS_PLSE
S_RS_PLSQ
S_RS_PLST
To Summarize-There is a web application with button linked to planning functuion.When clicked on this button after execution of web template we get the above error.
Have found note 1000006,but it says Support package 12 and all but we in support package 20Hi Guys,
I know this thread is answered but I have a similar problem I think.
I have a WAD that is published to the portal. I have added the WAD to a page via a hyperlink, the page resides in KM. When a user opens the page, via a URL iView, the see the page, but when they click on the link to open the WAD, I get the following error:
Portal runtime error.
An exception occurred while processing your request. Send the exception ID to your portal administrator.
Exception ID: 07:19_26/02/10_0067_18934750
Refer to the log file for details about this exception.
When I assign the Super Admin (UME Role) to the user, they can execute the WAD no problem.
I am not an Authorizations person, so any pointers as to where I should start looking would be greatly appreciated.
Thanks.
Freddie. -
Issue with Planning sequence authorization in WAD
Hi,
There is a planning sequence which I can execute through Modeler without any issue. However I am not able to execute the same from WAD. It says 'You are not authorized to execute planning sequence....'
Please advise.
Regards,
SSChI,
You need to create one role in which add planning related authorization object ie
S_RS_PLSE Planning Function
S_RS_PLSQ Planning Sequence
S_RS_PLST Planning Service Type
S_RS_PPM Authorization Object for BI Planning Process Management etc....
and attach to your id.
I think you do not have authorization for S_RS_PLSQ.
try this.
Regards,
Ganesh -
Authorization Issue to Upload file in Integrated Planning
Hi All
I have included the planning role for the user...which is the same as mine..I can execute and upload the file..when I login with the user iD, it says you are not authorize to upload zFILE_SEQ/...in my role..there is Z* values also..
No idea how to rectify as I dont see any problem??
pppls help..Hi,
Could you please look into the authorizations that restrict data selection for the user, say if he control one or two costcenters and you have access to all costcenters. Also you need to have that object in the Aggregation level that allow the user selection. You need to include that info object restriction based on authorization value in the aggregation level and in the upload file.
Also try to execute the input ready query from RSECADMIN T-CODE . Use the 3rd tab and choose the user id and choose with log .Then on the next screen will be RSRT and choose your input ready query and execute. Then choose back button and the pervious screen choose display log, which will give you detail log on the authorization issue ...
hope it helps...
cheers,
Balaji
Edited by: Balaji NS on Jun 4, 2011 1:47 AM -
PGI for STO - Mvmt :351 - Authorization issue
Hi,
I have an authorization issue while posting GI. In my scenario, user does GI by movement type 351 for Plant A to Plant B or Plant A to Plant C. To execute this transaction, he needs authorization for Plant A, Plant B and Plant C. Restricting the authorization to only Plant A does not allow him to post GI, But if he is authorized for Plant A , B and C then he can do GI for B to C or B to A as well. Please suggest if there is any authorization object to sort it out.
YuvnishI am also experiencing this issue with movement type 351 in my Project.
The Project authorisation design has restricted roles to particular movement types and users to particular plants.
We are seeing that movement type 351 is requiring authorisation access to both the issuing and receiving plant (presumably becuare the movement puts the stock into 'stock in transit' stock of the receiving plant, so needs access to this plant).
However, giving the user access to multiple plants means the user can transact other movement types in these other plants - because the authorisation has been opened up for multiple plants and the authorisation check on plant seems a higher level than movement type.
In our design users should be restricted to just their own plant and in the case of the 351 movement be able to transact the movement 351-GI out of their plant successfully without needing the access to the 'receiving plant' as well. Is there a solution?
I note that movement type 303 does not require this open plant authorisation, and that movement puts the stock in 'transfer', whereas 351 movement puts the stock 'in transit', so I'm wondering what is the difference from an authorisation check perspective between these 2 movements? We will use 303 movement for the time being until a solution is sought for 351. We want to use Stock Transport Orders (with movement 351) from an MRP perspective (movement 303 doesn't work with planning).
Many thanks -
Secured WebDAV Mounted Volume Authorization Issues
I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
1) I am able to mount the secured WebDAV share using my security credentials.
2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
Thanks in advance for any insights.same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
Jun 11 12:34:52: --- last message repeated 1 time --- -
BI 7.0 Analysis Authorization issue: some reports displaying a blank page.
Hi All,
This is regarding BI 7.0 Analysis Authorization issue.
Overview:
we have restricted some queries at infoobject level.
Issue:
a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
d. Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
e. But when we execute the same report with Auditors ID then we get a blank page.
Any idea why this is so?Hi Neha,
I tried the below also,
GL Acnt
I EQ 0000134010
I EQ :
but still it didn't work.
No Infoobject is missing in Authorization Object.
For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
As mentioned earlier also it is giving me the below message,
""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION RS_EXCEPTION 301CL_RSR_RRK0_AUTHORIZATION AUTHORITY_02"
Kindly suggest, since this is a show-stopper for us!
Thanks,
Ishdeep Kohli. -
Variable screen/variant screen authorization issue
HI All,
We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
We have three selection fields:
1.Company Code which is mandatory
2.My controlling Area which is also mandatory
3.Costcenter which is not mandatory
The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
can anyone guide me on how to go about on this authorization issue at the variable screen itself.
Please treat this issue/requirement on high priority.
Appreciated in advance.
Regards,
raps.Hi,
I think that an alternative to solve your concern could be using Web Application Designer (WAD). In this respect, there are several design options, with different levels of complexity.
As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center. The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
I hope this helps you.
Regards,
Maximiliano -
Authorization issue - help request
Hi guys,
One of the consultants is having an authorization issue ( He is not abele to run a t-code)
I ask him to run a su53 report and i am not sure how to proceed with this.
Please help.
Here are the details from the SU53 report.
DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
User : VYXXX profile parameter authorization buffering 4
Authorization Object: F_KNA1_GRP
Description
Authorization check failed:
+ Authorization object F_KNA1_GRP Customer Account Group Authorization
Activity 08
Customer Account Group ZM01
Users Authorization Data :
+ Authorization object F_KNA1_GRP Customer Account Group Authorization
Authorization T-PD19002300
Authorization T-UG39000900
Authorization T-UG39001000
Please help me guys what need to be performed.
Regards,
Vamsi.Hi Vamsi,
SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
Then check-> which auth object is failing.
RC=4 means a object value is failing.
RC=12 means an object is missing!
Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
You can check the SAP documentation on running traces on the help portal of SAP. I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
Let me know if you have any questions
EOD for me :P . take care
Abhishek -
Authorization issue during Jump
Hi all,
I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
Both the multiprovider and the base infocube have the same authorization objects checked.
Can someone please help?
Regards,
Ashmith RoyPls have a look on the below thread:
Authorization by InfoArea
Regards
Ganesh
*Assign points if this helpful -
Authorization issue in Info spoke
Hi all,
I am facing some authorization issue when executing info spoke in process chain.
Info spoke is working fine in direct Scheduling (both background and Dialog).
Am getting this error after execution of process chain
"System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
"System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
"System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
"Extraction Cube : Error in DataManager API".
I dont know why this problem comes.
Can anyone tel me what went wrong and how to solve it.
Thanks in advance.
Kind regards,
Shanbagavalli.SHi All,
The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
Thansk,
Manjunatha -
Authorization issue after the Support packs upgrade
We're having problem on authorization issue after the SP upgrade.
One issue if "You are not authorized to call up line item display" using FCH1 and FS10N tcodes.
And the SU53 showing problem on S_TCODE FAGLL03.
How are we going to solve this issue? We dont want to add this missing auth object on all our finance roles.
Thank you in advance.How can i send you the trace file? What is your email address?
If I were you, I won't do that. Did you not ever sign some confidentiality agreement? I wonder.
Anyhoo... (copy right @ David)
What are the objects been caught in category RC=4, RC=12?
Relate them with functional aspect of the transaction (error screen)
Edited : You can paste RC=4, RC=12 objects here without customer specific value if you want to.
Regards,
Arpan Paik
Edited by: P Arpan on Aug 23, 2011 2:36 PM -
Authorization issue - need to know the Role providing this access
Hi,
User is facing an authorization issue below:
"You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
"You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
Kindly let me know what Role is missing from the user's profile?
Thanks and Regards,
Sachin
SAP Security ConsultantHi Murali,
It helped.
I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
I did user comparision and then user is able to view the below DataSources....
Thanks for your help, it triggered to find the root cause.
Thanks
Sachin -
Authorization issue to execute query via analyzer
Dear,
We are experiencing an authorization issue that we can not solve...
We have grant to user the expected objects to execute query (S_RS_COMP & S_RS_COMP1) and the central objects like S_GUI, S_USER_AGR.
When we test in RESCEADMIN, everything is fine. We can execute the query.
When we test it in the analyzer, the variable screen does not pop-up and we get the error message:
"There is no variable in the workbook, which allows user input"
Does anybody have a direction to help us to orientate our investigation?
Many thanks,
RodolpheHello,
What is the basic settings you have in the Query Properties basic setting tab
Try making it mandatory
Regards
Nitin Bhatia -
Authorization issue to view cube contents
Hi Gurus,
I am getting Authorization issue to view cube contents in Production server, When I execute the cube it is showing me the following statement.
"You do not have sufficient authorization for the infoprovider ZMMG_C05".
Please provide me a possible solution for this.
Thanks,
Jackie.Hi,
Two things to be checked with respect to authorization for this one.
1) Functional Roles: Check whether Info cube is present in the functional roles that are assigned to you.
If not you need to get the functional role in which the Infocube is assigned.
2) Data Access Roles: Check in the data access roles assigned to you, whether you have the access
to the selection that you are using to see the data in the info cube. Else, request
BASIS team to assign the appropriate data access roles to you.
Hope this helps.
Regards,
Bharat
Maybe you are looking for
-
Songs won't delete from iphone
I've absolutly had it. I have searched and done enough of that to find a solution to this problem. I directed a musical 2 years ago and I have the soundtrack still on my iphone. The problem is, I don't want it on my iphone any longer. I unchecked
-
I need to remove one purchased app from my iCloud and ipad. Needs solution immediately.
-
Error in Creating Excise Invoice for Factory Sale
Dear Friends: Using T.code J1IIN ( Create Excise invoice for Factory Sale), I entered data for billing doc,posting date,sub transaction type & pressed enter and tried to save it.I got the error 'Error in allocating internal document number interval n
-
How i can make my swf file appear full screen?
Salam; I need to make my swf view as a full screen in all browsers, i need to add code in fla file, not in html page, can i make that? thanks for any help ...
-
Play video (http) works, stream video (rtmp) does not; edge server not starting
However, I think the problem is the edge server not starting. I looked in the logs directory and found the core log, the master log. I also found /var/log/messages. Shouldn't there be an edge log? I did this from the readme: sudo ./fmsmgr server fms