Regarding HANA -Authorizations

Similar Messages

• Regarding Prepayments,Authorization and capture of funds

  Hi..
  I have questions regarding the authorization and capture of funds in 11.5.10.2 when the Prepayment concept is used. I have read in OM manual that the authorization and capture happens in AR while creating a receipt.So how can I know that they happen immediately one after other in AR ??? i mean can I look into any columns of particular tables gets populated when authorization happens and some particular field is populated when capturing happens???
  Mainly when prepayments are used does the authorization and capture happen in AR only one after other immediately?????
  Can some one please help me....
  Thanks...

  Hi,
  when you create the batch-input session, you could set a user-name with the good authorization.
  You could ask anybody to call your batch-input in SM35, the authorization of the transaction inside your batch is check with the username set in the batch.
  So how did you create your batch-input session ??
  Fred

• Importing BW DSO Into HANA - Authorization Issue

  Hi All,
  I was trying to importing BW DSO into HANA . The Analytic view is showing error  during activation time, showing insufficient privilege.
  While opening the view, one default schema ABC(<missing>) is showing,whereas  ABC schema  is not available under schema list.
  How to activate the analytic view ?
  I didn't find the BW schema in HANA studio, I did->  Select * from M_CS_TABLE where table_name like '/bic/A%00' etc - showing BLANK row.
  I am having authorization SYS_BIC schema but problem only BW related object under this schema while selecting some BW object from this schema.
  Pls suggest.
  Thanks & Regards
  Kamruz

  Thanks for your reply.
  For this time being, I created a Calculation view based on that Analytic View after switch off some fields in view.
  The thing is, If I switch off few fields, Calculation view is working fine.
  How can I enable rest of the fields.
  Amalytic view Error Message :
  Table /BI0/T** could not be found or user has insufficient privileges
  Table /BIC/AZZB_O0100 could not be found or user has insufficient privileges

• Regarding BI Authorization Issue

  Dear Friends,
  can anyone help me to solve this issue..
  I have a Authorization Issue, u201CNO Authorization u201C
  Error : EYE 007 ( Insufficient Authorizations )
  I have follow this stepsu2026
  Steps 1 :-
  Define Authorization-Relevant Characteristics ( ZCUSTOMER )
  Note : I have 0Division values C100 and C200, I want to restrict the user on ZCUSTOMER = 100.
  Steps 2 :-InfoObjects as u201Cauthorization-relevantu201D
  Eg: 0TCAACTVT
  0TCAIPROV
  0TCAVALID
  0TCAKYFNM
  ZCUSTOMER
  Steps 3 :-Using T-code : (RSECADMIN) created the Analysis Object
  For example : ZAUTH In That I have taken
  ZCUSTOMERrestricted with value C100.
  0TCAACTVT with 3 ( Display )
  0TCAIPROV with * ( Astric )
  0TCAVALID with *
  0TCAKYFNM with *
  Steps 4 :-
  Assign Authorizations to Roles
  Use authorization object S_RS_AUTH for the assignment of
  authorizations to roles.
  Maintain the authorizations as values for field BIAUTH
  Ex: ZTESTA1
  S_RS_AUTH
  Here I have given my Authorization Analysis Object ( ZTESTA1) which I have created in RSECADMIN.
  S_RS_COMP
  Activity Create or generate, Change, Display, Delete, Execute <...>
  InfoArea : ZDEMO_ MIHI
  InfoCube : ZCUBET
  Name (ID) of a reporting compo : ZTEST_Q0001
  Type of a reporting component Calculated key figure, Query View, Query, Restricted key figure <...>
  S_RS_COMP
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  InfoCube : ZCUBET
  Name (ID) of a reporting compo :ZTEST_Q0001
  Type of a reporting component :Query
  S_RS_COMP1
  Activity Display, Execute
  Name (ID) of a reporting compo : ZTEST_Q0001
  Type of a reporting component :All values
  Owner (Person Responsible) for *
  S_RS_COMP1
  Activity Change, Display, Delete, Execute, Enter, Include, Assign
  Name (ID) of a reporting compo ZTEST_Q0001
  Type of a reporting component All values
  Owner (Person Responsible) for :*
  S_RS_ICUBE
  Activity Create or generate
  Infocube Sub Objects: DATA, Update rules, Data Definition, Aggregats
  InfoArea :ZDEMO_ MIHI
  InfoCube : ZCUBET
  S_RS_IOBC
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  Infoarea Catalog : zioc_test, Zkf_test
  S_RS_IOBJ
  Activity Create or generate
  InfoArea :ZDEMO_ MIHI
  InfoObjets: ZCUSTOMER, ZDOCNO,ZMATERIAL
  Steps 5 :-
  AND Assign this Role to User.
  Steps 6 :- ERROR
  When I execute the Report it is showing u201CNO Authorization u201C
  u201C Insufficient Authorization u201C
  EYE 007.
  Regards
  Siva

  Hi,
  In RSECADMIN try to put on the trace with your user id & execute the query . System will give you list of authorization object with red color which needs to be reconsidered in order to execute report without error.
  Hope that helps.
  Regards
  Mr Kapadia

• Help regarding BI Authorization

  Hi Experts,
  I am working for first time on BI analysis authorization and I am having below queries to be clarified. Can you all please clarify my queries and help me.
  1. In the project, we will not use HR and will therefore have to do local maintenance of authorizations in each system (for data access, we will also use a central identity management system). This will for sure affect the possibility of the automatic generation of authorizations. My first question is: can it still be used at all (can we load some data via flat-file or maintain some master data in BI)?
  2. Is the concept of having queries linked to PFCG roles to be used at all in BI 7 (according to SAP standard), or is the thought that InfoProvider authorization should be used instead via 0TCAIPROV?
  3. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
  - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
  - Activate the technical content for analysis authorizations: 0TCA*
  - Create authorizations in RSECADMIN, where we link a authorization object to a characteristic value (for instance, assign object: "XY" to characteristic=0comp_code with value=1010)
  - Link the authorizations just created to PFCG roles (for instance create a PFCG role "XY access" which gives access to company code 1010).
  - Create PFCG roles for "Report User" and "BW Developer" which have access to read respective create/change/delete rights of queries.
  - Create PFCG roles with certain queries linked to them.
  - Assign the PFCG roles to BW Users.
  4. Does the BI 7 authorization concept enable the use of user groups, or should authorizations be assigned on a user to user basis?
  5. What happens if I make a characteristic authorization relevant and then include this characteristic in a query and do not do any restriction on this characteristic (i.e. I do not provide any auth values to the system), will I then get an authorization error?
  6. If automatic generation of user authorizations is used together with for instance SAP HR and loaded daily, does this mean that any other manual authorization assignments will be deleted/reset upon the next automatic generation?
  7. Is the following a correct way to do authorizations in BI 7, or if there is something that should be changed to comply with standard?
  - Make the following characteristics authorization relevant: 0COMP_CODE, 0SALESORG, 0PLANT
  - Activate the technical content for analysis authorizations: 0TCA*
  - Create authorizations in RSECADMIN, basically one object that has a restriction for each of the authorization relevant characteristics and that uses different customer exit variables to determine which values to use. This customer exit then reads some table (which we maintain manually in BI) to find the values for each user based on user name.
  - Link the authorization just created to a PFCG role.
  - Give all reporting users this PFCG role.
  - Create PFCG roles with certain queries linked to them.
  - Assign the PFCG query roles to users.
  Thank you very much in advance for helping.
  Thanks & Regards,
  Sharath

  Sharath,
  Here are some insights/replies to the list of questions you supplied. BW Security can be complicated but the trick is NOT to allow the requirements to allow it to be complicated.
  1) Are you sure you dont mean the IdM system will assist with role-based access assignments? If that is the question then, yes. For the data access (linked to roles via S_RS_AUTH : Analysis Authorizations) you could employee a flat-file load to DSOs and variable security on the authorizaiton relevant charactistics.
  2) Yes, you will need to have authorizations to queries/reports via S_RS_COMP/S_RS_COMP1 still maintained in the roles. The InfoProvider (data access) will be maintained in the Analysis Authorization (S_RS_AUTH). You need to have both in order to successfully pass the auth checks from query/report to data.
  3) Fundimentally (BW Security 101) sounds correct but again it typcially depends on the implementation and requirements on how you setup the anaylsis authoriations along with the roles.
  4) No sure what you mean about "user groups" Analysis Authorizations can be assigned to "Users" or "Roles".  You could always assign roles to user groups via SU10 or via IdM solution.
  5) Depends on how its used in the query. If the query is dependant on a value to render the report (included in intial SQL stmt) then you will get "No Authoriation". If its setup as a free characteristic or drill-down, then you wont get authorization error until a statment checks values for authorization.
  6) Depends on how it was implemented. refer to #3
  Hope that helps a little.
  Thanks,
  Matt

• Regarding the Authorization in ABAP-HR

  Hi all,
      I want to know about the Authorizations in the ABAP-HR. If any body is having any material regarding the can you plz share with me...
  thanks in advance,
  Suresh

  Hi Kutam,
  Chk these Links....
  Can i have the list of infotypes .
  abap hr
  http://www.asug.com/client_files/Calendar/Upload/HR_STRUCTURAL_AUTHORIZATIONS.ppt
  Reward Points if Useful
  All the Best
  Gokul

• Regarding HANA DB Driver

  Hi
  Working on HANA1.0 SPS2
  Trying to create a new data store for hana in SAP BO data servcice. and fetch data from DS to HANA system.
  i cant find HANA DB driver to input as below.
  In local object library -> New
  Create new data store
  Data store name:
  Data store type :database
  Database type :hana
  Database version:1.x
  datasource : ??????    <-  <ODBC Admin>
  i tried adding in ODBC setting  <system dsn> tab, but cant find any driver related to HANA?
  i could not find any driver related to HANA, should i have to install any HANA DB driver in Dataservice driver?
  Where should i have to install the driver? how to find which driver?
  should Install in HANA system or Studio system or Dataservice server>
  Pls suggest me.
  regards
  Chandra

  Hi Magalingam,
  As Lars mentioned, you would need to install SAP HANA Client (same revision/build with your HANA DB) on your BODS server.
  Assuming that you have installed BODS on Windows server, the Windows client installation will add "HDBODBC" driver (with version: "1.00.<Revision Number>.<Build Number>" and file "LIBODBCHDB.DLL") on the Drivers tab in ODBC Data Source Administrator.
  After that, you should be able to create new datastore for DS with HANA using "HDBODBC" driver.
  If you have installed BODS on Unix server, you would need to install the Unix client installation and then use "%LINK_DIR%/bin/dsdb_setup.sh" script to configure the ODBC (Refer to section 6.11.1.1 on the following guide:
  http://help.sap.com/businessobject/product_guides/boexir4/en/xi4_ds_admin_en.pdf)
  Regards,
  Ferry

• Regarding the authorization objects

  hi
  this is the requirement.
  how to provide the authorization for the given transaction code and they provided field for that and some numbers.
  please provide me the code for this
  thanks in advance

  Hi,
  Check below code,
  AUTHORITY-CHECK OBJECT 'B_ALE_MODL'<- author. object
  ID 'ACTVT' FIELD A_ACTVT<-Fields
  ID 'CUSTMODEL' FIELD A_CUSTMODEL.<-Field
  IF SY-SUBRC <> 0 AND NOT A_OWN_REACTION IS INITIAL.
  MESSAGE ID 'B1' TYPE 'E' NUMBER '125'
  WITH 'B_ALE_MODL' A_ACTVT A_CUSTMODEL ''.
  ENDIF.
  Thanks and Regards,
  Chandra M

• Need info regarding HANA DB  & MaxDB/SAPDB

  Hi All,
  I have a requirement where in I need to get the following information in regard to HANA DB & MaxDB/SapDB. Kindly suggest.
  This info I need to get from ECC or similar Box. Please let me know in which SAP table we can get this info.
  Information requried
  ================
  Database version
  Schemas
  Database parameters
  Configuration files
  Data files
  Log files
  Regards,
  Mani

  > Database version
  > Schemas
  System - status
  > Database parameters
  > Configuration files
  > Data files
  > Log files
  DB50 - or DBACOCKPIT
  Markus

• Regarding Analysis Authorizations in role.

  Dear all,
  I am working in Analysis authorization. we need to restrict the user from whole dimension.(for ex: access should be restrcited to whole Material Dimension)
  Senario 2: how to restrict the access to one of the object in whole dimension (for ex: we need to restrict the access to material object in material dimension, but user can have authorization for other objects like division)
  How to do this. any pointers would be appreciated.
  thanks in advance.
  Regards,
  Mohankumar.g

  Good morning,
  I would start with your scenario 2 query.
  Build your analysis authorisation including the standard 3  info objects (Activity, Validity Date, Info Areas) and any other info object required.  Specifically, for your material object to be checked (including any of the others), it has to be made Authorization Relevant in the info object itself (usually done by your BW consultant).
  Once this has been done, you'll be able to add the info object to your authorisation.
  So the authorisation here, would be restricted to the various info sources and your material object could be specified here.
  In order for this to work, your BW consultant would also need to add an Authorisation variable to the report - although I'm sure your consultant would know about this requirement.
  For your first scenario you would have to build the authorisation in exactly the same was as in your 2nd scenario, however the material object info object would be wild-carded.
  Hope this answers your questions?
  Regards
  Lucille

• Regarding HANA concept clarification

  hi
  I have two questions from TZHANA materials. Need more understanding about HANA
  pls let me know if you have more details on this
  1) regarding EDW and LSA Architecture.
  For certain requirements, the role of the classical Reporting layer
  (query optimized InfoCubes) might diminish. DataStore Object might
  be able to provide sufficient query performance to omit InfoCubes.
  So does this mean inmemory DSO will replace inmemory infocubes infuture?
  pls can you give me reason why infocubes will be dropped and so reporting layer does not exist in LSA.
  When is this scenario possible?
  2)I could not find more explaination about DB connect archicture in topic of consuming HANA models.
  What does the Architecture picture says?
  DB Connect driver is required for HBD case and not required for other than HDB case?
  Pls confirm
  Regards
  Magalingam

  Hi Vishal,
  Well, I believe, one of the major differences between a normal DSO and an in-memory DSO is that a normal DSO would hold data and an in-memory DSO is just a view.
  It seems that we are seeing a lot of statements like the above quote in this thread, but as far as I can tell this is simply not true. For DSOs that are configured as "in-memory" or "Hana optimized" in BW on Hana, there is certainly data stored in a materialized table. There are also views that are generated in many cases, specifically for the changelog. You can read about this here: [http://help.sap.com/saphelp_nw73/helpdata/en/32/5e81c7f25e44abb6053251c0c763f7/frameset.htm]
  The same is true in the case of InfoCubes, where all SIDs and key figure values are written into a wide version of the fact table. That information is available here: [http://help.sap.com/saphelp_nw73/helpdata/en/e1/5282890fb846899182bc1136918459/frameset.htm]
  Maybe I'm just not understanding what you mean by "just a view", but when I read this I normally think that there is no data held in a table associated with the object. This is not the case as far as I have learned.
  Cheers,
  Ethan

• Regarding BW Authorization

  Hi,
  I've to create few Power user roles. Such users should be able to create queries and save them in their 'favorites' folder.
  I'm not sure which extra authorization object do I need to include in order to allow users to save queries in Favorites folder.
  Also, S_RS_COMP field contains following activites:
  1. Create or Generate
  2. Change
  3. Display
  4. Execute
  5. Delete
  6. Enter, Include and Assign
  What is this 6'th option, I could not understand.
  Could anyone please guide me.
  Regards,
  Vikrant.

  hi Vikrant,
  seems currently 6th option is not used ('22')
  http://help.sap.com/saphelp_nw04s/helpdata/en/80/1a68a7e07211d2acb80000e829fbfe/frameset.htm
  related object S_RS_COMP1.

• Regarding user authorization of t-code

  I am trying to give authorization for one of my user regarding SM35 
  I did YAT and got attached file. MY ABAP programmer said it is not authorization issue it is something related to system error can you please help me out and guide me what should I do. 
  The problem is whenever she run SM35 it always said Server is not active. I checked using SM13 for server and it is active so I am not sure why it is going on please go through file and If you need more information email me 

  Hi,
  when you create the batch-input session, you could set a user-name with the good authorization.
  You could ask anybody to call your batch-input in SM35, the authorization of the transaction inside your batch is check with the username set in the batch.
  So how did you create your batch-input session ??
  Fred

• Regarding full authorization except basis and abap

  Hello Gurus,
  I want to provide full authorization to my super users excluding Basis and ABAP transactions such as PFCG,SU01,STMS,SCXX,SEXX. Is it possible by providing some standard profile? If yes then which profiles are that? and if no then how to solve this problem.
  Please reply if u can.
  Thanks and Regards,
  Jayendra
  email - [email protected]

  Hi Jayendra,
                       You copy SAP_ALL to some ZSAP_ALL role and remove what ever the Transactions you want to remove from ZSAP_ALL.Then you assign this role to all your super users.
  Regards,
  Hari.

• Regarding sap authorizations

  hi all
  is there anyway to limit the users access to only their own batch input sessions in tcode sm35 using sap authorizations.
  thanks in advance
  mohan

  hi,
  check this
  Checking User Authorizations in your ABAP Program
  How to set Authorization to an ABAP Programs?
  Much of the data in an R/3 system has to be protected so that unauthorized users cannot access it. Therefore the appropriate authorization is required before a user can carry out certain actions in the system. When you log on to the R/3 system, the system checks in the user master record to see which transactions you are authorized to use. An authorization check is implemented for every sensitive transaction.
  If you wish to protect a transaction that you have programmed yourself, then you must implement an authorization check.
  This means you have to allocate an authorization object in the definition of the transaction.
  For example:
  program an AUTHORITY-CHECK.
  AUTHORITY-CHECK OBJECT <authorization object>
  ID <authority field 1> FIELD <field value 1>.
  ID <authority field 2> FIELD <field value 2>.
  ID <authority-field n> FIELD <field value n>.
  The OBJECT parameter specifies the authorization object.
  The ID parameter specifies an authorization field (in the authorization object).
  The FIELD parameter specifies a value for the authorization field.
  The authorization object and its fields have to be suitable for the transaction. In most cases you will be able to use the existing authorization objects to protect your data. But new developments may require that you define new authorization objects and fields.
  Use T/Code SE80 to Create Authorization object.
  if u find it useful mark the points
  Regards,
  Naveen