SAP BI authorization relevant
All,
I tried to create a custom authorization object for an infoobject otcaactivity (just for eg) .Before that I used RSD1 to make that infobject authorizartion relevant.But after that I inserted the infobject which is made as auth.relevant to the custom object and tried to assign value for the intervals.I got an message as the characteristic value is not authorization relevant...why is that?I tried in sand box..is it any way related to info cube which is not yet created for the particular info object in the sand box thats the reason I get error message ?
Whats the reason to secure characteristics and key figure values?
Hey,
Activating business content mean making authorization relevant?
For BW3.5 there is no need of the mandatory info objects?(0TCAACTVT ,0TCAIPROV ,0TCAVALID ,0TCAKYFNM)
Whats the difference between securing through reporting authorization object and securing through BI specific object??
Thanks
Similar Messages
-
Report data restriction based on SAP ID - Authorization in BI 7.0
Hi Friends,
In our project the requirement of restriction of report is as follows.
There are two reports
1. Carrier View Report
2. Carrier Drilldown Report
Carrier View which is on Multiprovider is main report and Carrier Drilldown report, which is on DSO (ODS) is RRI report.
Carrier Vendors (these are vendors taking care of transporting the goods to customer locations from plant) will be viewing these reports. We have a master data maintained for Carriers as Carrier ID. The report has this Carrier ID in rows. Each carrier vendor would be given a SAP ID for logging into BW WEB reports.
Security Requirement: When a carrier execute report, the data in the report should be restricted to Carrier ID associated with the SAP ID which he is using.
Kindly suggest us the steps to do it, I am not basis person, but I need to help him.
Thanks and regards,
BalarajHi Balaraj,
You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI. Use transaction RSECADMIN to create authorizations and user assignments.
You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
Assign points if you find it helpful.
Regards, Uday -
InfoObject - Business Explorer Tab and field Authorization Relevant
Is their a SAP utility / table / or transaction which can identify a field flagged on InfoObjects.
I would like to determine all active InfoObjects which have the "authorization relevant" flagged on the
InfoObject - Business Explorer tab.
Version 7.0
Thank you ...... danHi Dan,
trIf you have used old analysis authorizations of BW3.5, in transaction RSSM if you click on Check authorization infoobjects for all infoproviders you should find a list of all authorization object which are in productive use.
However, it does not give you the list of object which are marked as authorization relevant and have not been used in any productive cubes.
Try table RSDCHA in se16. CHARNM - Put your char name and in OBJVERS put A. Authorization relevant flag would be 'X', if it is marked for authorization relevance.
Hope it helps,
Regards,
Sunmit. -
Hello,
I have developed some reports for HR using InfoCubes 0PAPA_C02 and 0PA_C01. My reports are based on Company Code, Personnel Area, Country Code.
The Problem that I am facing is how to restrict employees related data based on company Code, Countries, Personnel Area.
I have tried to create Roles in RSECADMIN but some how values in the queries are not getting restricted.
Please Help.
Anil KachruHi Balaraj,
You can use <a href="http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm">Analysis Authorizations</a> in BI. Use transaction RSECADMIN to create authorizations and user assignments.
You need to declare Carrier ID Infoobject as Authorization relevant. Analysis authorizations are not based on authorization objects. Instead, you create authorization for each carrier that include Carrier ID characteristic and some restricted value(s) for the characteristic. You can then assign this authorization to one or more users(SAP IDs). When ever a query with Carried ID is executed, It checks for the analysis authorizations and hence he can acess only those values that are assigned in his own authorization.
Instead of assigning the corresponding Carrier IDs values for each authorization manually, you can create a single authorization for Carrier ID and fill in the values of the authorization using <a href="http://help.sap.com/saphelp_nw70/helpdata/en/91/a62c42fb6fdd2ce10000000a1550b0/frameset.htm">Authorization variables</a>. In this case in the customer exit you need to use the master data maintenance of SAP ID and CARRIER ID and fill in the values of E_T_RANGE depending on the user name SY_UNAME.
Assign points if you find it helpful.
Regards, Uday -
List Database Table Infoprovider, InfoObject, Flag Authorization Relevant
Dear Expert,
Im working with SAP BI 2004s user management & authorization. I have several objects that Ill have check. I dont like check one by one, I like to check for the SE16 transaction, for this reason, I need to know what is the database table have content Infoprovider by InfoObject (Characteristics) which each have the flag authorization relevant.
Moreover, in the same idea, which database has content Queries by Infoprovider which authorization variable?
Thank for all,
LuisFor your first question:
In addition to be above mentioned table, RSDCUBEIOBJ will give the information about Infoprovider and all the Infoobjects within this infoprovider.
1. Find all the authorization relevant Infoobjects from RSDCHA table and copy them.
2. In the table RSDCUBEIOBJ, paste all the Infoobjects obtained from 1 in the field "Infoobject". The result will be list of Infocubes and their corresponding authorization relevant Infoobjects. -
InfoObject 0TCAIFAREA Authorization Relevant
Do I need to CHECK the InfoObject 0TCAIFAREA as Authorization Relevant for the SAP BI NW2004s NEW Analysis Authorizations concept?
Please advice.
Regards,
Nicolette NguyenHi,
Use transaction rsd1
enter object name 0TCAIFAREA click on display
Click on business explorer tab
there you can find the check box authorization relevant or not
Regards
Ben -
Learning SAP BW authorizations structure and hierarchy - concepts
Hello Experts,
I need a good document for learning Authorizations structuring and hierarchy in SAP BIW 3.5 . I am giving authorizations in BIW but do not hv conceptual nd fundamentalistic knowledge of SAP BW authorizations and its structure . Plz send a good document for learning BW authorizations .............................it may be an excerpt frm FU&FU guide. My Email Id is [email protected]
A short but complete SAP BW fundamentalistic , concepts and structure & hierarchy covering document is appreciated.
Requested to revert at earliest as this is very urgent.
Points guaranteed.
Regards,
SomyaHi maheshwari ,
Use these steps for authorizations,
1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
first u ahve to decide which area & on which Infoobject.
2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
2.after that U Have to goto RSSM there u have to create authorization object
Ex: Zxxx ( XXX is Infoobject Name ).
3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
4.next goto PFCG create role & save it
5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
7.click generate +enter
8. goto user tab Enter userId+enter + click on usercomparision+ enter
9.save the role.
FOR HIRARCHIES:
1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
2. there u have to select Hierachy on which u have to apply authorization.
Thanks,
kiran -
Updating users profile when infoobject marked as authorization relevant
Hi All,
Consider a scenario where there are some projects in which perticuler infoobject is not authorization relevant but in some upcomming project the same infoobject needs to be authorization relevant.but when i marked this infoobject as authorization relevant then i need to manually insert this new authorization infoobject in each user profile. If there are more than 200 users available then it is not very good idea to include this infoobject in each profile manually. Is there any other way through which we can insert this infoobject in all user profile automatically.
Regards,
DeepakHi again.
Go to transaction se38 and create a program with the name ZCHANGE_APPEND_AUT.
Insert the following code:
REPORT ZCHANGE_APPEND_AUT .
TABLES RSECVAL.
DATA: T_RSECVAL TYPE RSECVAL OCCURS 0 WITH HEADER LINE,
T_RANGE TYPE RSEC_S_AUTH_VALUES_RANGE.
SELECT-OPTIONS: ZAUT FOR RSECVAL-TCTAUTH NO INTERVALS.
PARAMETERS: ZOBJN LIKE RSECVAL-TCTIOBJNM DEFAULT '0TCAIPROV'.
SELECT-OPTIONS: ZVALUES FOR RSECVAL-TCTLOW NO INTERVALS.
LOOP AT ZAUT.
LOOP AT ZVALUES.
T_RANGE-IOBJNM = ZOBJN.
T_RANGE-SIGN = 'I'.
T_RANGE-OPT = 'EQ'.
T_RANGE-LOW = ZVALUES-LOW.
CALL FUNCTION 'RSEC_INSERT_FLAT_AUTH'
EXPORTING
I_AUTH = ZAUT-low
I_RANGE = T_RANGE.
CLEAR T_RANGE.
ENDLOOP.
ENDLOOP.
Activate the program.
Now when you run this program you'll be prompted for 3 parameters.
The first is a list of Analysis Authorizations names that you wish to change.
The second is the name of the InfoObject you want to insert to those authorizations, by default is 0TCAIPROV but you can change it to whatever you want
The third is a list of values that will be inserted for those InfoObject.
Therefore imagine that for authorization ZZZA, ZZZB and ZZZC you want to insert the object 0CUSTOMER with the values xpto, yyyy, and wwww.
You would in this case run the program with the following parameters:
AUT:
ZZZA
ZZZB
ZZZC
OBJN:
0CUSTOMER
VALUES:
xpto
yyyy
wwww
Please assign points,
Diogo. -
Authorization Relevant Infoobject restriction for particular value
Hi All,
We have infoobject - 0COMPCODE which is authorization relevant. In query designer authorization variable - ZAUTH1 has been created.
Now users want to restrict one particular Company Code (Ex- RU10) globally, so that none of the users will view this particular company code.
We can't restrict this in query designer. Users can select among the company codes in the input selection of the report.
Authorisations have been mantained in BW3.5 version
Need help on this urgently.Hi Asish,
Two ways.
1. You can exclude the company code in the default values section, so that they would be able to view it in the list they see.
2. You can exclude it in the authorizations assigned to the roles of the users. Give all the company code values in the authorization, except this company code, so that since the auth variable is createed in the query, you woulld view only the company codes that are authorized.
Hope this helps.
Regards
Snehith. -
How can I activate 0CURRENCY as Authorization Relevant?
Hello gurus,
I have many reports that use 0currency in the parameters in order to use a certain currency. How ever we want to restrict the options using authorizations.
When I tried to mark 0currency as authorization relevant, i couldnt do it. There is no tab of business explorer where I can mark it.
¿Does anybody knows how? or if it is not ossible, ¿how can i solve this problem?
thank you!
David GuerraStandard unitinfoobjects dont have Bex tab...if we use customized infoobjects we can
-
Table name for authorization relevant InfoObjects
Hi Gurus,
In which table I could see all Authorization relevant InfoObjetcs ?
Thanks
LizaHi,
Table RSDCHA, field AUTHRELFL.
or
1. Go to RSSM t-code
2.click the radio button Authorizations for several users there u have to enter ur login Id name
3.right hand side 1 spects symbol is there for disply-- click on it.
It will show u all authorisation Infoobjects for u.
Try this link. this might be helpful.
Program to find the list of Authorization relevent info objects for given
Regards,
Haritha.
Edited by: Haritha Molaka on Dec 7, 2009 5:47 AM -
Authorization Relevent Scenarios
Hi All,
I need a help of your suggestins to get a proper way to write my thesis over New Bi Authorization topic.
I want to ask you what are the possible authorization scenarios you can think according to your experience.
for example
I have few of them
1.Restriction to the one value of an InfoObjects.
2.User has access to two projects in one project he has access to few material plant while in other project he has access to all material plant.
3.You have for an InfoObject the checkbox authorization relevant has activated. What are the effects of this on other projects.
4.How Authorization to the hierarchy nodes are defined.
5.How combination of value authorization restriction and hierarchy authorization is working.
can you think more of such scenarios.
Please forward me as meny possible authorization scenarios you can think.so that i can implement these scenarios as an prototype and it will be helpful to me to write my master thesis.
Hope for the positive and quick answer from your side.
With Best Regards And Thanks,
DeepakWell,
User has access to one key-figure for one project and all key-figures for another project;
User has automatic filled authorization while executing a query;
User has his/her authorization automatically filled in a user exit while executing any query;
User has access to company code has a navigational attribute authorization with for example 0PLANT__0COMP_CODE instead of 0COMP_CODE and even for example 0PLANT is not marked as authorization relevant;
User has access in one project to view the data (executing queries) and in another project he/her has access to plan the data (write data);
Diogo. -
Authorization Relevant Info Objects
Hi Experts,
In my Business scenario,Profit center infoobject is
authorization relevant for FI reports.In my FI reports,I have used profit center authorization variable.FI reports are working fine according to the authorizations.
In sales Report,users should be able to see all profit
centers(No Authorization needed for sales report)
In my sales Report,I have used value based non authorization variable.When I run the sales report,I am getting authorization error
How can I make profit center authorization relevant for only FI
Info Area?
Can Some one help me in solving this problem?
Thank you in advance.
Reward Points expectedHi Senoy,
I suggest the following steps,
1. You should list all of Sales Report, after that you need identify all of InfoProviders of this sales scenarios.
2. In base of the InfoProviders sales scenarios, you need list all of InfoObejct authorization relevant of this scenario. In case of the "0PROFIT_CTR" is part of the InfoProvider sale scenarios, you need include in your authorization with the follow value "*" (total access) or ":" (acess agregation).
3. For avoid future problem, the InfoProviders sales scenario have to be different of InfoProviders FI scenario. Otherwise, you will have the same condition in both scenario with the 0PROFIT_CTR.
I hope help you,
Luis -
Error when trying to make an infoobject "Authorization Relevant"
We are getting the following message in German when we try to make an infoobject - 0PERS_AREA "Authorization Relevant" (using RSD1), Can anybody help us in translation of this nmessage and possile remedy. In fact, I tried other infoobjects as well lke 0ORGUNIT, 0EMPLOYEE, etc with the same message.
"InfoObject 0PERS_AREA: Keine Berechtigung, um die
Berechtigungsrelevanz zu ändern"
Thanks
Rajhi raj,
You should do first this :
1. Goto RSA1->Click on Infoobjects->Select ur Infoobject(0PERS_AREA )-> rightclick->select Change It will give Change Characteristic screen in this screen-> click on Business Explorer Tabstrip observe in general settings vey below ur having one <b>check box for " AuthorizationRelavent"-> check that check box --->save +Activte.</b>
next u have to follow these steps :
1.before going to authorizations u have to decide on which Infoobject u have to apply authorizations.
EX: SD--- Sales Org, MM -> palnt ,purorg,FI> companycode.
first u ahve to decide which area & on which Infoobject.
2.goto that Infoobject --> change there check the checkbox Authorization relavent object cahechbox
2.after that U Have to goto RSSM there u have to create authorization object
Ex: Zxxx ( XXX is Infoobject Name ).
3. In the same transaction Screen u have Infocube selection radio Button check that then select on which cube(cube means under that cube all Quaries) u have to make authorization for that perticuler Infoobject.
4.next goto PFCG create role & save it
5.goto Authorization tab in that selct edit authorization it will give automatiaclly authorization Templates in that u have to select only S_RS_RREPU & press Enter.
6. Select manual pushbutton it will ask authorisation object enter ur authorization object what u have created ( zxxx) .
7.click generate +enter
8. goto user tab Enter userId+enter + click on usercomparision+ enter
9.save the role.
FOR HIRARCHIES:
1. goto RSSM There u have one rediobutton called authorization hierarchy ( this radio button is very below the RSSM screen)
2. there u have to select Hierachy on which u have to apply authorization.
Thanks,
kiran -
Making 0PROFIT_CTR Authorization Relevant (RSECADMIN)
I am in need on restricting certain queires to run, based on specific Company Codes and Profit Centers.
I have made so far, only Company Code (0COMP_CODE) authorization relevant.
If I make Profict Center (0PROFIT_CTR) authorization relevant, should the existing queries be affected ?
In other words, when a user runs existing queries (which require to pass a Company Code), could it be
asked to provide the Profit Center as well [I won't insert the Profit Center (characteristic 0PROFIT_CTR) in the authorization ] ?
Best regards,
TomIf you are on BW3.5 authorization concept, all the queries should not be impacted if those are on different multiproviders (as in BW3.5 concept you can select which object is to be authorization relevant for a multiprovider). If you need profit center to be authorization relevant for one query, all other queries on the same multiprovider will be impacted and if you do not want to add profit center characteristic in all the queries, you will need to create a role with : (colon) access and assign it to the users.
In 7.0 authorization concept, a authorization relevant info object will impact all the queries on all multiproviders. If you dont want to use profit center as auth relevant for some multiproviders, you will have to take care of it with functional role for that multiprovider or you can use : (colon) data access role.
Regards,
Gaurav
Maybe you are looking for
-
Using a portable digital recorder with MAC
my bad - I just bought a panasonic portable digital recorder (about $70). I was assuming I could use it with my Mac OS X - I don't know why I assumed that, I just took it for granted that these recorders were like digital cameras, they would automati
-
I have an iPhone 3 g and my computer is so old that syncing takes 5 hours and it freezes so I was wondering my iphone the home button stopped working and my mom offered me her iPhone 3GS and I have apps that I like and was wondering if I have to pay
-
Hii all, I am having a problem with AOL mail. I don't know if its related to upgrading to 1.01 but it just appeared after upgrading yesterday. If I have read all the messages in my inbox the mail counter on the home screen indicates -1. When I'm in t
-
Prime Infrastructure 2.0 Device Configurations
We use PI 2.0 physical appliance. Is it possible to save a shadow copy of the configs so that you get config in filesystem? We want to save the configs to an external server. Actually we are using this feature in LMS. Regards
-
Oracle Service Bus - WS Policy
Hello everybody I have the following problem: I have a Proxy Service of OSB and I call from JDeveloper withouth problem. Also I can execute the proxy When I add the policie Auth.xml I can't execute proxy service and I get the following problem: BEA-3