Roles for accessing reports

Similar Messages

• How to define roles for the reports that i have created using WAD?

  Hi all,
  Can anyone let me know how to define roles for the reports generated using WAD. And what is the procedure for creating and defining roles. Is this process take care of Bw consultant nor the basis guys.
  Can anyone let me know the entire procedure about the roles in bw 3.5
  thanxs
  haritha

  Following links might helps you
  create a role
  https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bi/authorizationinSAPNWBI&

• Roles for MSS Reports

  We are having some authorization issues with MSS reports. When we try to display the report from MSS , It says no authorization for transaction (name). When we give SAP_ALL to the manager at the backend, it works fine from MSS side. Please suggest if we are missing some thing. What are the standard MSS roles for the reports.
  Thanks

  Hi,
  The MSS reports must have some Program name, say REPORTX or it may be called by some transaction.
  Add the report name to the auth object P_ABAP for the MSS role or add the transaction name to the authorisation object S_TCODE and P_TCODE.
  Either way, the problem will be resolved.
  Or you can remove the SAP_ALL from the manager profile; Login with the userid of the manager. Try to run anyone of the reports and then after it throws the missing authorisation error, type in /nsu53 in the transaction bar and trace the missing authorisation. Accordingly add the same to the managers role.
  Thanks and Regards,
  Pinki

• Importing a pkg with rely on server storage and roles for access control

  Hi we run std 2008 r2.  I'm reading documentation on prot levels during pkg import to catalog at
  https://msdn.microsoft.com/en-us/library/ms141747(v=sql.105).aspx but unfortunately the definition of prot level "rely on server storage and roles for access control"
  isn't clear.  They used the prot level name to define it which didn't help me.
  This option looks appealing but it isn't clear why I need to enter a pswd when choosing this option.  Will my peers need to know that pswd when they export?  Will the sql agent job need to present that pswd when running?  If I just keep current
  prot level "encrypt with user" will the agent job be able to run it?  I'm sure it (agent) isn't running with my creds now.  Also, how can I tell what prot level it was deployed with last?  I rt clicked on the pkg in the catalog
  and don't see anything obvious about that.  I already understand that on export prot level is changed to encrypt with user. 
  I'm going to look at the sql agen job right now to see what creds it runs with.

  First thing to understand is that protection level is used for determining how package (dtsx) file have to be protected. Once package is deployed in server and executed from agent, the conventional way is to use method of configurations or parameters if
  2012 to get required connection etc values and execute using it. It never uses the values that were set during the design time. So it doesnt matter what protection level was so far as its based on config
  However if you're planning to export existing package to your system and do modification thats where protection level comes to play. If its set to any of ENcryptSensitive... type value then you'll to provide the value (either a passowrd or your userkey which
  it takes automatically from login info) to see the sensitive info (connection info,passwords etc) The package will still open and so far as you manually type in missing values you will be able to execute the package. If protection level is set to one of ENcrptAll
  then you will have no way to open package itself unless you provide password/ have correct userkey.
  The rely on server storage option uses sql server security context itself ie it doesnt do any encryption within package by itself but will assume values based on sqlserver security. This is used when you store package itself in SQLServer itself (MSDB)
  Please Mark This As Answer if it solved your issue
  Please Vote This As Helpful if it helps to solve your issue
  Visakh
  My Wiki User Page
  My MSDN Page
  My Personal Blog
  My Facebook Page

• SCCM 2012 R2 - Setting security Role for SCEP reporting shows nothing.

  Have an issue.
  I've created a new security role for a user so he can view reports about Endpoint Protection(Just copied Endpoint Manager role and set all permissions to Read) .
  But when user runs reports, he gets nothing:

  Try setting the "Audit Security" permission to Yes on "Collection" within your custom security role.

• Roles for showing reports only

  Hi experts,
  I have created one role in PFCG for BEx in which it is showing like this:
  Infoarea -> Infocube -> Reports
  Now I want to show only reports and to bypass Infoarea and Infocube.
  Please help me to solve this..
  Points assured.
  Vinod.
  Vinod Nagre

  Dear Vinod,
  what I understood from your query is that u dont want to show the BW Objects user  just needs to access the reports. For this do the following
  create one role in pfcg goto menu tab there click other (add other objects) button, select the SAP BW Query URL option -> Create Node window will open there u give the Report text and URL in Object description, then under role menu folder that url will come.
  Assign this role to user.
  When the user login to bw he can see these urls where he can access directly.
  Assign Points please.........
  Best Regards,
  SG

• Role for Access to Web Service Navigator in PI 7.31

  Hi experts,
  Can you please help in regarding which role to provide for web service navigator access in pi 7.31
  Regards,
  Hemantha

  Hi Hemanth,
  Please refer below link:
  https://help.sap.com/saphelp_nw73/helpdata/de/30/2b552f20da49e291c9d26b675f9019/frameset.htm
  Regards,
  Akshay

• Assigning a role for multiple reports

  Hello,
  Is there an easy way (drag-and-drop) for assigning 30-40 reports to a role?
  Now, I'm doing it one by one, with Query Designer
  In PFCFG transaction neither, I couldn't see an easier way..
  Thanks.

  Hi,
  If bunch of queries have some particular naming convention then you can you REP* pattern to assign query to role in PFCG.
  e.g. : REP_ABC , REP_XYZ , REP_MNO etc.. then just assign REP* for these queries.
  Regards,
  Avinash

• Conceptual problem: 2 roles, 1 for access and 1 for allowed activities

  Hello,
  in SAP BW 3.5, I'd like to have separate role for
  - access to something (queries, inforarea, etc.)
  - authorization to perform an action (01 Create, 02 Change, 03 Display, Execute, etc.)
  The driver being that all users will have at least 2 roles, one telling what they can access and one telling what they are allowed to do.
  So far, S_RS_COMP is not that useful because it combines these 2 concepts.
  Any idea, how I may be able to do it?
  Thks in advance!

  Dear "Smurf",
  As you state yourself, there is no obvious solution. Maybe a clarification of what you want to realize could help. Could it be that your distiction between "access" and "authorization for an action" is a bit fuzzy? What I want to say is that to grant access at least means to give authorization "03 Display".
  What you could is to make a distinction between "datamodel access" (S_RS_COMP + RSINFOAREA, ...), "reporting access" (role with report menu) and "content access" (role with content based authorization objects). Maybe this idea helps.
  Greetings,
  Stefan

• Help Required in Authorization Roles for Workbooks

  Hi All,
  In our project, we have a requirement of creating a role for users with below authorizations.
  1.     Can display and execute the workbooks in the role menu.
  2.     Can create copy workbooks ( Save as) in the role menu.
  3.     Can not delete the original and the copy workbooks from role menu.
  We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
  We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
  Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
  So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
  Thanks,
  Sachin

  Re: Adding report (query & workbook, templates) in roles
  Go through this thread.
  And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
  we have added Auth objects S_TCODE and S_GUI.
  in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
  So that they can just share the workbook. nothing else can be done.
  Try like this. Hope this would help you.

• Problems understanding open text for access, please help

  Hi all,
  I'm experiencing some problems with this script, and I think knowing what the error is will help me a lot to understand better how applescript handles access to files.
  When i launch this script it tells me somethihng like "document some object has not been opened" (could be slightly different in english).
  So, i guess is a problem with openening and closing, but as you can see i open and close the doc, so I shouldn't encounter this problem. Do I?
  Thanks for any tip!
  set Report to "myfile.txt"
  -- in case previously not closed I'll close again
  try
    close access Report
  end try
  set the_file to (open for access Report with write permission)
  write return to the_file starting at eof
  write "test" to the_file
  write return to the_file
  write return to the_file
  close access the_file
  repeat with numero from 1 to 3
    write numero to the_file starting at eof
    write return to the_file
    write return to the_file
    close access the_file
  end repeat

  Each time your application is run the files associated with it will also be released, so all you need to do is make sure that each open is balanced with a close.  This can be done easiest by using a handler that has been tested, so you don't have to worry about leaving something out elsewhere in your script.  For example:
  on run -- example
            set report to ((path to desktop) as text) & "myFile.txt"
    write_toFile_("testing one" & return, report)
    write_toFile_("testing two, three" & return, report)
    write_toFile_("testing again" & return, report)
  end run
  on write_toFile_(someThing, someFile)
    try
      set theOpenFile to (open for access someFile with write permission)
      write someThing to theOpenFile starting at eof
      close access theOpenFile
    on error -- make sure file is closed on any error
      try
        close access theOpenFile
      end try
    end try
  end write_toFile_

• How can i access reports

  Is there any T-code for accessing reports.

  Hi Niti
  You can use SE38 as everyone above has suggested.check f4 or put " * " and search for which report you want.
  You can alalyse the report fields and subroutines etc through the abap workbench or tcode SE80.
  regards
  naag.
  please reward if it is useful.

• "Low-level" authorizations for accessing BW reports - add users to role

  Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
  Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.

  Hi!
  i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
  with regards
  ashwin
  <i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN.  you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i>

• Roles & Authorizations for Web Reports...

  Hello Experts,
  We are newly implementing Web Reports in our organization. I need your great thoughts regarding implementing Authorizations for users to access the reports.
  We are using a report menu page that contain links to all the reports. The page opens by clicking on a link on the portal. The individual reports are basically accessed from this page by clicking on the corresponding button (links a URL ).
  I wonder if there is any way to look into the menu page (XHTML code of that web page/application) when ever the users click on the reports link and disable those buttons that the users are not allowed to access depending on the roles users are assigned to. Otherwise is there any better way to do it.
  And also how to call a function from web applications.
  This is a kind of urgent issue any quick ideas would be greatly appreciated.

  I apologize for the difficulty in reading this  I will repost.
  We have had no training or received any documenation on WAD.  The below was created from internet research.  Hence there may be WAD functionality that would allow easier maintenance, however; this is what we use.
  With our dashboard, I have a web template that contains hyperlinks for our reports.  I will call this HeaderTemplate1.  For each web page I have report templates.  These report templates have the HeaderTemplate1 mentioned above as well as the report tables, charts, text elements, tabs, etc.
  The JavaScript logic for accessing the urls of the specific report templates is contained within our HeaderTemplate1.
  Below is how our setup was tested.  Keep in mind, this was only for testing basic functionality.  If this is something we use I will most likely create a master data table that houses the user ID and an attribute for the header type.  Thus, any report menu changes can be altered quickly without changing the javascript of each report template.  Also this will accomodate the few thousand users we have.
  To add the functionality of different 'menus', I created another header template with the same hyperlinks of HeadertTemplate1 with the exception of one or two hyperlinks.  This, HeaderTemplate2, was added to each report template just below HeaderTemplate1.  Note that both HeaderTemplate1 and HeaderTemplate2 were set as visible on each report template.
  Also, on each report template I added a text element.  The 'List of Text Elements'property was set as such; Element Type = General Text Sympol,  Element ID = SYUSER.  This Text Element was linked to a query  or view from BEx via the dataprovider.  On the HTML side, I surrounded this Text Element with
  <Font ID="UserID",,,textelement....</Font>
  Each Report template has this javascript function, fnRepOnLoad, which is triggered at the OnLoad event.
  [<SCRIPT language = "JAVASCRIPT">                       
    function fnRepOnLoad()
      var user_ID=document.getElementById("UserID").innerHTML;
      if (user_ID=='USER123')
        document.all["HEADTMPLT1"].style.visibility = 'hidden';
        document.all["HEADTMPLT1"].style.position = 'absolute';
      else         
        document.all["HEADTMPLT2"].style.visibility = 'hidden';
        document.all["HEADTMPLT2"].style.position = 'absolute';
  </script>
  The function results as this.  If the user is USER123, HeaderTemplate1 is hidden, leaving only HeaderTemplate2 visible.  Otherwise HeaderTemplate2 is invisible leaving on HeaderTemplate1 visible.
  We do not use buttons as our global leaders prefer hyperlinks but buttons can be enabled or disabled similarly.
  As mentioned before, if this method is implemented, I will create a reportable master data table.  Create a customer exit variable to retrieve the header template required for the user.  This header template variable value will then be pulled by a text element on each report template.  The script function will act as follows.  If many report headers are necessary I may use a case statement.
  Var User_template=document.getElementById("UserTmplt").innerHTML;
  If UserTmplt = HeaderTemplate1
  -->  make all header templates other than HeaderTemplate1 invisible
  else
  -->  make all header templates other than HeaderTemplate2 invisible
  etc...
  I hope this helps.  Please keep me posted with your solution.  I am very interested to learn what others are doing.
  Best Regards,
  Larry

• Requesting to remove roles for the direct report's in OIM 11g R2

  Is it possible to have the manager log into OIM and request to remove roles for one of his/her direct reports? You can only add roles from the catalog interface.
  Thanks

  Search the user
  Go to the Roles Tab
  Select the Role
  "Remove Role" link will get enabled
  Click that link
  Submit
  Request ID will be generated
  For SELF REQUEST:
  Go to My Access Form
  And do the same thing