Restricting infoobject in query designer with authorization object

Similar Messages

• BEx Query RRI with authorization object

  Hi,
  I have two queries linked using RRI (Sender and Receiver).
  Queries have authorization object.
  Both queries work fine with authorized user if I use them separately.
  (Query Sender works fine with authorized user, Query Receiver works fine with authorized user)
  Using BEx in Excel:
  - when an authorized user jumps from the Sender to the Receiver, system tells him he doesn't have the authorizations, and Receiver query doesn't appear.
  Using Web: 
  - when an authorized user jumps from the Sender to the Receiver it works fine and user can see the results in the Receiver Query
  Could anyone help me?
  Thanks in advance
  Fede
  Edited by: Federico Carta on Jun 23, 2009 2:53 PM

  Hi Mohan,
  I checked the authorizations and S_RS_COMP, S_RS_COMP1, S_RS_MPRO, S_RS_ICUBE are correctly set.
  The strange thing is that if user calls the Receiver query from the web (BI web server), it works fine. The problem is only if user executes them by BEx in Excel. If he uses Receiver query directly without using Sender query, it works fine!!!
  Best Regards
  Federico

• Creating Restrictions in BEx query designer for (1-a), where a is variable.

  Dear All,
  >>  Suppose for the variable in the BEx query designer, I've created restriction for 0FISCPER to the variable 0P_PER (as 0P_PER-1) by right clicking 0P_PER3, from that a dialog box appears.  In that I've selected 0P_PER3 and then clicked on offset variable and when I set the offset variable, it works for (0P_PER-1.etc, 0P_PER+1,etc..)
  But if I want to have (1-0P_PER), then plz tell me how to define this restriction?
  Plz explain me the steps to perform (1-0P_PER) restriction in BEx query designer in BW1.
  I'm using SAP BI 7.2 gui.
  Expecting your reply soon,
  with Regards,
  Jerald

  My requirement is that I want to have " 1-fiscal year"., But this I could not define using offset variables, since using offset we can define "fiscal year +1" or "fiscal year -1". 
  So there would be some other way to define "1-fiscalyear".  So Please help me to define "1-fiscalyear"  by giving me the steps.
  Thank you,
  with Regards,
  Jerald

• Red Light with Authorization Object in PFCG

  Hello All - I have a question with authorization objects, there are three roles with red lights 'ON' in authorization object screen in our PRD. However users who are using these roles have no auth issues, standard procedure is to make all lights green in PFCG by maintaining these auth objects.
  Big question is "what is the down fall by leaving these objects RED, I need to support my theory when I say all lights green with auth objects.
  Why best practise says maintain all lights to green?
  Please suggest, appreciate your suggestions.
  Thanks.
  Edited by: AJ on May 12, 2009 9:44 PM

  Hi,
  > "What will be the difference between leaving that red lights 'ON' vs "disabling" these red objects? (I am bit confused on this).
  Red Object: As you know that authorization Objects comprises of Authorization fields. There are certain fields, which are known as "Organization Level" fields and need to be maintained Centrally. If you miss this fields, then the traffic light icon is RED. For all other authorization fields, light will be Yellow if you miss any blank field to maintain. During check, these fields will provide missing authorization (but you may not get error if same object is present in the role with all fields maintained status).
  Disabled Object: If you make any Object Disable, then during check, this Object will not be treated for checking Authorizations. But profile generator will keep this in mind, so you don't get Standard Objects repeatedly (if already present in Deactivated status also) whenever you go to "..Merge with New Data".
  You all other questions are very nicely answered already.
  Regards,
  Dipanjan

• Put a Query in an Authorization Object

  Hi everyone
  Is there any way to set a query as an authorization object value?
  Best regards,
  Luis Elizondo

  Hi,
  This is not possible for finding out authorization value from a Table for an Authorization Oject. But in case of BI Analysis Authorization we have the option to pass the information of Authorization Value Dynamically from a Z-Table or an Hierarchy as a node of that Hierarchy. If you are looking for this in a BI system then you can of course dynamically pass a value from a Z-table through a Customer exit variable.
  Please note that even in BI analysis authorization also we don't have option to pass Query technical name and also conceptually this is not convincing and useful. BI query technical name can be maintained in the authorization objects S_RS_COMP and S_RS_COMP1 (please go through the text description of these two objects to understand the difference).
  Let us know for any query you have.
  Regards,
  Dipanjan

• Association of authorization group with authorization object

  Dear Colleagues,
  We are using ECC 6.0 system. There is a transaction EMMAC2 where in the user would pick the case categories & view/make changes as required in the cases.
  However, we would like to have a user to pick only those case categories for which he/she is authorized & view/change the data.
  This EMMAC2 is controlled by authorization object B_EMMA_CAS & this authorization object has field BRGRU (Authorization Group) along with ACTVT (activity).
  We would like to control this via authorization groups
  We would like to create authorizations groups based on case categories & those authorization groups would be assigned in this BRGRU field.
  Meaning, the end result should be such that, when that new authorization group is added in BRGRU field & that role is assigned to an end user, the user should be able to see data only for those case categories for which the new authorization group has been created
  If I use SE54 to create authorization group, it automatically associates itself with authorization object S_TABU_DIS & this does not solve my purpose.
  But we would like to create a new authorization group & associate it with authorization object B_EMMA_CAS.
  Can someone please let me know the steps on how to achieve it or any other method to achieve it(for above underlined text)?
  Does a developer or functional consultant also need to be involved in this?
  PS: I tried to search in Google & our forums but could not get any answers

  Dear Aninda,
  Thanks for the help.
  I created an auth group via SE16 in table TBRG & associated to B_EMMA_CAS
  A case category was then assigned to this auth group
  We tested it - below are the results:-
  1. The user is allowed to 'change' and 'display' the case for the case category for which the user is authorized: this works as per requirement.
  2. The user is not allowed to 'change' case for the case category for which the user is not authorized: this works as per requirement.
  3. However, he is able to 'display' cases for the case category for which the user is not authorized: this we do not want.
  If I remove activty 03 (display), then the user is unable to display the case for the case category for which the user is  authorized.
  How to resolve this?

• Authorizations to restrict Query Designer with Only Display option

  Hello,
  I have looked all most all possible ways in internet to find out a suggestion/solution for the below. But Invain.
  I would like to know the Transactions, authorization objects and profiles  that are responsible to restrict users not to change and copy queries from QD.
  I need only display option for queries.
  Also,please confirm shall we restrict the same from Transaction SCC4.
  Thanks In Advance.

  Hi there,
  Since you're talking about a QD system, you should lock it in transaction SCC4.
  In case you need to change things in QD without opening the system in SCC4, you can go to transaction rsa1->transport connection and click on Object Changeability. In there you can define what paricular options are "opened for changes" even with SCC4 in close mode.
  Also, for roles having that objects, you should use the authorization object S_RS_COMP and S_RS_COMP1 with Activity with value 02 - Display
  Diogo.

• Long text of InfoObject in Query Designer

  Hi Experts,
  In my InfoObject I have Long Text and Short Text.
  I have maintained both.
  In my Query Designer I'm only getting the short text and same text is getting displayed when I run the Report. Can anyone tell me how do I view the long text please in Query Designer please.
  Thanks

  Hi,
  Thanks all for your help,
  The description issue is resolved but My data which come under that Column is not getting displayed fully.
  The length I have defined in the infoobject is 40 by it is only displaying me 25 char information in the report.
  Can anyone help me with this please.
  Thanks
  Edited by: MO AHMED on Mar 17, 2010 3:07 PM

• Char restriction in Bex Query Designer

  Hi Gurus,
  Can anyone explain what is the use of the Characteristic Restriction Area in in the BEx Query designer
  If i set 0CALYEAR =2008 in the Char Restriction and in the column definition i set the one of the column to display data from year 2009. Will it work ?
  Please advice
  Thank you
  BR

  There are two type of characterstic restrcitions in the query. Global and local.
  If you are createing a restrcited key figure or selection and restricting calday then it will be restricted to that particular key figure (and show 2008 data) and in the columns it will show you other years data (i.e. 2009 data).
  But if you are using a global fiter in the filter tab of query designer, then it will be applicable to the whole query.

• Issue with authorization objects

  Hi,
  We are running on ECC 6 . There is an issue while adding t-codes to a role.
  When we add a transaction code in the Menu tab, for eg, a Z transaction code, it throws up a whole lot of open authorization objects under the authorization tab (open authorizations under FI, MM, so on). The open values proposed are all the default values in SU24. This happens even if we use the 'Read old status and merge with the new'. Our check indicator maintenance for all t-codes seem to be fine. Pls advise.
  Cheers!!

  > The default values (SU24 values) are once again populated if they were not maintained during the earlier maintenance.
  They are populated again if they were deleted during the earlier maintenance or are in a changed status of the original authorization where new values in SU24 are proposing something different.
  That is why you should never delete standard or maintained authorizations and try to avoid the copy & change strategy by maintaining SU24 to meet your needs.
  It shounds like SU24 is not as "fine" as you have stated before hand.
  Cheers,
  Julius

• Unable to access Query Designer with RRMX.

  I have intalled Sap GUI 7.0. I am able to run all applications vai Link : START -> ALL PROGRAMES -> BUSINESS EXPLORER -> QUERY DESIGNER.
  But when i try opening query designer from my logon pad with transaction RRMX, the query designer does not work.Kindly guide on the issue.

  You can start the BEx Query Designer using one of the following options:
  ●      Standalone, by choosing Start ® Programs ® Business Explorer ® Query Designer.
  ●      BEx Web Application Designer:
  In the menu bar of the Web Application Designer, you have chosen Extras  ® BEx Query Designer.
  ●      BEx Analyzer:
  You are in an empty cell and have chosen Extras ® Define New Query in the analysis toolbar.
  ●      BEx Report Designer:
  In the menu bar of the Report Designer, you have chosen Extras ® BEx Query Designer.

• Program with authorization object

  Hi Experts,
  I have an issue regarding rules and authorization.
  I have created a program with 2 radio buttons transfer and backload. The requirement in authorization is not all users can access both; some can only access transfer and some can access backload only. (r_trans,r_back)
  The basis told me that they need an authorization object in order for them to block/separate the transaction for transfer and backload.
  Is there a way for me to modify the program and put an authorization object with my radio button? or is it possible to do this with the current program?
  Thanks!

  Hi,
  Thanks for the reply,
  Our basis is using PFCG for roles and authorization , how can they check if my authorization object was created using that code?
  Here is my code: Im getting sy-subrc = 12.
  IF r_trans EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '01'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
       LEAVE LIST-PROCESSING.
     ENDIF.
  ELSEIF r_back EQ 'X'.
     AUTHORITY-CHECK OBJECT 'ZACTIVITY'
                  ID 'ACTVT' FIELD '02'.
     IF sy-subrc NE '0'.
       MESSAGE 'User not authorized' TYPE 'S'.
     ELSE.
       MESSAGE 'User is authorized' TYPE 'S'.
     ENDIF.
  ENDIF.

• Display users with authorization objects assigened to them

  Hi,
      How can I display list of users with company code assigned to them?

  hello Rajesh,
  What you want is not straightforward. There is no SAP report for this as such. You need to find roles assigned to the user first then go to table agr_1252 anf give the value $BUKRS along with the role names.
  You will find out the company codes assigned to the user.
  This is not a very efficient way really and will involve too much of effort. If I needed such an information I would have written a simple ABAP report using joins of table AR_DEFINE and AGR_1252. Also check tables UST12 and AGR_1251.
  Hi Ben,
  Company code is present in several authorization objects other than F_BKPF_BUK. Check F_SKA1_BUK..There are several of them. So we need to check on basis of field BUKRS.
  Regards.
  Ruchit.

• Query Designer with SAPNW7.01ABAPTrial

  Hello
  I am beginner on SAP BI and I want to know how to get or where to download query designer that can work with SAPNW7.01ABAPTrial. Thanks to reply sooner
  Regards

  Hi,
  Pls go to Service Market Place. www.service.sap.com--> Downloads -> SAP support Packages -> My Companys application component -> BI Addons for SaP GUI -> BI 7.0 Addon for SAP GUI 710/BW 3.5 Addon for SAP GUI 7.10.
  Regards
  CSM Reddy

• Query on new Authorization Objects after Upgrade&SAP_NEW profile

  Dear Experts,
  We have upgraded our system from 4.5 to 7.0 version,  i  was checking what are the new authorization Objects  introduced after upgrade comparing older system ojects.  I got few objects which are new in upgraded system,
  But when i check SAP_NEW profile,   and in the latest profile SAP_NEW_7000 profile i can not see all those new Ojects which are new.
  generally SAP_NEW should contain all new objects which come after upgrade?  i can see those in SAP_ALL  but not in SAP_NEW
  is there any issue  in system?  how should I know and where should i check what are the new Objects come in upgrade,
  Please advise.
  Thanks#Regards,
  Vijay

  Hi Jurjen Heeck ,
  see my previous post
  I did 'nt get this.
  SAP_NEW is your friend here
  does the SAP_NEW profile contains all the new authorization Objects.
  Regards,
  Anthony