Reporting BI Authorization

Similar Messages

• The workbook report no authorization, but related query can show part data

  Dear All,
  We meet an error, The workbook report no authorization, but related query can show part data.
  We have a workbook, it have 1 queries, and when we key in condition to run it, in one field we put on one more condition(Z3XXX = ' WZO'  & ' WZA")(User didn't have authorization for this condition),  and workbook report no authorization.
  Then we checked  authorization check log and it show "You do not have sufficient authorization on Z3XXX = ' WCO'.
  But when we execute the related query with same condition. the query can open and show WZA's data.
  I'd like to know the reason.
  thanks & Best Regards,
  Kent Yu

  Dear All,
  We meet an error, The workbook report no authorization, but related query can show part data.
  We have a workbook, it have 1 queries, and when we key in condition to run it, in one field we put on one more condition(Z3XXX = ' WZO'  & ' WZA")(User didn't have authorization for this condition),  and workbook report no authorization.
  Then we checked  authorization check log and it show "You do not have sufficient authorization on Z3XXX = ' WCO'.
  But when we execute the related query with same condition. the query can open and show WZA's data.
  I'd like to know the reason.
  thanks & Best Regards,
  Kent Yu

• Report Link + Authorization Scheme

  I have an authorization scheme that checks whether a certain person has privileges to edit a record on Page 2 by referring to the :P2_ID in the authorization scheme. Page 1 has a report with a report link, but the user can see both items they are able to edit and items they are not. I know I can make the link dynamically in the sql but wanted to see if there was an easy way to use an authorization scheme, but pass the #REPORT_COL# value in the report over to an authorization scheme to show or hide the icon for me so I can get the link out of the sql.

  Great example Scott! However, I'd would caution the other Sc0tt that calling functions in a SQL statement is fine for a small number of rows, but can CRUSH performance for medium to large result sets. Even if the function is fast, you're still context-switching between SQL and PL/SQL for every row. Make sure you test this with the volume of data you expect your users to encounter. If it's a problem, you might force the user to apply some filters before running the query.
  If you're running 11g you can at least minimize the hit of the function with "Function Result Cache". Even if you're not on 11g yet, you can use the following code in 10g and it will switch-on result cache when you compile it in 11g:
  create or replace function auth_user(p_key in number)
       return varchar2
       $IF not dbms_db_version.ver_le_10_2 $THEN
            result_cache
       $END
  as
  begin
      pkg.g_value := p_key;
      if apex_application.public_security_check (p_security_scheme => 'AUTH_USER_COLUMN') then
          return '1';
      else
          return '0';
      end if;
  end;
  / If it is a reasonable result set, Scott's solution is perfect.
  Thanks,
  Tyler

• Crystal report for authorization

  Hi Experts,
  I have BW query which belongs to authorization relevant it is working fine  so if i execute this query in crystal it is showing all the data  and authorization variable is not working so if any worked on this issue and please pass your inputs on this issue.
  Regards
  RK

  Hi RK,
  Helpful Links:  Handling Hierarchy Authorizations in SAP BEx BO Integration
  Authorization variable set to "Ready for input" does not create a parameter
  BEx Authorization Variable behavior in Webi & Crystal Reports
  I am not working on authorization variable but myself i searched and provide some useful links.
  Thanks,
  DJ

• Report writer Authorization on selection screen

  Hi All,
  In transaction GR55 (to execute the report group), when the user enters the selection criteria for the report group, I want to validate the
  'Profit Center group' and 'Profit center values' fields. The way it should be validated is, it should check the entry for the 'profit center group' or 'values' entered against the 'user name' in a Ztable for that user. If there is no entry in the Ztable matching that 'User name' and 'profit center group or values' , it should give an error message. I have seen that there is a user exit 'EXIT_SAPFGRWX_001' (Authorization check on initial screen).
  But my problem is, in this functional module (code is shown below), the table 'I_T_SELSCREEN_PARAMS' has only one filed for both 'Profit center Group' and 'profit center values'.
  1. when I enter 'Profit center group' 'ABC' in my selection criteria, I_T_SELSCREEN_PARAMS has following values.
  I_T_SELSCREEN_PARAMS - selname = '%8A-PCHI'.
  I_T_SELSCREEN_PARAMS-low = '01061000ABC'.
  2. When I enter 'Profit Center Values' as some '3001000' to '3001020' inn the selection criteria, I_T_SELSCREEN_PARAMS has following fields,
  I_T_SELSCREEN_PARAMS-selname = '%8A-PCHI'
  I_T_SELSCREEN_PARAMS-low = '0002$ZSLP&8A-PCHI'.
  here ZSLP is the report group name.
  I don't understand how to get the values '3001000' to '30001020' into my user-exit in case 2.
  Is there any other way of doing this? has anyone used this user-exit? Please help me.
  Thanks,
  Krishna
  FUNCTION EXIT_SAPFGRWX_001.

  Hi Krishnakumar Ramadoss,
  For your requirement to have authorization, SAP provides facility in report writer/painter to give authorization groups.
  Go to GR52.
  Input your report group name.
  Click on Header (Cap symbol) or F5.
  At this header screen , you can see a field where you can provide Authorization group.
  Try this. It may help you.
  As a note:
  Report writer / Report painter reports are reports which are created with zero percent coding.
  The SAP generated program (E.g: GP3ICYT39FHJLOYBA2025DBAE1V213) cannot be changed or modified.
  The only coding that you can do in a report writer are the formula's and logic that you can write in variables of the report writer / painter.
  Regards,
  Subin John

• Abap report attributes : Authorization group

  Hello,
  I would like to know if there is an enhancement to force the developer to assign an authorization group to the new created abap report, when filling the attributes
  Thank you by advance
  Philippe

  Hello,
  Thank you all for your answers.
  In both FUNCTIONs , EXIT_SAPDSAHD_010 (include ZXSEUU09) and
  EXIT_SAPLSEDTATTR_010 (include ZXSEUU20), I inserted a break <sy-uname>.
  When creating a new abap report (i.e. a local object), I reach only the
  break in include ZXSEUU20, and never after having filled up the program
  attributes popup, always before.
  My initial goal was to force the developer to enter a value in the authorization
  group.
  Do you have an idea of what is going wrong or is it the normal behaviour?
  Thank you,
  Philippe

• Report variant authorization

  Hello -
  Not sure there is an easy/quick solution to this requirement but.... here goes. 
  For all custom programs, we'd like to limit the list of available report variants to only those variants which were created by the user executing the report.  From our research - there are no available user_exits or authorization checks in function group SVAR which is used to build/display the variant lists.
  Can this be accomplished any other way?  We are running 4.6c.
  Regards & thanks,
  Lawrence

  Hi,
  Why not make the report so it can only run in the background ? This gets round this issue. Check if the report is running in background in AT SELECTION-SCREEN OUTPUT event and raise an error if trying to run online.
  Hope this may help.
  Cheers
  Colin.

• Report users & authorization values in release strategy

  Hello,
  I want a report which displays the user names and their release codes from the authorizations which the users have.
  Is there any standard report?
  Thank you.

  Dear Landra,
  There is no standard report to get this data. But you can get this by combining the data of the 2 tables AGR_1251 & AGR_USERS.
  1. Goto SE16 --> table AGR_1251. Give Z* for Role, M_EINK_FRG for Object & FRGCO for Field Name and run it.
  2. Goto SE16 --> table AGR_USERS. Give Z* for Role and execute it.
  Vlookup both the reports in step 1 & 2 to get the list of users having access to a particular Release Code in the system.
  Regards,

• Crystal Reports and Authorization Problems

  I am having an issue with Crystal Reports and User Authorizations.
  I was build a Crystal Report and import into SAP Business  One (SBO 8.8 PL18 HF). After that i give full authorizations for this report in some users. Then if the user login in SBO and choose to see the report his has the following error
  You are not permitted to perform this action - "The name of the Report " [Message 200-30]
  or
  You are not permitted to perform this action - "The name of another Crystal Report " [Message 200-30]
  This happen also if I edit a crystal report and re import the new version.
  If i change the user to Super User  then there is no Problem but i don't want something like this. Is something going wrong with Import Crystal Report and SBO menu items?
  Any Idea?
  Thanks In advance
  Edited by: Apostolis Andrikos on Feb 17, 2011 1:25 PM

  Hi Balakumar,
  I had tried also with the way that you suggested...
  Only if I give full authorizations for all the modules itu2019s possible for the user to open the crystalu2026
  And I said possible because sometimes with full Authorizations everything it is ok and sometimes not.
  The most strange thing is that if I choose to open a Crystal Report  the display error as i said before is
  for another Crystal Report in SBO menu.
  e.x I choose to run a Daily Cash Report from the User
  and the ERROR Said
  "You are not permitted to perform this action - Outgoing Payments Message 200-30"
  Thanks for your Response

• Drill Down Arrow error in Crystal Report. Authorization Path

  hi all,
  i made a report in crystal report with drill down capability with the ff formula:
  'http://$b1$/link?table=OPCH&key='&totext(({OPCH.DocNum}),0)
  pls see image below for the error display:
  http://i264.photobucket.com/albums/ii184/abing430/DrillDownArrowError.jpg
  when i run the report in SBO the report display with no problem but when i click the drill down arrow it says "You are not permitted to perform this action : Authorization path". i am using the Manager account w/c is a super user.
  pls. help.
  thanks
  Fidel

  hi Gordon,
  thanks for the reply.
  now i use the ff. Formula as what u have instructed.
  'http://$b1$/link?table=OPCH&key='&({OPCH.DocEntry})
  this returns an error in formula
  'http://$b1$/link?table=OPCH&key='&totext(({OPCH.DocEntry}),0)
    this line does not returns an error in formula workshop but i still have the same error....
  addtitional information: this is my SBO version
  SBO: 8.8
  PL: 18
  best regards.
  Fidel

• ISE reports. Need report for Authorization Profiles

  in ISE 1.1.1 pack 2 how do I run a report that will give me all authorizations with the blackhole_wireless_access for the past 2 months?
  TIA
  Scott

  Operations -- report / Catologs -- AAA protocols -- Radius Authenitications -- Run and Query
  narrow down focus as best you can.  for instance by device name. and specify time range.  (note DB rewrites)
  then export to CSV.  Select the Identity_Store and Authorization_Policy along with user, times, etc.
  Sort CSV by empty identity_store or default Authorization_Policy (default).
  Thanks Justin @TAC
  Scott

• BW Reporting: Security Authorizations

  I am looking to see if it is possible to create a role in BW that would allow the following:
  -Execute all published queries
  -Create new queries, but only save locally (or to favorites)but not publish globally
  -Modify published queries, but save only locally (or to favorites)
  The role would not have access to create and publish globally new queries or modify and save globally to any existing queries.

  Hi Nathan,
           Create a role using Transaction PFCG and create an Authorization Profile.
  <b>To Execute all published Queries</b>
  Add the Reporting Authorization Objects
  <b>S_RS_COMP</b>: Infoarea, Infoprovider, Reporting Component.
  If you want the user to execute all queries
  Maintain this settings
  <b>Activity: 16 (Execute)</b>
  Infoarea: *
  Infoprovider: *
  Name of Reporting Component: *
  Type of Reporting Component: REP(Query)
  <b>S_RS_COMP1</b>: Reporting Component, Query Owner
  <b>Activity: 16 (Execute)</b>
  Name of Reporting Component: *
  Type of Reporting Component: REP
  Query Owner: * (If you want all users to execute the queries)
  To Create and Change Queries, you've to also include those Activities in the Activity field for the Authorization objects. But I think that will affect globally.
  <b>S_RS_ICUBE or S_RS_ODSO</b>
  This Authorization object grants access to data held in the Infoprovider. For ODS you've to use S_RS_ODSO and for cube you've to use S_RS_ICUBE.
  Maintain the settings.
  For Reporting users, the activities <b>03(Display)</b> and 16(Execute) are the minimum required.
  Infocube Sub Object: DATA
  Infoarea: *
  Infoprovider: *
  <b>To Save Workbooks to Favourites</b>
  For this you've to include the Authorization Objects
  <b>S_GUI</b>: Authorization for GUI Activities.
  Activity: Import and Export(For saving and for opening)
  <b>S_BDS_DS</b>: Authorizations for Document set.
  Activity: 03 and 30.
  Business Document Service: *
  Class: OT
  In addition to these, You've to include the authorization objects S_RFC and S_TCODE(Transaction: RRMX) and maintain the required settings.
  Hope this helps.
  Regards
  Hari
  Message was edited by: Hari Krishnan K

• Report based authorization

  I have a 0costarea characteristic. And it has authorisation object. I use this characteristic in two different reports. The question is how can i give a user different restriction for two report? For example in the A report 0costarea=100100,100101,100102 and in the B report 0costarea=100100,100104 so in the B report user mustn't see 100101 and 100102 details also in the A report user mustn't see 100104 details. I have zcostarea authorization in rsecadmin. I couldn't make correct user authorization privileges.

  Hello Yunus,
  Unfortunately you can not do this . I recommend you to create a copy of that querry and restrict those in query permanently.
  Sarhan.

• Regarding precalculated report with authorization

  I created a web report which contains all the country data, the query having authorization variable, after precaluclation I tried to see the report using a user who is restricted by country level, it saying “no authorization” but if I access through current data mode it’s working, I don’t why its not working with hybrid mode, static…
  If any help appreciated
  Thanks
  Santhosh

  Hi,
  did you precalculate userspecifically?
  Please check the option in RA.
  http://help.sap.com/saphelp_nw04/helpdata/en/9e/9f653ade969f4de10000000a114084/frameset.htm
  Precalculating user-specific Web templates
  Regards
    Heike

• How to take report for authorization in sap hr

  I am new to this feild . I was inquisitive about taking out reports.Can i take out report based on role.The reports contains which authorization object ,PA/PSA,EG/ESG,which planned version.
  I meant to say every thing which ever appears in the authorization objects..
  Please help

  You can get this info from table AGR_1251
  If you need to report on org levels too then you will need to use agr_1252 as well