Roles and Workbooks

Hi,
How to create a Role and make it available for the end-users so that they can share the workbooks among themselves. Right they are allowed to save only under favourites, which are not visible for all.
What kind of security or authorisations or setting, that should be done in order for the role to be seen in the query/workbook save window.
Any help would be appriciated
Thanks
Ace

Hi Ace,
The roles created for users to save workbooks into are dummy or empty roles. The way this is managed is that workboosk relevant for a group of users are stored under this role, and then the role is assigned to different users accordingly. Usually all users are not given the ability to save into a role. All are allowed to save to favourites and a few can create workbooks and save them to roles.
As an otion for users not allowed to save workbooks ot roles, yet needing to share them, the workbook can be saved as an Excel file and emailed. The receiver can then log into BW and refresh the data.
Hoep this helps...

Similar Messages

Transporting role menu and workbook created diurectly in production system

Hi gurus,
We have several workbooks (and queries) that are created directly in production system. thoose workbooks are connected to a role that is created in development system and transported to production system.
Now, we would like modify this role in development then tranport it on production system, but we are afraid that will be wiped out (overwrite) our production system workbooks (because the role not contains this workbook in development).
Could you please explain to us what we have to do in order to not wiped out our production workbooks.
Thank you in advance

thank you, it's more clear for me...
Exactly, to have all my requests and workbook in development, I tried to use "Transport order of copy (it means transport queries from Production system to development system)", then to connect them with the corresponding roles in development, but I have the think that BW considers them as new requests when I re-transport them again on the prod.)
Could you say me if i can transport my production system queries on my development system, and manage them in this system (development) in the future.
Thank you in advance

Assigning Queries and workbooks to user roles

Hi Guys,
I was hoping that someone could explain, how the queries, workbooks and Web Templates can be assigned to roles.
What are the steps involved in creating the roles and assigning the queries.
How are these reports accessed by the users (by URLs or through SAP GUI) If I would want to use the URLs to access them, how do I open the workbooks?
I seem to have a lot of questions, hope to find answers to a few of them.
Thanks,
Doniv

Hi Doniv,
Queries, workbooks and web templates can be assigned to roles during the time that they are being saved. The assignment can also take place in PFCG > role. These kind of roles are usually basic placeholders that are assigned to different users as per requirements. This ensures that the usersa can see only those objects which are on the roles assigned to them.
The workbooks are not accessed by a URL in the internet explorer, they are accessed in the BEx Analyser.
Hope this helps...

Roles, queries,workbooks and users

Dear Experts,
I have an urgent requirement to join information about roles, queries, workbooks and users.
Can you tell me which all tables I should be looking into?
Regards,
Kris

Hi Kris,
Please see this link below : -
roles table in sap
It is for roles, i think you have table for queries already in your previous post.
Regards
Sunny

Security-role and security-role-assignment not working in WL7.0

Hello all..
Some EJB components that worked fine in WebLogic 6.1 no longer work in
WL7.0. It has to do with the security-role and security-role-assignment
descriptor elements no longer allowing anonymous users to be included in the
authorization for a bean.
For example, in WL6.1 placing these items in ejb-jar.xml:
<assembly-descriptor>
<security-role>
<role-name>Employees</role-name>
</security-role>
<method-permission>
<role-name>Employees</role-name>
<method>
<ejb-name>CustomerEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
and mapping WebLogic default users to this role in weblogic-ejb-jar.xml:
<security-role-assignment>
<role-name>Employees</role-name>
<principal-name>guest</principal-name>
<principal-name>system</principal-name>
</security-role-assignment>
worked fine for clients creating their context using a simple
InitialContext() constructor without specifying SECURITY_PRINCIPAL or
SECURITY_CREDENTIALS. These users were basically "guest" to WebLogic, and
the security-role-assignment element above told WebLogic that "guest" was in
the Employees role for purposes of this EJB archive.
Worked in WL6.1, no longer works in WL7.0. Client receives typical
permission exception:
java.rmi.AccessException: Security violation: insufficient permission to
access method 'create'
If I explicity connect as "system" things are fine, or I can create a new
user in the default realm in WebLogic, put a matching <principal-name>
element in the section above, and connect as that user. Note that if I leave
off the <security-role> section completely, or set the required role name to
"everyone", the anonymous access works fine. Apparently the anonymous user
is a member of "everyone" behind the scenes even though "everyone" does not
appear in the realm list of groups or roles.
So, my question boils down to this: Is there a "magic" username in WL7 like
"guest" was in WL6.1 that can be mapped to the required role name, or must
every client connection use a true weblogic-created user with appropriate
role assignments used to map it to the required role name.
-Greg
P.S. Note that none of the EJB examples provided with WL used
<security-role>..
Check out my WebLogic 6.1 Workbook for O'Reilly EJB Third Edition
www.amazon.com/exec/obidos/ASIN/1931822468 or www.titan-books.com

Below are the screen shots for PFCG:

New role with workbooks not visible

Dear all,
I have something strange. I created a role and I saved workbooks in it.
When I create a new workbook and save, I can see this role and I can save the workbook in my role (this role is assigned to me).
However, when I reopen the workbook, I go to the Role tab but I have nothing: no role and thus no workbook.
Do you have any idea?
Regards
Eric

Hi Ric,
I know that behavior from my own experience. Up to now I just came up with a workaround solution. When you want to open the saved workbook, you can go to "Search" tab where you can search for the workbook description. This search seems to be case sensitive, so be careful with that.
If someone else found another solution I am interested in that, too.
Best regards
Volker

Bex Default template for Queries and Workbooks

Dear All,
We have a default template for all queries and workbooks.But this default template was created using a AP query and saved as a workbook.Now all the users having AR role are not able to execute queries or workbooks.Since this default template has a AP info provider associated with it.Is it possible convert this default workbook to a generic one without any security restrictions.Please provide a solution.

In Bex analyzer, you have option to convert a template into a default template.
Or you can create a copy of the existing template without AP infoproviders and assign it as default template.

Roles and authorizations in BI content

Hi experts,
I'm trying to define a very simple scheme of roles and authorizations for my queries.
So, i'm trying to limit the acess by infocube and DSO, but I'm missing the authorizations objects for Cube and DSO.
I know that authorization object for queries it's S_RS_COMP.
So my roles would be something like
BI_ROLE_FI
Authorization Object                                  Autorization Object Value
Acess query (S_RS_COMP)                         NA
Infoobject (whats the object???)                   0FIGL_C01
DSO (whats the object???)                            0FIGL_O14
BI_ROLE_PUR
Authorization Object                                  Autorization Object Value
Acess query (S_RS_COMP)                         NA
Infoobject (whats the object???)                   0PUR_C01
Can you help me find out whats the missing information
Thanks and regards
Joana

Hi,
Iu2019ve gave authorization to the object youu2019ve mentioned, but itu2019s still not working.
Basically what I have is the following:
One role that allows me to execute queries, workbooks, etc.
A second role, dependent on the area of work, that should allow me only to have access to queries from cubes/MP/DSO that are specific to users area.
I will then give each user role 1 + the adequate role 2, depending on their work area.
For role 1 I have got:
S_RFC
Activity: 16
Name of RFC to be protected: *
Name of RFC object to be protected: *
S_TCODE
Transaction code: RRMX
S_GUI
Activity: 16
S_USER_AGR
Activity: 01, 02, 03
Role Name: ANLG_BI_01
S_USER_TCD
Transaction code: RRMX
S_RS_AUTH
BI Analysis Authorization: BI_ALL
S_RS_COMP
Activity: 03, 16
InfoArea:*
InfoCube: *
Name (ID) of a reporting component: *
Type of a reporting component: *
S_RS_COMP1
Activity: 03, 16, 22
Name (ID) of a reporting component: *
Type of a reporting component: *
Owner (Person Responsible) for a reporting Component: *
S_RS_TOOLS
Logical Command Name: THEMES
Iu2019ve tested this role, and it works u2013 they can access queries, create workbooks, create permanent model workbooks
For role 2 u2013 Finance I have
S_USER_AGR
Activity: 01, 02, 03
Role Name: ROLE2
S_RS_ADMWB
Activity: 03,66
Data warehousing workbench Object: INFOAREA
S_RS_ODSO
Activity: 03
Infoarea: 0FIGL_ERP
DataStore Object: 0FIGL_014
SubObject for ODS Object: *
S_RS_ICUBE
Activity: 03, 66
Infocube SubObject: *
Infoarea: 0FIAP
InfoCube: 0FIAP_C02
S_RS_MPRO
Activity: 03
Infoarea: 0FIN_REP_SIMPL_1_ERP
MultiProvider: 0FIAP_M20, 0FIAP_M30
MultiProvider SubObject: *
I then gave to my test user this 2 roles, and with that user I can still see every infoarea, and access all reports.
I will have more specific roles u2013 to other areas (SCM, TV, etc), but I chose this one has an example.
First question I have: can I manage my requirement in 2 different roles: one for action that can be performed (role 1) and other for areas that they can access data from (role 2)?
What objects/restrictions am I missing in role 2?
Many thanks
Joana

Missing Roles in workbook

The basis team installed the Enchancement Package on BW Sandbox last month. When I tried to open the workbook, it only show only one role, but it should be showing others roles. Also, when I tried to save a workbook and assign to a role, I do see the complete list of the roles.
On the SAP menu (backend tools), I do see complete list of the roles on the user menu. I did check the user setting and its roles, and the roles are active (not expired).
I am wondering how to fix the problem, and I am wondering will the latest support pack for frontend will solve it or what other thing we need to do?

Hi Glenn,
Please check the following:
The settings in SSM_CUST defines a compress mechanism for the user menu
known as "Redundancy avoidance" and described in notes 357877 and 357693
Redundancy avoidance deletes easy access menu entries for doubled
transaction codes whenever SSM_CUST contains
1. an entry CONDENSE_MENU with PATH = 'YES' and
2. either an entry DELETE_DOUBLE_TCODE with PATH = 'YES' or no entry
DELETE_DOUBLE_TCODES, at all.
If you don't want doubled transaction codes to be deleted, then simply
add an entry DELETE_DOUBLE_TCODES with PATH = 'NO' into table SSM_CUST.
Please enter
DELETE_DOUBLE_TCODES with PATH = 'NO' into table SSM_CUST
and retest this issue...
many thanks
Orla.

Is there anyway to archive old queries and workbooks rather than deleting?

Our environment has thousands of old queries and workbooks. We plan to delete any object that has not been used within 13 months, but there's a concern we may someday need a few of the reports that will be deleted.
Is there a way to archive old queries and workbooks rather than deleting them?
Is there another approach to solving this matter?
Thanks!

Jim
This is really a intersting question as this is a reality as many BW reports are not used/accessed by users but still they have tendancies of sitting on these reports.
I wanted to suggest to carry-out report usabilty analys. This analysis u can carry out by using BW statistics/standerd queries/new queries in technical cubes showing usability data. If u found that a perticalar BW report is not been used for long time, u can discuss the usability of this report with the report user ( as it is a normal practice of owning BW report by user/user group across industry ), if user is no longer uses it Or do not need it any more, it will be better to delete those reports, this will free up some resources and will reduce the junk. ( if user wants these queries ask him to use it or it will better to personalise report in his desktop easing him to see those reports. )
Changing the technical names of the query as suggested by Bhanu will have follwing effects.
1. It will add more reports in repository leading to junk
2. Old queries still be assigned to user roles, so collide with user authorisation.
hope views are clear, others are welcome to add or share their experince in this regard.
kindly assign the points if it helps.

BEX Roles and Folders help !!!

Hi Friends...
We need to restrict the access to the queries and workbooks by roles. Can any one send me some document / steps how do we make this restriction. example ; power user , coordinator , controller etc....
we would need to create a "User group" maybe even several user groups and assign existing folder names to these user groups.
It would be appreciated ,If some one can send me a step by step approach / document ,
Thanks

Hi SAm.
Not exactly what you are asking for.. But it might be helpful.
http://help.sap.com/saphelp_nw04/helpdata/en/55/2bb33b90131e73e10000000a11402f/content.htm
It gives you some different scenarios.
I have not been doing authorisation by folder, but by naming X..or Z.. queries. I think it should be possible to do it by folder also.
Assigning different folders or infoobjekts to different roles.

Diffrance between saved views and workbooks

Hello Friends,
Good Morning ..
Could any one please tell me what is the diff between saved view and Workbooks. .?
It will be nice help for me.
Thanks .

Hi Jain,
Do not know if your question is already answered. Let me give you my thoughts on this subject ... start with what is a query.
A query definition is saved on the server. Never anywhere else.
Although people say a workbook contains a query (or several queries); it does not. It contains a reference to a query. The workbook can be saved on the server; or anywhere else that you might save an Excel workbook.
What happens if someone changes the query definition on the server? Answer: the next time you refresh the query in the Excel workbook, the new query definition replaces the old query definition in the workbook. Maybe. It depends on what change was made.
For example, if someone added a Condition to the query definition, the workbook will be virtually invisible to this. The Condition is available; but, is not implemented in the workbook. (Until the user of the workbook manually adds the view of the Condition and then activates it.)
For example, if someone changed the definition of a KF in the query definition, the revised KF will show up in place of the old KF in the workbook.
But ... if, for example, someone deleted the old KF and added a new KF, we get a different story. Now the old KF no longer appears (it does not exist); but, the new KF does not appear (it was not marked to be visible in the workbook).
About workbooks as views ... OK, a workbook may very well have a certain "view" of the query (drilldown, filters, et cetera). And, if the workbook is saved to the server in a Role where everyone can access it, this is good. But, if the workbook is saved to one's favorites, then this "view" is only accessible to that individual. Which may be good. Or may not.
A "saved view", on the other hand is stored on the server. So, it is available to all.
If you navigate in a workbook you can back up. You can back up, though, only as far as you navigated in the current session. You cannot back up to where you were in the middle of last week's session. Unless you saved that navigation state as a "saved view". Then, you can jump to that view at any time.
The downside of saved views is that they are easy for anyone to set up and difficult for most to delete.
- Pete

Server Manager error 0x80070422 - Roles and features are not accesible

Hi
I cannot view Roles and Features in Server Manager on my Server 2008 R2 box. The error is:
Unexpected error refreshing Server Manager: The service cannot be started, either because it is disbaled or because it has no enabled devices assicaited with it (Exception from HResult: 0x80070422)
I have looked at my services - but don't know what service to look for, everything seems to be in order.
After some investigation on the net, I understood that I need to setup the win readiness tool, I did and the output in CheckSur file is as follows
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 12.0
2011-05-31 19:02
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum Expected file name Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum does not match the actual
file name
(fix) CBS MUM Corrupt CBS File Replaced Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum from Cabinet: C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-apr29.cab.
(fix) CBS Paired File CBS File also Replaced Package_for_KB2296199_RTM~31bf3856ad364e35~amd64~~6.1.1.1.cat from Cabinet: C:\Windows\CheckSur\v1.0\windows6.1-servicing-x64-apr29.cab.
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 4058
Found 1 errors
Fixed 1 errors
CBS MUM Corrupt Total count: 1
Fixed: CBS MUM Corrupt. Total count: 1
Fixed: CBS Paired File. Total count: 1
Here again, it seems that everything is fine.
Thanks in advance for your help

Hi,
Please try to install Windows Server 2008 R2 Service Pack 1 directly and check the result. Service Pack 1 for Windows Server 2008 R2 includes all the
previous released Windows Updates and hotfixes.
If it does not work, you will need to copy these files from another working Windows Server 2008 R2 system to replace the corrupt ones.
Otherwise, you will need to perform an In-Place upgrade to repair the system.
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

How to create a report of users in ucm about their roles and permission

Hi All ,
I need to create a report and it should contain all the users in ucm as well as their roles and permissions. Basically the report would be for the admin who can see all the users in a single report and can know about the roles and access of each and every users.
How to create such report ?? I have tried from web layuot editor but the default report template i.e stdUserReport in user datasource does not contain more than three fields..Is there any method to get such kind of report???
Please suggest!!

There was an example component to demonstrate this kind of function. Under Stellent in version 7.5
I do not know if they hand it out anymore but it is not on the standard samples page for Oracle. You may want to open a Support SR to ask for it. It should still be around in their servers if they can get permission to hand it out as a sample again.
Sample CustomReports component to demonstrate how to create customized reports
CustomReportsBundle.zip
Date:     October 30, 2006
Sample Version:     version=2006_10_20 (build 1)
Product and Version:     Content Server
Sample Status:     This is a Stellent Sample. Stellent Samples are free and include non-supported add-ons, utilities, tutorials or programming examples. It may require additional configuration or security auditing for maximum effect. It is not supported by Stellent without a consulting engagement.

Problem with Roles and Triggers

I'm having a strange problem with Roles and Triggers in Oracle. It's a little difficult to describe, so bear with me...
I'm trying to create a trigger that inserts records into a table belonging to a different user/owner. Of course, the owner of this trigger needs rights to insert records into this other table. I find that if I add these rights directly to the owner of the trigger, everything works okay and the trigger compiles successfully.
However, if I first create a Role and grant the "insert" rights to it, and then assign this role to the owner of the trigger, the trigger does not compile successfully.
To illustrate this, here's an example script. I'm using Oracle 10g Release 2...
-- Clean up...
DROP TABLE TestUser.TrigTable;
DROP TABLE TestUser2.TestTable;
DROP ROLE TestRole;
DROP TRIGGER TestUser.TestTrigger;
DROP USER TestUser CASCADE;
DROP USER TestUser2 CASCADE;
-- Create Users...
CREATE USER TestUser IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE USER TestUser2 IDENTIFIED BY password DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "USERS";
CREATE TABLE TestUser.TrigTable (TestColumn VARCHAR2(40));
CREATE TABLE TestUser2.TestTable (TestColumn VARCHAR2(40));
-- Grant Insert rights on TestTable to TestRole...
CREATE ROLE TestRole NOT IDENTIFIED;
GRANT INSERT ON TestUser2.TestTable TO TestRole;
-- Add TestRole to TestUser. TestUser should now have rights to INSERT on TestTable
GRANT TestRole TO TestUser;
ALTER USER TestUser DEFAULT ROLE ALL;
-- Now, create the trigger. This compiles unsuccessfully...
CREATE TRIGGER TestUser.TestTrigger AFTER INSERT ON TestUser.TrigTable
BEGIN
INSERT INTO TestUser2.TestTable (TestColumn) VALUES ('Test');
END;
When I do a "SHOW ERRORS;" after this, I get:
SQL> show errors;
Errors for TRIGGER TESTUSER.TESTTRIGGER:
LINE/COL ERROR
2/3 PL/SQL: SQL Statement ignored
2/25 PL/SQL: ORA-00942: table or view does not exist
SQL>
As I said above, if I just add the Insert rights directly to TestUser, the trigger compiles perfectly. Does anyone know why this is happening?
Thanks!
Adrian

Hi Raghu,
If the insert rights exist only on TestRole, and TestRole is assigned to TestUser, I can do the INSERT statement you suggest with no problems if I just execute it from SQLPlus (logged in as TestUser).
The question is, why does the same INSERT fail when it's inside the trigger?

Roles and Workbooks

Similar Messages

Maybe you are looking for