SAP HR Authorization issue

Similar Messages

• Sap bi authorizations issue with query designer..

  i am using bw 3.x and bi 7 query designer with different kind of probs?...
  i am able to see the info provider  in query desinger 3.x. but i can see only cubes .i am not able to find dso or infosets or multiprovider.. can anyone suggest is there any authorizations issues..please suggest.
  and with BI 7 query designer i am not able to see info providers in info areas folder to design a query..
  please suggest if any authorizations should be added or not

  hi suman chakravar,
  thanks for replying,
  can u be little bit clear about the steps.
  i went to tcode su01 and entered profile 0bi_all..it doesnt work.
  and executed tcode su56.there i can find list of BI related authorization profiles
  i added s_rs_all profile to my user. even then i face the same problem.
  i can see only queries in query designer of bi 7 format and i can not view info providers.
  i can view only cube and infosets and i can not view dso and multiproviders in bw 3.x type query designer
  Edited by: satishchow on Dec 14, 2011 3:23 PM

• SAP BI Authorization issue

  Hii,
  User A with ZALL auth can see the data OF PROJECT ABC for same query .
  But user B with project specific authorization OF PROJECT ABC can't see the data.
  note: no error of no authorization .seems to be some object auth issue.
  Regards,
  Akshay

  Hi,
  enter the T-CODE - RSECADMIN -> select analysis table -> select execute as -> give the user name -> select with log -> select RSRT -> select start transaction -> now it will show which error your facing.
  then based the resolve the problem.
  Thanks,
  Phani.

• Authorization issue - help request

  Hi guys,
  One of the consultants is having an authorization issue ( He is not abele to run a t-code)
  I ask him to run a su53 report and i am not sure how to proceed with this.
  Please help.
  Here are the details from the SU53 report.
  DISPLAY AUTHORIZATION DATA FOR USER VYXXXX
  User : VYXXX                       profile parameter authorization buffering    4
  Authorization Object: F_KNA1_GRP
  Description
  Authorization check failed:
        + Authorization object F_KNA1_GRP Customer Account Group Authorization
              Activity                                08
              Customer Account Group     ZM01
  Users Authorization Data :
        +  Authorization object F_KNA1_GRP Customer Account Group Authorization
                 Authorization  T-PD19002300
                Authorization  T-UG39000900
                Authorization  T-UG39001000
  Please help me guys what need to  be performed.
  Regards,
  Vamsi.

  Hi Vamsi,
  SU53 shows us the last failed authorization for a user. However, it might not only be the failed authorization object failed.
  Hence, "just to learn" , you can use transaction ST01 to enable and run a trace for particular users. Be sure to use in a test environment first, and with proper filters. (for a particular user only).
  Then check-> which auth object is failing.
  RC=4 means a object value is failing.
  RC=12 means an object is missing!
  Check, which tcode is calling that object and this tcode is present in which role. Then.........proceed.
  You can check the SAP documentation on running traces on the help portal of SAP.  I think you will find the answer yourself by troubleshooting more and may be massaging some test roles here and there!
  Likewise, if you are new to security, I would encourage you to start by reading some books on SAP security. Authorizations made easy is a good book to start with.
  Let me know if you have any questions
  EOD for me :P . take care
  Abhishek

• Authorization issue - need to know the Role providing this access

  Hi,
  User is facing an authorization issue below:
  "You donot have authorization to display DataSource 2LIS_06_INV, Component MM" and
  "You donot have authorization to display DataSource 2LIS_11_VAITM, Component SD"
  Kindly let me know what Role is missing from the user's profile?
  Thanks and Regards,
  Sachin
  SAP Security Consultant

  Hi Murali,
  It helped.
  I found out the BW Data Support role for the object S_RO_OSOA and when checked it was already in user's profile but the missing part was user Comparision for that role.
  I did user comparision and then user is able to view the below DataSources....
  Thanks for your help, it triggered to find the root cause.
  Thanks
  Sachin

• Authorization Issue in WebUI (also ST01 question)

  Hi All,
  we are implementing new CRM 2007 and users will be working with the WebUI mainly in the future. Now here is something strange that we found out:
  When a user logs on to the Web UI and enters some sales transaction trying to add a new material he would use the F4 help to find the right material number. In our case he recieves an authorization error hindering him to display ANY materials (seems to be an authorization issue).
  But there are two strange thigs. When the user logs in to the old SAP GUI and triggers transaction CRMD_ORDER and accesses the very same transaction, trying to add a material and issuing the F4 help to recieve the material number it works! No authorization issues!
  Second strange thing that we discovered while investigating on this issue: The system trace ST01 seems to apparently not be working with WebUI. We can fully trace all authority checks for the latter case (when user logs in to SAP GUI), ST01 does not return ANY checks when being turned on while a user is working on WebUI.
  Any one of you experts out there any suggestions? Any experiences with that kind of traces and WebUI?
  Thanks in advance
  Alexander

  Hi All,
  I seem to have found the reason for both of my questions:
  1. Authorization objects checked in CRM WebUI are not at all the same as the ones checked in the CRM backend, i.e. in the old SAP GUI.
  2. There seems to be a known bug in transaction ST01 due to which no trace protocol at all is shown sometimes if too many authority checks fail. That's why it is apparently wise to run the authorization trace only with a high privileged user e.g. SAP_ALL to make sure the resulting protocol is accurate.
  Thanks, I will close this thread
  Alex

• Trouble-shooting SAP BEx authentication issues

  Hi Experts,
  When I am faced with an authorization issue in Business Explorer, it is quite troublesome as it is not as simple as executing SU53 and finding out the missing authorization objects.  SU53 does not seem to work on Business Explorer (i.e. executing Queries, etc.).
  In this instance, the user is running a query and receives the error message pop-up in Excel:
  Error Specifying a value for variable Fiscal Period "Base Period"
  I know this is an authorization issue as assigning a certain role corrects this and the Query will display to the user the proper fields to input values.  However, what is the way I should go about trouble-shooting authorization issues such as these in the future?  SU53 certainly doesn't work in this instance, is there something else I can use for Business Explorer?

  Benjamin,
  SU53 has never worked for BEx.
  For SAP BW 2.x and 3.x you can use [ST01 |https://www.sdn.sap.com/irj/scn/wiki?path=/display/plm/authorization%252btrace%252b-%252bst01]for technical authorization objects and [RSSM|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bw_bex/~form/handler] for data-authorization
  In SAP BI 7.0 you can use [ST01|https://www.sdn.sap.com/irj/scn/wiki?path=/display/plm/authorization%252btrace%252b-%252bst01] for technical authorization objects and [RSECADMIN|https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes/sdn_oss_bw_bex/~form/handler] for data-authorization
  Kind regards,
  Lodewijk

• Authorization issues on opening a dataset

  hello,
  I am not sure if this is the correct forum for this or not.
  I have an ABAP program that was written before I got here that performs the following statement
  OPEN DATASET w_file FOR OUTPUT IN TEXT MODE ENCODING DEFAULT.
  where w_file is a file on the app server. the users that run this program have no issues.
  I have made a copy of the program to add some additional functionality and when the users run this program, the program is abending with the following error messages when trying to execute the same command stated above
  Runtime Error OPEN_DATASET_NO_AUTHORITY
  Except. CX_SY_FILE_AUTHORITY
  I have talking to the security person and he is going to make another role with the authorizations needed to run the program but I am curious as to why the same person can run the one program successfully and my program (which does basically the same thing when it comes to the file processing) abends with the authorization issue.
  thanks in advance for your help

  Hi Timothy
  Well it is the correct forum
  When ever your accessing the file system the authorization object S_DATASET is checked.
  This object has Filename, activity and <b>program name</b> as input parameter.
  Best Practice would require you to limit access as much as possible, so my guess is that access only has been given to the original program, and not your new one - that's why your getting the ShortDump.
  You can find the documentation here: http://help.sap.com/saphelp_webas620/helpdata/en/fc/eb3d5c358411d1829f0000e829fbfe/frameset.htm
  Regards
  Morten Nielsen

• Maintain Text PA - Authorization issue?

  Hi experts,
  I'm having a problem when updating text in infotypes using "Maintain Text" (F9). Most user's SAP GUI block when trying t access the text window (after clicking Maintain text). SAP GUI just freeze (no message). It's the only time I have got an error like this.
  Since some users are able to maintain text, do you think it could be an authorization issue?
  Could you please show me which authorization object should be customized to let them to maintain text?
  If you think is not an authorization issue, any idea?
  I would really appreciate your help since I run out of ideas...
  Thank you very much
  Chema

  Hi Dilek,
  thank you for your help. SU53 shows a problem with authorizations for P_ORGXX (R, ,,,,) for people who can't maintain text, but it also show a problem with P_ORGINCON (R,,,,,,,) for people who can.
  I know these two authorization object are related to infotype read/writing, but it is also related to maintain text feature?
  MS Word comment seems a posible explanation, because since SAP GUI blocks should be any local configuration issue, but still all computers has the same version and instalation.
  Thank you again for your help
  Cheers,
  Chema

• PA30 Display Facsimiles Authorization Issue

  Dear All,
  I am facing one authorization issue in PA30 Transaction. User trying to display the archived documents from PA30 > Extras > Display All Facsimiles, when user trying to execute he is facing the below authorization issue.
  You have no authorization to display the facsimile
  Message no. PG424
  I have analyzed this issue this is lack of infotype authorization, but I am not sure which infotype we have to give under P_ORGIN authorization object. SU53 not showing anything for infotype, it is showing  ' ' in infotype.
  I checked the below SAP notes also.
  1562091 - Display all facsimiles: Incorrect Message PG424/PG425
  1990223 - HRFORMS : Can not view archived documents in PA20
  373063 - Authoriztn for applicnts opticl archv does not work
  User getting access If I maintained Star (*) or (' ') . Please help me to solve this issue.
  Thanks
  Kishore ch

  Hello,
  You can check which Infotype your archived document is linked to in table V_T585O. A user will require read authorization for that infotype as well as an authorization for S_WFAR_OBJ for the document type. If I'm not mistaken you may even need S_TCODE or P_TCODE for transaction SDV.
  Secondly, I would not advise you to rely only on SU53 data for authorization checks as it only shows the last failed authorization check. You'll get a better view on what's going on by using the system trace (ST01) or the authorization trace (STAUTHTRACE).
  It seems a bit odd to me that assigning P_ORGIN with value ' ' for INFTY would solve the problem as that is the dummy value and should match with any other INFTY value your user has. Seeing as he/she has PA30 then I assume he/she will already have an authorization for P_ORGIN. Check the settings in V_T585O for the document type. Maybe someone made a mistake there and left the Infotype cell empty instead of "-".
  Good luck
  Brent

• Secured WebDAV Mounted Volume Authorization Issues

  I use a secure WebDAV mounted volume from myDisk.se and up until the latest Security Update have had zero issues being able to manipulate files and folders as I would on a normal volume. However, since the installation of the Security Update (2009-004 (PowerPC) 1.0) I find weird things happening with this mounted volume:
  1) I am able to mount the secured WebDAV share using my security credentials.
  2) I can create a default "untitled" folder but when I try to change its name, the WebDAV authorization dialog pops up and despite entering the same credentials (why, I am not sure as the volume has already been properly credentialed in order to be mounted), access is denied.
  3) Trying to create a file within a folder on the mounted WebDAV volume I previously created pre-update causes the same authorization issue.
  I have no other WebDAV shares I can try to mount from any other companies so I am not sure if this is a myDisk issue or one borne from the Security Update. I am not a .Mac/MobileMe user and that info is not filled out in System Preferences. The internal hard drive has been meticulously maintained with Disk and Permissions repair being run both before and after each and every software update installed. Likewise, the volume's structure is also checked both before and after and shows no need for repairs.
  Any ideas? Perhaps there is a corrupted file somewhere that's affecting the authorizations needed by this third-party WebDAV volume?
  The machine that has this problem is the last model iBook G4/1.33GHz 12" display, 1.5GB RAM, and a 100GB 5400rpm HD which replaced the stock OEM 40GB 4200rpm drive about one year ago.
  I'm not willing to do an Archive and Install at this point as the loss of the WebDAV access to my online volume is not critical. Inconvenient as heck but not to the point where I'm willing (or able) stop my normal work to spend the hours it will take to get WebDAV access back.
  Thanks in advance for any insights.

  same problem here with webdav, I can't mount my idisk from university network on Mac Pro 10.5.3 (although it mounts fine from home network on both ibook and PMG5 10.5.3). Everything was fine with 10.5.2 and I already re-installed 10.5.3 combo. Other bugs as well with .Mac prefs (keeps crashing, sometimes it shows the available space on idisk but still no mounting, with error -35 or -8086), but .Mac sync is OK
  Jun 11 12:34:21 webdavfs_agent[579]: mounting as authenticated user
  Jun 11 12:34:22 kernel[0]: webdav server: http://idisk.mac.com/[username]/: connection is dead
  Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 received VQ_DEAD event (32)
  Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
  Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 type 'webdav', mounted on '/Volumes/[username]', from 'http://idisk.mac.com/[username]/', dead
  Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
  Jun 11 12:34:22 KernelEventAgent[75]: tid 00000000 found 1 filesystem(s) with problem(s)
  Jun 11 12:34:22 kernel[0]: webdav_sendmsg: sock_connect() = 61
  Jun 11 12:34:52: --- last message repeated 1 time ---

• BI 7.0 Analysis Authorization issue: some reports displaying a blank page.

  Hi All,
  This is regarding BI 7.0 Analysis Authorization issue.
  Overview:
  we have restricted some queries at infoobject level.
  Issue:
  a. For some of the queries, we can see the selection screen but when we try to execute the query by clicking on the execute button (Queries WAD) we get a blank page, meaning nothing is displayed on the output (white/Blank screen).
  b. When we execute the same query through RSRT, we get a message which says "Disconnecting from BW server..".
  c. Let me explain further on this. Basically we are doing this in order to have limited access to Auditors at the client side. At the same time normal users should not get impacted due to this, hence we created two roles. One for normal users and other for Auditors.
  d.  Now the thing is that we execute the same report with normal user ID's the report executes properly and displays the output. it does not show the blank page.
  e. But when we execute the same report with Auditors ID then we get a blank page.
  Any idea why this is so?

  Hi Neha,
  I tried the below also,
  GL Acnt
  I EQ 0000134010
  I EQ :
  but still it didn't work.
  No Infoobject is missing in Authorization Object.
  For your point, "rsecadmin - > analysis -> execute as -> check for the desired user & analyze the log" it didnu2019t allow me to analyze, since as soon as click on execute button a pop-up comes up saying "Disconnecting from the BW server..."
  As mentioned earlier also it is giving me the below message,
  ""I>> Row: 103 Inc: AUTHORITY_02 Prog: CL_RSR_RRK0_AUTHORIZATION                                                                       RS_EXCEPTION        301CL_RSR_RRK0_AUTHORIZATION                         AUTHORITY_02"
  Kindly suggest, since this is a show-stopper for us!
  Thanks,
  Ishdeep Kohli.

• Variable screen/variant screen authorization issue

  HI All,
  We have implemented standard Cost Center Overview Report(0SR_C02_Q0002) in BI 7.
  We have three selection fields:
  1.Company Code which is mandatory
  2.My controlling Area which is also mandatory
  3.Costcenter which is not mandatory
  The requirement we are facing over here is that in the Variable screen/variant screen when I enter a company code, then I need to display dynamically only those "My Controlling Area" values which are assigned to that particular company code and not all. In the same way after selecting the appropriate "My controlling area" value, I need to display only those cost centers in the cost center selection field which are assigned to the selected company code and My controlling area combination and not all.
  can anyone guide me on how to go about on this authorization issue at the variable screen itself.
  Please treat this issue/requirement on high priority.
  Appreciated in advance.
  Regards,
  raps.

  Hi,
  I think that an alternative to solve your concern could be using Web Application Designer (WAD).  In this respect, there are several design options, with different levels of complexity.
  As the simplest alternative, you could create a WAD including your query and three Dropdown Boxes: one for Company, a second for Controlling area and another for Cost center.  The four mentioned elements should be linked to the same dataprovider so, when you select a company, the options in the other two Dropdown boxes and the information in the query are updated.
  In order to enforce mandatory filter selection at Company and Controlling area level, you should set NO_REMOVE_FILTER='X' in both two Dropdown boxes, so that "All values" option -which would mean no filtering- is not offered.
  I hope this helps you.
  Regards,
  Maximiliano

• Authorization issue during Jump

  Hi all,
  I am faced with an authorization issue when I am jumping from a BW report into an ABAP report in R/3. The particular BW report is built on a Multiprovider and when I jump to the R/3 report it displays a message saying that I have no authorization to display the R/3 report. Now the issue is that when I run the same report on the base infocube and perform the jump there is no problem. It works just fine.
  Both the multiprovider and the base infocube have the same authorization objects checked.
  Can someone please help?
  Regards,
  Ashmith Roy

  Pls have a look on the below thread:
  Authorization by InfoArea
  Regards
  Ganesh
  *Assign points if this helpful

• Authorization issue in Info spoke

  Hi all,
  I am facing some authorization issue when executing info spoke in process chain.
  Info spoke is working fine in direct Scheduling (both background and Dialog).
  Am getting this error after execution of process chain
  "System error: RSDRC / FORM AUTHORITY_CHECK RSDRC / FORM AUTHORITY_CHECK R"
  "System error: RSDRC / FUNC RSDRC_BASIC_CUBE_DATA_GET RSDRC / FUNC RSDRC_B"
  "System error: RSDRC / FORM DATA_GET RSDRC / FORM DATA_GET RSDRC / FORM DA"
  "Extraction Cube : Error in DataManager API".
  I dont know why this problem comes.
  Can anyone tel me what went wrong and how to solve it.
  Thanks in advance.
  Kind regards,
  Shanbagavalli.S

  Hi All,
      The above issue is getting due to # character in text at end(e.g ljdfsaa##). After removing # characters in text issue got resolved.
  Thansk,
  Manjunatha