Region based user authorizations

Similar Messages

• Display region based on authorization scheme

  I have a region on a page that is displayed based on the 'SFD' authorization scheme.
  I log in as a user who matches the 'SFD' authorization scheme. This scheme queries a table called gnt_authorization to determine if the app user does indeed satisfy the condition, and I do.
  But when I open the page, the region is not displayed.
  Does anyone have any idea why?

  varad wrote:
  Does the region render if you logged in using an account other than 'myloginid' ?
  I just took another existing account and updated its authorization in gillnet_tag_authorization so that it now says department SFD and startup_page 15. I committed the change. Then I logged in as this user and the region did not display.
  But I wonder if I had to close the browser first before this takes effect because the authorization scheme is checked once per session and I had previously already logged in as that user before making the authorization change.
  varad wrote:
  Has the right Authorization Scheme been specified for the region ?
  Yes, it's set to SFD.

• Variable value to be populated based on user authorization

  Hi all,
  I want to have a variable with single value on plant.
  when the user executes the report, value of the variable has to be populated automatically based on the authorization of the login user and it has to show the output without displaying the selection screen.
  Kindly guide me of, what type of variable to create and to proceed.
  Thanks.
  I

  Hi
  Restriction Plant from user authorization can be achieved by the following steps
  1. Plant infoobject should be authorization relevant.
  2. make authorization object including plant and restrict to the plant u needed and assign the profile to the user
  3. in BEX create variable of authorization type on plant. this variable will get the default values for the plant from the user authorization on the selection screen of the query.
  4. if you dont want to display the variable on the selection screen then remove the chek box in variable that " variable is not ready for input"
  thanks
  radhika

• Best practice to set up the user authorization

  Dear expert,
  I have a question regarding the user authorization access. I've attend the BOE training but I'm still blur in term of user authorization planning. Currently, I have around 50 named users that need to access the BOE server. But the certain user will be restricted to access to certain folders or reports.  May I know what is the best practice to set up the user authorization access? Should I set up first in the development machine and once its firm, then I migrate it to production machine..or is there any steps that I need to follow...?
  Really appreciate if you can let me know on what should I look into first before set up the authorization. Is there any doccument that I can referring to..?
  Thanks & Regards,
  -Syahida-

  Create User Group for each folder (for eg. Sales/Marketing etc) and also based on the type of access you want to provide.
  Like Sales VOD/ Sales View/Sales Schedule, and add users to the User Group based on the type of rights you want to provide them. Then add the User Group to respective report folders.
  First deploy it in the Development environment, once you have everything finalized then you can replicate the same to QA and Prod environment by migration. Also make sure that in Development environment developers will have full control to develop/add reports to folders, you have to restrict that in QA & Prod environment.

• Grant Master field group control based on authorization - hide fields

  Hi,
  The Grant Master field group control settings are based on grant type settings. So you can hide fields and tabs etc based on the grant's lifecycle status.
  Does anyone know if this can be configured based on authorization objects / authorization roles?
  We wish certain fields to be hidden in all life cycle statuses for all general users, but for central finance users we wish those fields to be visible.
  There is a customizing transaction GMS103 in the SPRO/IMG path
  IMG > Public Sector Management > Grants Management > Grantee Management > Master Data > Grant > GM Grant Control : Field group for Authorizations
  The documentation for this transaction says:
  GM Grant Control: Field Group for Authorizations
  It is possible to group fields together for authorization purposes. Use this step to specify such groups in Grants Management (GM).
  Standard settings
  We deliver the groups you can enter here, as standard.
  Activities
  Choose New Entries and enter the ID for the group you want to add. When you save, the system displays the longer description for the group.
  Further notes
  Authorization to a group allows access to all the fields in the group for users with the appropriate authorization. Only allow access to those you know need it for the whole group.
  This table is empty on our system. Has anyone used this part of the customizing and can they let me know how it links into the basis roles / authorizations etc.
  Thanks
  Paul Abrahamson

  I found this authorization object F_GMGT_FDG
  The documentation for the authorization object states:
  Definition
  With this authorization object, you can define authorizations for individual field groups in grants management maintenance. You thereby define which fields in grant master maintenance can be maintained or viewed by a user.
  Notes
  This authorization is optional. You do not have to assign authorization if there are no field groups that require special protection and consequently no field groups requiring authorization were defined in Customizing.
  Defined fields
  The object consists of the fields "Field group" and "Activity":
  Field group
  Here you define which field groups require authorization.
  Activity
  Here you define which activities are permitted:
  02 = Change
  03 = Display
  * = All activities
  Procedure
  Proceed as follows if you want to use this authorization:
  1. Determine the field groups of the fields that you want to protect.
  2. In Customizing, define that these field groups require authorization.
  3. For each field group, define the authorization that you wish to assign to selected users.
  4. Assign this authorization using the corresponding profile.
  I'll try this out and update this message again later

• Filter Document Type based on Authorization Object

  Hello Everyone,
  I have a requirement where i was asked to filter the document type based on authorization object M_BEST_BSA in transaction /KCP/2,ME21N, ME22N and ME23N.
  When I create or modify a purchase order, I dont want  to be lost in choosing the PO type. I want the field EKKO-BSART displays only the values authorized for the user(me).
  Thanks a lot

  RE is standard for MIRO .This is SAp standard .
  Please clarify what u require .
  Did you need other RE  for example LE for miro doc type in your co code 1130 and miro doc type EE for your co code 1145.
  like wise
  Edited by: manu m on Jul 13, 2009 7:53 AM

• ECC 6.0 user authorizations

  Hello, Is there a SAP profile available to add to all users after ECC 6.0 upgrade from version 4.7 ?  This is just to avoid any major user authorization issues right after go live.

  Hi,
  Welcome you post on the forum.
  Transfer User Authorizations from B1 to ECC 6.0, it will be mostly manual process.
  There is no table hold B1 authorization data. You can only copy each user's authorization to the excel sheet.
  Further more: no direct mapping available to the two system.
  The best bet for you is dividing the users to the group and assign authorization based on group to save time.
  Tanks,
  Gordon

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• MOSS 2007 Enterprise Search not working for Korea based users but WSS Search is working fine.

  Hi,
  In my organization all the users are able to do Enterprise content search and people search but only Korea based users its not working (both content search & people search). But at the same time WSS 3.0 search (its a different farm) is working fine.
  Your search cannot be completed because of a service error. Try your search again or contact your administrator for more information.
  1. No changes in the URL for all users and Korea users
  2. Tried with different browsers and clearly the temp files but no use.
  3. Korea users also working from office only with Wired LAN connection.
  4. Tried different accounts (including Farm account) but no use.
  5. Not receiving any errors in the Event Viewer
  Anyone please let me know what went wrong.
  Regards,
  Prabhu.

  Hi,
  Is the Archive folders open in your Outlook?
  Please try to click and hight All Mail Items under Mail Folders and then try to search again:
  Please let me know the result.
  Best Regards,
  Steve Fan
  TechNet Community Support

• Ultiroute says "Check user authorization"

  My Ultiroute has suddenly started giving me a "Please check your User Authorization" error message when I try to route a board. Ultiboard runs fine, the internal rip-up router seems to be OK, but Ultiroute won't run any more. I can't find any way of dealing with this. The software is Ultiboard 2001 SP2.
  Thanks!

  Hello,
  You should be able to use the same Release Code if your hardware configuration hasn't changed; anyway if for some reason you have issues with this, just use the Online Release Code Generator to get a new code.
  Ultiboard/Ultiroute 2001 are products that we don't support anymore, therefore I won't be able to tell you what caused this error.
  Did the re-install work?
  Are you using a hardware dongle?
  Operating system?
  Ultiboard version (Personal, Pro)? 
  Regards,
  Fernando D.
  National Instruments

• Need a Query/User Authorization Report

  Hello All,
  I am looking for tables, function modules, programs etc that will aid in building a report that will show every query and which users have access to them.
  This program I am wanting to build will serve as a periodic "reality check" on our authorizations.
  I am not sure about the tables/programs etc involved in interpreting the user's roles/profiles.
  My current thinking is that there may be a function module or program that is being by the BEx tools that comes up with the list of queries that the user has access to when they first select the query they want to run. Getting a hold of that would be very beneficial.
  Any ideas?

  Hi,
  Refer the below links
  www.das.state.ne.us/nis/security/docs/authorized_agent_manual.pdf
  script.wareseeker.com/PHP/uas-user-authorization-system.zip/18033
  eda.ogden.disa.mil/users_guide/trainMaterial/GeneralAdminMaint.ppt
  www.umaryland.edu/eumb/Documents/user_aff.pdf
  www.mariewagener.de/node/98
  https://wiki.sdn.sap.com/wiki/display/BI/AuthorizationinSAPNWBI?focusedCommentId=78053701
  www.bi-expertonline.com/downloads/Smith.doc
  https://aisweb.wustl.edu/hr/benefits.nsf/pages/files/$file/hrmssecurityauth07.pdf
  www.sapdev.co.uk/sap-bw/queryexit.htm
  naresh

• Creation of variable in BEx from user authorization

  Hi gurus,
     i want to create a variable with user authorization in BEx. Can any one please tell me the steps to create the variable for authorization.
  Thanks in advance
  sandy

  Hi,
  You will get a better and quicker answer if you post this in the BI forums.
  Eddy
  PS.
  Put yourself on the SDN world map (http://sdn.idizaai.be/sdn_world/sdn_world.html) and earn 25 points.
  Spread the wor(l)d!

• CRM Analytics - User Authorization Not Suficient

  Hi Guys,
  We have implemented the CRM analytics report, however when I access the menu Sales Pro in CRM and try to open the report Closed Opportunities, I get the error : User Authorization not sufficient.
  If I open the error I get the message :
  Diagnosis
  The user doesnot exist in the BI client or has insufficient authorizations
  Procedure
  Contact system administrator to verify the user is setup properly in both CRM and BI client
  Procedure for System Administration
  Verify that the user exist in BI client with the same user id, if not create it and assign proper authorizations as per the configuration guide.
  When I run the query or the webtemplate in BW I don't have authorization problems, but I can't run from CRM.
  Any suggestion about how to fix it?
  Thanks in advance,
  Fernando

  Hi Fernando,
  The report which you have implemented is doing a RFC call to BI system where some other system program is getting called which have authorization logic check for the RFC user ( or the person who is running the report). here report is terminating with error. I have face the similar issue.
  generally such reports we use to schedule as a background job with batch user which have SAP ALL access but I feel in your case user who runs the report have not sufficent authorization in BI system and also you are not running report as an background job.
  There aretwo tricks to findout the missing authorization which I also have used.
  First option : close all the session except one in CRM and than run the report as soon as the error comes open transaction code SU53 to know the missing authorization - may be you can fail here as the authorization check fail in BI.
  Second option definitely will work. Whenerror is coming double click on the mmessage to know the message detail(class and number) than again run the report in debugging mode (/H- type in address bar to activate debugging) than set breakpoint in the message and press f8( may be system will not set the break point immediately than you need to debug till the RFC calls BI system) . system will take you to the exact authorization code check where the error is coming. there you can find out the missing authorization object which is not included in the user assigned role. than can ask access team to add in the user role.
  I hope this will solve your issue. Please revert with your finding.
  Thanks,
  Prem

• How to display chart region based on select list in html region ?

  Hi all,
  i'm using 4.0.1.00.03 apex version,in a page i have 2 regions one is html and another one is Chart region.in html region i have a select list and button.when user sign into my application select list have some values in that page,user select's a value and clicks on the button then chart will be displayed.my query is when user first sign into my application i want to dispaly chart region when only select list is selected and clicks on the button.can any one guide me on this.
  thnx in Adv.

  Hi yann,
  thnx for ur reply,
  i have done what u have written but i didn't meet my requirement..
  let me explain what i need exactly
  as of now my application is like this..
  i have a html region in that i have select list(P6_LIST) and go button
  and chart region.
  chart query is like this..
  SELECT your_value
  FROM your_table
  WHERE your_value = :P6_LIST
  AND ...
  how it is working??
  when user sign into my application, user can see html region with 'select list and go button' and chart region with 'no data '.
  when user select a value in select list and click on go button automatically chart region will be dispalyed with chart.
  what i wanted to change is..
  when user sign into my application, user can see html region with 'select list and go button' and no chart region
  when user select a value in select list and click on go button then only user can see chart region with chart.
  plz help me how to do it.. :)
  thnx in Adv.
  Edited by: moulani on Nov 4, 2011 12:05 PM

• Region based on URL and https

  I have a region based on a URL, but it does not work with https! It looks like a limitation of SYS.UTL_HTTP or am I missing something.
  I can get around it by using an iframe, so what is the benefit of SYS.UTL_HTTP?
  Cheers Simon

  Thanks John, I am just reading the documentation on Oracle Wallet Manager now. I'll get our DBA to set one up for me.
  Is UTL_HTTP a better solution for embedding a web page than iframes?
  Simon