Query related to User authorization

Similar Messages

• Query related to User License.

  Hi all,
  I have some query related to User License.
  If we have 250 no of user license( with one developer),
  can we use them individually on DEV, QAS & PRD ?
  can we use them individually on differrent clients?
  what abt users on 000 client. Is they should different license or come under same group.
  Regards,
  shan

  Contact you SAP Account Manager.
  Regards
  Juan

• Query to retrieve user Authorizations

  Dear Experts,
  Is there anyone with a query to retrieve user names and their respective authorizations.
  Regards

  As now are aware that Authorization table is not exposed,you can export the authorization as suggested by one of the forum member.
  When Exporting the Authorisation the list of user name will be imported first and then the list of authorisation second.
  In order to have all the authorisations you will need to expand all the menu and sub menu.
  Adminitstration -> system initialisation -> System initialisation -> Authorisations -> General authorisations
     1. In the Authorisations window
     2. Click on expand
     3. With the Authorisations' window active click on Excel icon or go to File -> Export -> Export to MS Excel
     4. In the first 'Save as' window opening
     5. Name your 'User' file and select the relevant folder
     6. At the system message popping :'Do you want to export currency symbols ?'
     7. Click independently on 'Yes' or 'No'.
     8. A security warning message will appear.
     9. Click on 'Enable Macros'
    10. A second 'Save as' window is opened.
    11. Name your 'Authorisations list' file differently.
    12. Execute again step 6 to 9
  The two files will then open. One with the list of users one with the list of authorisations

• IS IT POSSIBLE TO EXECUTE A QUERY BASED ON USER

  Hi,
  I need to restrict a set of queries to a user. Is it possible.
  Thanks
  Mini

  This is done by standard parametrization using query groups and user authorizations.

• Need a Query/User Authorization Report

  Hello All,
  I am looking for tables, function modules, programs etc that will aid in building a report that will show every query and which users have access to them.
  This program I am wanting to build will serve as a periodic "reality check" on our authorizations.
  I am not sure about the tables/programs etc involved in interpreting the user's roles/profiles.
  My current thinking is that there may be a function module or program that is being by the BEx tools that comes up with the list of queries that the user has access to when they first select the query they want to run. Getting a hold of that would be very beneficial.
  Any ideas?

  Hi,
  Refer the below links
  www.das.state.ne.us/nis/security/docs/authorized_agent_manual.pdf
  script.wareseeker.com/PHP/uas-user-authorization-system.zip/18033
  eda.ogden.disa.mil/users_guide/trainMaterial/GeneralAdminMaint.ppt
  www.umaryland.edu/eumb/Documents/user_aff.pdf
  www.mariewagener.de/node/98
  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI?focusedCommentId=78053701
  www.bi-expertonline.com/downloads/Smith.doc
  https://aisweb.wustl.edu/hr/benefits.nsf/pages/files/$file/hrmssecurityauth07.pdf
  www.sapdev.co.uk/sap-bw/queryexit.htm
  naresh

• User Authorization for a Query

  Hi,
  I have assigned a single role to a user, in which I have authorization for all the Infoproviders, including authorization for reporting. The user is able to access most of the queries, except one query. If there is a problem, he should not have accessed all the queries.
  What problem could have prevented the user from accessing on particular query???
  Any Ideas will be highly appreciated,
  Thanks and Regards,
  Ravi Sankar

  Some possibilities:
  The one query which the user is not able to run , who is the author of this query?
  You need to give authirozation for the object S_RS_COMP1.
  If the user has authorization for this object, then the next possibility is:
  The query may have a filter or a characteristic value for which the value is not set for the user.
  Ravi Thothadri

• Query related user license

  Dear All
  I want to clarify some issues related to user license.
  1) Are the locked users in production server treated as a part of no of user license?
  2) Is the development user for ABAP development registered with SAP treated as a part of no of user license?
  3) Are the deleted users in production server treated as a part of no of user license?
  4) Are the invalid users in production server treated as a part of no of user license?
  Thanks in advance.
  Santanu Haoladar

  Hi,
  First of all, read your licence agreement with SAP to see what exactly your company has agreed.
  Licence agreements can vary hugely so see what yours says.
  Generally however:
  1. Locked users will be counted unless they are time expired too.
  2. Usually there is a provision within the licence for this - it should be stated.
  3. No
  4. What do you mean by invalid?  Basically any non-system user who is not expired will count towards licence number.

• Users Authorization- Restrict value of one variable corresponding to other.

  Dear Experts,
  I have query regarding BEx Authorization for the given selection screen of any variable for any report :
  I have two parameters/variables( Category and Sub Category) which needs to be passed from User. I want to restrict the value of second variable corresponding to the values passed in first variable. For e.g. :  if i passed Category value -Engineering ,Sub Category variable should only show the value related to engineering only other than all the values in sub category field in the selection screen for the user.
  Please suggest.

  Hi Shikhar,
  E.g. Category: Engineering , Arts , Commerce
  Sub Categories for Engg. ECE, IT , CSE.
                                 Arts : sociology philosophy etc
                                 Commerce: economics, accountancy etc
  Now Maintain authorization for Char. related to Engineering and create Auth. variable, follow this steps:
  Transaction Code- RSECADMIN
  Steps to create Authorization based on Division e.g. InfoObject    is 0DIVISION.
  Check for 0DIVISION, it must be Authorization relevant checked, if not then maintain 0DIVISION and check Authorization relevant box.
  Step 1: Create Analysis Authorization Maintenance using RSECADMIN T-Code, in that add 3 special characteristics i.e. 0TCAACTVT , 0TCAIPROV and 0TCAVALID, these are the mandatory Char. along with that add 0DIVISION for which you want to create Authorization, 0DIVISION details restrict value as 01 (EQ 01).
  Step 2: Again goto RSECADMIN -> User tab-> Assignment, enter username (e.g. User1) which you want to restrict. insert Auth. obj. from step1.
  Step 3: Now in Query designer, create Authorization variable for 0DIVISION, i.e. process type Authorization.
  Execute That query with restricted user (e.g. User1) it will only show the data for Division = 01.
  For reference: [http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c0b7acf2-6121-2e10-5591-eaec182d9315]
  Hope this will meet your requirement, let me know if further explanation required.
  Regards:
  Avinash

• Variable value to be populated based on user authorization

  Hi all,
  I want to have a variable with single value on plant.
  when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
  Kindly guide me of, what type of variable to create and to proceed.
  Thanks.
  I

  Hi
  Restriction Plant from user authorization can be achieved by the following steps
  1. Plant infoobject should be authorization relevant.
  2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
  3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
  4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
  thanks
  radhika

• Query relating to the creation of Managed Service Accounts

  Hi Folks
  I am studying for my 70-411 exam and have a query relating to the creation of Managed Service Accounts.
  I have successfully created an MSA account named 'MSATest' on a DC  using:
   new-adserviceaccount -name msatest –dnshostname home-dc-01 -passthru
  and
   add-AdcomputerServiceAccount -identity home-ap-01 -serviceaccount msatest -passthru
  However the guide that I am using now says that I now need to run:  Install-ADServiceAccount on the host computer in the domain to install the MSA in order to make available it available for use by services.
  So on my member server (home-ap-01) I have installed the Active Directory Module for powershell and ran:
  PS C:\Users\administrator.PCECORP> Install-ADServiceAccount -Identity msatest
  Install-ADServiceAccount : Cannot install service account. Error Message: 'An
  unspecified error has occurred'.
  At line:1 char:1
  + Install-ADServiceAccount -Identity msatest
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : WriteError: (msatest:String) [Install-ADServiceA
     ccount], ADException
      + FullyQualifiedErrorId : InstallADServiceAccount:PerformOperation:Install
     ServiceAcccountFailure,Microsoft.ActiveDirectory.Management.Commands.Insta
    llADServiceAccount
  PS C:\Users\administrator.PCECORP>
  However this errors, Have I misunderstood the purpose of the Install-ADServiceAccount ?  or am I doing something wrong?
  Thanks in advance for you help.

  Try using  -RestrictToSingleComputer parameter when creating service account with New-ADServiceAccount.
  Gleb.
  Hi Gleb
  Thank you for your help, it is appreciated.  That did the trick.
  All the best.

• Query related to GAL

  Hello All,
  We are in process of implementing Exchange 2013 in our Organization and had a Query related to GAL.
  Below is our Environment description:
  01. We have a Single Forest and Single Domain Architecture.
  02. We will have separate Active Directory Sites for all 3 Regions across Global.
  03. Exchange 2013 will be installed in each region.
  04. In APAC region Exchange 2013 Language pack for Japanese will be installed to support Japanese language.
  Our Requirement:
  ================
  01. When a Japanese User tries to browse GAL all the display names have to be displayed in Japanese language and when a user who resides other Region (Europe or AMERICAS) tries to browse GAL the Address list has to be displayed in default English Language.
  Can someone guide us on how this can be achieved?
  Awaiting for all your suggestions.
  Thanks in advance.
  Thanks & Regards,
  Nagaraj N
  Nagaraj N

  Hi Nagaraj,
  Here are some requirements that I am still not quite sure. Could you please provide more information about it? Such as:
  1. Do you mean one user have two display names: one with Japanese language used for users in Japan, one with English language used for English users? Then we filter address lists with language difference. Based on my knowledge, one email address is generally
  involved for one display name.
  2. If there are both Japanese users and English Language users in the forest, and you just need Japanese users view users whose name is displayed as Japanese language. We can use
  Address book policies (ABPs) to segment users into specific groups to provide customized views of your organization’s global address list (GAL).
  To show different GAL for different users, we can specify the CustomAttribute1-15 property to divide your organizations. For example, we can set the CustomAttribute15 property for Japanese users to
  Japan. Just like:
  Set-Mailbox –Identity JapanUser1 –CustomAttribute15 Japan
  Then we can create global address list for Japanese that includes all of the recipients that exists in the address lists and room address list:
  New-GlobalAddressList -Name "GAL_Japan" -RecipientFilter {(CustomAttribute15 -eq "Japan")}
  For detailed steps about how to create and apply the Address Book Policies, please refer to:
  http://technet.microsoft.com/en-us/library/jj657455(v=exchg.150).aspx
  Hope it helps.
  Regards,
  Winnie Liang
  TechNet Community Support

• Query related to OA framework.

  HI all,
  I have one query related to OA framework.
  Query : I have one business requirement to add/update one choice fields on receivables page and base on user input’s I have to add this choice in sql query and want to display result that is controller .( As of now everything is there only I want to add one more choice on page ).
  So I am looking for solution what to do . As I am new in OA framework.
  First of all I want to pull out all files and want to check /modify on my user desktop once it will work normal then I will start modify .
  So for that what I have to do (I have to pull out all files from server ) . ?
  Thanks in advance,
  Raj

  Raj,
  I have already replied that you will find the details for setup in some of the old threads. Its always better to look into old threads for generic issues. If you have got any specific OAF issue, ppl are always here to help you.
  --Shiv                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• Query related to UPN Suffix in Hierarchical domain architecture in Active Directory deployment

  This is regarding a query related to UPN Suffix in Hierarchical domain architecture in Active Directory deployment.
  We use LDAP query (filter uPNSuffixes=* for the parent domain DN) to retrieve the upn suffixes configured in the AD Domain. This returns the UpnSuffixes configured for the entire domain tree ( upnsuffixes of parent domain and all the child domains) in the
  hierarchy. The AD Domains and Trusts configuration lists all the upnsuffixes as part of the dnsroot domain. 
  For one of our implementation, we need to distinguish between the UPNsuffixes belonging to the parent and child domain and map the UPN suffixes with the respective domain in the hierarchy. As the upnsuffixes are stored as part of the root domain in the AD
  domains and trusts configuration, it was not clear how to retrieve the information specific to each domain in the hierarchy.
  It would be helpful if you could provide pointers on how to obtain the above mapping for the upn suffixes in a hierarchical domain setup.
  Thank you,
  Durgesh

  By default, you can use only the domain name as UPN suffix for user accounts you create within the domain. It is possible to add extra UPN suffixes but these are added at the forest level and not specific to a domain.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Query related to SAP

  I have a query relating to SAP, specifically when using the Create New Session button. In the past when using this button, it has always created a new SAP session with the window displaying the SAP Easy Access  User Menu... front end, with all my favourite transactions listed. However, recently this user menu has disappeared and the window is blank, meaning I have to type the transaction in the top left box, which, whilst not preventing use, is a little annoying and awkward!
  I dont believe I have changed any options recently and can find no settings that look like they would bring the user menu back but it would be really useful if it did! (It is probably worth mentioning that this only occurs when creating a new session; when starting a new SAP session in the first instance, the user menu appears...)
  Please help me out
  Many Thanks,
  Sunny

  Hi,
  SAP GUI version - 7.10
  i am using a desktop, tried logging in another desktop ,same problem.
  Recently there is a HARDWARE migration occured , might be this also effects the settings ?
  please Advise.
  Sunny

• CRM Analytics - User Authorization Not Suficient

  Hi Guys,
  We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
  If I open the error I get the message :
  Diagnosis
  The user doesnot exist in the BI client or has insufficient authorizations
  Procedure
  Contact system administrator to verify the user is setup properly in both CRM and BI client
  Procedure for System Administration
  Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
  When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
  Any suggestion about how to fix it?
  Thanks in advance,
  Fernando

  Hi Fernando,
  The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
  generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
  There aretwo tricks to findout the missing authorization which I also have used.
  First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
  Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
  I hope this will solve your issue. Please revert with your finding.
  Thanks,
  Prem