Query field, Auth object (characteristic variable)
Please bare with me as I am a little new to this and dont really know what im asking. I have been asked to populate an Auth object for a BW query field via a user exit. Basically when you add a field to the row section of the query designer, say i add 'Grant' you then get a number of characteristics, one of which is Grant(Auth), which you can set to be processing by 'Customer exit'. I have been given the user exit but am a little unsure how i would go about populating this auth object field. Any help would be much appreciated
Regards
Martin
hi Mart,
check if helps
http://help.sap.com/saphelp_nw04/helpdata/en/6d/58f438114ee836e10000000a114084/frameset.htm
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1b439590-0201-0010-ea8e-cba686f21f06
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/media/uuid/696affac-0701-0010-f7b5-cc431fc9365d
Similar Messages
-
Single character wildcards ? PFCG, role, auth object
Hi community,
we want to implement a naming convention to control access to queries by query names, auth object S_RS_COMP, RSZCOMPID. The naming convention is e.g.: Z_xx_ST_yyy.
means:
digits 1-2: Z:_
digits 3-4: custom 2-digit identifier
digits 5-8: "_ ST _" stands for standard query
digits 9-30: custom name
we need to distinguish the users by the 2-digit identifier. but some power users are authorized for all standard queries, so we want to use a single character wildcard for digits 3-4. we tried with +, $, %, &, # and <blank>, but nothing worked.
also asterisk Z_ * STyyy does not work, it works like Z_ * then.
any idea? many thanks and
cheers,
Phil
Edited by: Phillip Lee on Jun 17, 2008 3:16 PMHi,
You are in BI 7.0? We also experienced smilar problem when we tried using wild character in 'Analysis authorization'. That wild character did not work. Finally we had to hard code without wild character.
Regards
S Meyyappan -
Populating auth object of a BW field
Please bare with me as I am a little new to this and dont really know what im asking. I have been asked to populate an Auth object for a BW query field via a user exit. Basically when you add a field to the row section of the query designer, say i add 'Grant' you then get a number of characteristics, one of which is Grant(Auth), which you can set to be processing by 'Customer exit'. I have been given the user exit but am a little unsure how i would go about populating this auth object field. Any help would be much appreciated
Regards
MartinHello Martin,
you can do this in i_step = 1 (called directly before variable entry) in Exit ZXRSRU01. There you can fill your auth object with FM RSSB_AUTHORIZATIONS_OF_USER. See also thread Re: BW Authorizations, examples and infos you can find in these docs: https://websmp210.sap-ag.de/sapidb/011000358700005475101999 and https://websmp210.sap-ag.de/sapidb/011000358700005475091999.
Hope this helps
Martin -
How to query objects on variable one-to-one relationship
Hi,
I have a situation here:
Application (APPLICATION table) has many payoffs (Payoff table); Primary key of application is the foreign key of payoff.
Payoff has disbursement, such as check(check table), directDeposit(directDeposit table) or Wire(wire table), which is variable one-to-one relationship. They share the same primary key
The query I need to run is to search application based on check number, How do I construct a query to perform this kind of search?
Thanks
Hao
[email protected]Hi Doug,
Thanks for all your help. But I guess I still need more details from you to help me understand the solution.
First of all, I want to make sure I make my case clear
Application (application table, pk: uniqueAppId) has many payoffs (Payoff table, pk: payoffId);
Payoff object has variable one-to-one mapping to Disbursement object, which is a abstract super clss for following objects:
Check(payoff-check table, pk: payoffId)
DirectDeposit(payoff-deposit table, pk: payoffId)
Wire(payoff-wire table, pk: payoffId),
The query I want to run is to get me back an application for a particular check number
From you email, first I thought "check" is a object, then your sample code showed it is a string. So I am kind of confused. The document you pointed seems not reflect my case. I wonder it is because I didn't present my case clear the first time.
Looking forward to your further help
Hao -
Hi,
I need to create one authorization object which contain only one field as sy-uname.
I carry out the following stapes:
1. I went to SU21
2. Create a class
3. create a authorization object
4. Add a field sy-uname in the field
Now , my query is that,
1. is it allowed to add sy-uname in there in the field or i have to put just 'uname' there. or what??
2. Is there any other steps required after adding the field in the authorization object
3. Do any one has some document on how these authorization object work execpt the F1 help on the 'AUTHORITY-CHECK' in the editor???Hi
In general different users will be given different authorizations based on their role in the orgn.
We create ROLES and assign the Authorization and TCODES for that role, so only that user can have access to those T Codes.
USe SUIM and SU21 T codes for this.
Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
This means you have to allocate an authorization object in the definition of the transaction.
For example:
program an AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT <authorization object>
ID <authority field 1> FIELD <field value 1>.
ID <authority field 2> FIELD <field value 2>.
ID <authority-field n> FIELD <field value n>.
The OBJECT parameter specifies the authorization object.
The ID parameter specifies an authorization field (in the authorization object).
The FIELD parameter specifies a value for the authorization field.
The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
http://help.sap.com/saphelp_nw04s/helpdata/en/52/67167f439b11d1896f0000e8322d00/content.htm
To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
Authorization : An authorization enables you to perform a particular activity in the SAP System, based on a set of authorization object field values.
You program the authorization check using the ABAP statement AUTHORITY-CHECK.
AUTHORITY-CHECK OBJECT 'S_TRVL_BKS'
ID 'ACTVT' FIELD '02'
ID 'CUSTTYPE' FIELD 'B'.
IF SY-SUBRC <> 0.
MESSAGE E...
ENDIF.
'S_TRVL_BKS' is a auth. object
ID 'ACTVT' FIELD '02' in place 2 you can put 1,2, 3 for change create or display.
The AUTHORITY-CHECK checks whether a user has the appropriate authorization to execute a particular activity.
This Authorization concept is somewhat linked with BASIS people.
As a developer you may not have access to access to SU21 Transaction where you have to define, authorizations, Objects and for nthat object you assign fields and values. Another Tcode is PFCG where you can assign these authrization objects and TCodes for a profile and that profile in turn attached to a particular user.
Take the help of the basis Guy and create and use.
Reward points if useful
Regards
Anji -
Auth objects required for creating super,power,end user roles
Hi ,
I need to create 3 roles according to the below requirement. can you tell me what auth objects req inorder to fulfill customer requirement.
1. Super User:
Have the access to Create/Modify/Delete own queries
Can create Variables, CKF, Structures, Formulas & RKF at the cube level (global)
2. Power User :
Have the access to Create/Modify/Delete own queries
Can create Structures, Formulas at the query level
3. End User
Have the access to run and navigate reports at the local level
Hope I will get reply soon
ThanksKarunakar -
Few things you have to keep in mind when you are giving access to the reports and queries.
S_RS_COMP only will not do.
have you assigned S_RS_COMP1 and S_RS_MPRO for info areas and multi/info providers.
and one more auth object S_RS_ICUBE for info cubes. you have to assign what ever the info cubes that you need to give access to the users.
Then only user will get full access.
precisely in order you can say,
S_RS_COMP
S_RS_COMP1
S_RS_ICUBE
and S_RS_MPRO.
These are main auth objects which are related to info cube, info area access and BEx access.
Hope this would give you clear pic. -
BI7 query needs to restrict on variable
Hi Team,
We have created a query in BI7 with variable & we are able to execute same query with value of variable. We have variable on grade field and grade field having values like A, B, C. We have created custom object like z_grade and provided corresponding info object values in that object. In technical character we are proving values only 'C' in from and to field still query is executing with all variables. We are providing access of S_RS_AUTH with values OBI_ALL
1. Let me know how we can restrict this query with variable 'C' only.
2. Let me know what the actual function of S_RS_AUTH object is in this regard.
Thanks & Regards,
DigambarHi Digamber,
Maintaining S_RS_AUTH as 0BIL_ALL is just like SAP_ALL, i guess you should go through the SAP BI Authorization concept.
Try searching in SDN Library for SAP BI Authorization concept.
https://www.sdn.sap.com/irj/scn/advancedsearch?query=sapBISecurity#sdn_content_category_value_library
Cheers !!
Zaheer -
Understanding complex query with selections(customer exit variables)
Hi experts,
I am trying to understand one query having a combination of selections and BEx variables in it.
In Characteristic Restrictions panel of Query Designer:
we have some CHARs restricted by means of authorisation variables
In Default Values panel:
some other CHARs without any filters
In free CHARS panel
some characteristics
In Rows panel:
some more chars that were placed in Default values panel
In Columns panel:
Formula YTD on selection YTD
Formula Monthly on selection Monthly
Selection on YTD characteristic(hidden)
Selection on Monthly characteristic(hidden)
Selection XX(in definition,I saw selection on YTD Keyfigure and a characteristic variable VAR1(i-step=1) filled with customer exit..this variable picks up right version of Master Data...our system has many versions of master data,one for each year)
Selection YY(in definition,I saw selection on Monthly key figure and the same characteristic variable VAR1 we used in Selection XX)
When I execute this..I see one variable popup which asks for values for year and version of master data...I enter master data version for that year and the year....I see the result...
Now I tried to experiment to learn...I deleted Selection XX and Selection YY and tried to execute....a variable popup asking for year...I enter year and tried to execute..it throws message---'Value for variable VAR2 cannot be determined'......
I couldnot understand this error because VAR2 is a customer exit characteristic variable defined in CMOD...ITS NEVER USED IN THIS QUERY...but defined in CMOD to pick up correct version of Master data..its defined in such a way that it picks value depending upon VAR1 varaible....both variables function is same...its just that VAR1 works on i_step=1 and VAR2 works on i_step=2 plus dependent on VAR1....
Can anyone understand why I am seeing error about VAR2 when its never used in Query....??
Thanks for your inputs....Hi Vikram,
I am unable to find VAR2 anywhere in query designer....Can it be like that its hidden?
Thanks and Rgds,
SChand -
How to Assign a Field value to a Variable??
Dear All,
Kindly let me know, if <b>"HOW TO ASSIGN A FIELD VALUE TO A VARIABLE????"</b>
Situation is, we have a Field (OBJK-TASER) in which 2 tables (SER01 & SER03) are stored. And we want to access names of the Tables which are there in the field(TASER) in (OBJK) table to a variable and then passing that variable to the sql query as a table name to get data accessed dynamicaly.try this
select TASER from OBJK into table it_table.
loop at it_table.
select field1 field2 from (it_table-table) into table it_fields.
endloop -
BW Authorizations/Report. Auth Object/KF's vs. Calc. KF's
We implemented a custom/reporting auth. object to protect key figures (1KYFNM) and it works well. The issue is that our user community never ceases to come up with new and even more creative requirements.
Let me illustrate the latest requirement:
I have locked-down access to certain key figures (let's call them 'KF A' and 'KF B') and therefore subsequently secure all combinations involving either one of the two meaning calc. KF D (KF A plus KF C) is locked down as well. I also need to mention that users are supposed to be able to create their own ad-hoc queries, which eliminates the option of limiting them to a query or set of queries that accomplish the following requirement.
There are certain totals, which are calc. KF's that the users are allowed/required to see even though they are not supposed to see what makes up these numbers (they should see calc. KF K which is made up of KF A, KF B, and KF H, etc. but not KF A and KF B).
Without the option of providing the users with rather static queries, I see another option as calculating 'KF K' (from the previous example) at the time of the load and just making it another key figure in the cube which then can be excluded from the auth. check previously mentioned based on the naming convention. The problem with that is that this will make reporting rather inflexible, increase load times as this calculation is rather complicated, and it will also create redundant information in an environment that is already experiencing substantial growth and volume.
Does anyone see any other solution?
Thanks,
JoergJeorg,
I'm afraid that there's no special authorization handling for calculated key figures. To my best knowledge, the approach to create another key figure at data load time via transfer rules or update rules would be the only one can work. While this approach may not be flexible, but the load time should not increase significantly if you just add two key figure values into a new one.
If you find this is approach is unacceptable or it is a common requirement among BW community, you might consider submit such requirement through ASUG BI Group or via OSS development request.
Thank you for your question and patience.
Regards,
Amelia Lo
SAP NetWeaver RIG, US
SAP Labs, LLC -
Is there a listing of all Auth.Objects for SAP and the discription for them
I would like to know if there is a listing of all the Auth.Objects for SAP out there somewhere??
Thank you,
Robert> Auth.Objects for SAP out there somewhere??
You want all the customer objects as well in all SAP systems?
(Or just those in your TOBJ?)
PS: Please try the F1 key on fields to find their tables (or structures) and give the search a try as well...
Cheers,
Julius -
I am trying to create a role for IMG display access only
I made ACTVT in all the Auth objects "03" or "display"
but in S_PROJECTS auth object, in "activity" there is no "display" , how do I make ACTVT in S_PROJECTS object "display"
Thanks
Message was edited by:
JackofalltradesHi,
First of all all activities dont apply to all auth objects.(for example generate activity might not be applicable for all auth objects)
So SAP proposed what activities might be relevant to a particular Auth Object.
This information is in TACTZ Tables.
So perhaps u can verfiy the table and u would find that the entries displayed in ur Activity for S_PROJECTS would be the same values as are in S_PROJECTS values in TACTZ table.
HoweverYou can maintain 03 for this object too.
Select the pencil button for the activity field.
It will take u to a dialog box which contains activity fields.
Now if u dont find the 03 field there. Then right click on the screen and select more values option.
It would display all the activities.
However if the 03 field is not mentioned as a proposed activity for that Object by SAP (u can see this info in TACTZ) then make sure that u actually need this object for doing any display activites.
Hope this helps
Manohar -
Collect metrics failed because 'Query Datacenter Managed Object Reference' is not executed
Hello,
This is my first post on this forum; I am working for a Cisco partner.
I am working on Tidal Enterprise Orchestrator 2.3.0.441 (hotfix1 and 2, content update 1), part of CIAC starter edition.
Scheduled Collect metrics failed in 'vSphere Datacenter Sync' and in 'vSphere Cluster Data Sync' parts
Problem is at the level of 'Query Datacenter Managed Object Reference'
Input is Datacenter name (well defined, value is not '*'), but this box is not executed (stay white). Next box : 'Set Datacenter MOR' define a variable with value 'Datacenter-' instead of 'Datacenter-[output of Query Datacenter Managed Object Reference]. And finally 'Create Cluster table" failed because a root element is missing (the datacenter name)
So my question is why 'Query Datacenter Managed Object Reference' is not executed ?
I change nothing in the workflow, and Datacenter is normally well defined.
thank you for your help,
Cheers,
NicolasThis particular utility workflow is set to not-archive completed instances.
This means that, after it finishes, it is not saved to the database and you can't see the runtime information. It improves performance and saves database space, but does make troubleshooting a little more roundabout.
You'll want to turn on archiving temporarily to see what the error message is. Open the process, go to the Options tab, and check the "Archive completed instances" box. -
RSCRM: Query date with customer exit variable
Hi All,
Is there any way to run the RSCRM transaction with a query with a customer exit variable for a date characteristic?
The issue is that the query ran ok but the variable is not being updated when the RSCRM query is running with a background job or a process chain.
Thanks in advance
EVI do not think you can select Customer Exit variable, if you see the type is selected to Char Value Variables and it is not editable.
It would be suggested to go for Customer Exit procesing type for your text variable.
Cheers,
Neel. -
How to access an object's variable from native code
i am passing an object in a native method.i have to change the value of the object's variable.how do i access the variable of object and assign it new value from c++ code.when i try to access it i get a message that the variable must have a class/sruct/union type.
pl. help.I'll tell You if You send me the structure of this object in Java. And a name of field what are You thinking about.
Maciek
Maybe you are looking for
-
After reboot and installing windows updates etc. FF crashes all the sudden. No idea why. I have deleted all profiles completely, unintsalled ran ccleaner and reinstalled. nothing. Any ideas? I don't think windows updates effect FF. FF will not even o
-
'...because it was created by a newer version'
These day whenever I try to open iTunes, it says: 'The file "iTunes Library" cannot be read because it was created by a newer version of iTunes.' So I press okay and nothing happens and then click on iTunes icon again and it opens up fine. How can I
-
how to add new variable definition in report painter?
-
I want to get rid of my office computer, which serves as the print server for our OfficeJet G85xi. The all-in-one is fine, really would prefer to not buy another printer, but in looking at print servers, it's very confusing as to which one will work
-
DVD Disk Space Requirements - Best Performance vs. Quality
I put together an iDVD 8 project that has about 135 minutes of content. When I go to burn the DVD using the Best Performance setting, is says it takes about 7gb (and I need to use DL). When I switch to the Professional Quality setting the disk space